Penetration Test - Planning and Scoping(5)
转载
Penetration Test - Planning and Scoping(5)
SUPPORT RESOURCES
- WSDL/WADL
- Web services/application description language
- XML file with lots of info about web service/application and its interface requirements
- SOAP project file
- Not exposed to the public
- Used by developers in the development environment
- Simple Object Access Protocol - used to exchange info for web services
- Project file provides low-level web service interface details (input/output/server info)
- SDK documentation
- Software Development Kit (SDK) docs help provide info on tools used to develop software
- Swagger document
- A popular open-source framework for developing REST services
- REST is a lightweight API
- The document can provide internal info on REST services exposed to clients
- XSD
- XML Schema Definition - defines XML document content
- Sample application requests
- Well-formed requests, generally to web services
- Useful when testing web services/applications of all types
- Architectural diagrams
- Diagrams of networks and connected devices
- Helpful when determining targets to attack
QUICK REVIEW
- Find out if any internal resources are available
- Look for artifacts from application development
- Also, look for any deployment or support documents
相信未来 - 该面对的绝不逃避,该执著的永不怨悔,该舍弃的不再留念,该珍惜的好好把握。
本文章为转载内容,我们尊重原作者对文章享有的著作权。如有内容错误或侵权问题,欢迎原作者联系我们进行内容更正或删除文章。