CASE STUDY – WEB SERVICES SECURITY TESTING FOR LEADING ENGINEERING SOFTWARE PROVIDERS FOR MARINE INDUSTRY

  • Objectives & Challenges

    1      Setting up a Security test lab for testing the WCF  communication

    2      Security assessment for WCF  based communication

    3      Third party security testing

    4      Build awareness  in client teams and development teams through training

    5      No user input points in application

    Approach

    1      Product Knowledge  acquisition

    2      Cross training of the teams for security awareness

    3      Designing assessment approach to trap the communication traffic and detect vulnerabilities

    4      Test the communication channel for attacks like Spoofing, DoS, Data Tampering, Information Disclosure etc

    5      Detailed analysis of the vulnerabilities found

    6      Reporting with possible recommendations

    Benefits

    1      Detection of security threats  in the implementation of newly launched communication channel – WCF

    2      Risks identified before integration of  WCF protocol  framework into new product

    3      Successfully met critical deadline for the project

    4      Recommendations and countermeasures for reducing risk levels were suggested 

    Tools Used

    1      Wireshark

    2      Nessus

    3      Nmap

    4      WebScarab

    5      Minifuzz

    6      ParosProxy

     

     

© Copyright Anzen Technologies.