Topic
  • 1 reply
  • Latest Post - ‏2012-09-13T12:51:39Z by bbrazeau
SystemAdmin
SystemAdmin
403 Posts

Pinned topic Scanning Web Services with WSDL

‏2012-09-12T09:01:06Z |
Hey,

Is there a way to use AppScan Standard Edition to scan a web service without a WSDL. Could it be done by recording a set of example requests the service?

When I create a new scan and select Web Service, it seems to require that a WSDL be entered.

Thanks.
Updated on 2012-09-13T12:51:39Z at 2012-09-13T12:51:39Z by bbrazeau
  • bbrazeau
    bbrazeau
    148 Posts

    Re: Scanning Web Services with WSDL

    ‏2012-09-13T12:51:39Z  
    Hi Philip

    For AppScan Standard, for the starting URL, you would still need at least to put the domain name (e.g. demo.testfire.net instead of demo.testfire.net/transfer/tranfer.asmx?wsdl) of where the requests were being sent. If you are going to be using endpoints, you do not need to put the WSDL location as it does not exist, at the very least, just domain you will be security testing. Once this is setup, you can use the GSC to record the endpoint requests and capture them for AppScan Standard.

    -B