Penetration Test - Planning and Scoping(5)

Penetration Test - Planning and Scoping(5)

SUPPORT RESOURCES

• WSDL/WADL
  • Web services/application description language
  • XML file with lots of info about web service/application and its interface requirements
• SOAP project file
  • Not exposed to the public
  • Used by developers in the development environment
  • Simple Object Access Protocol - used to exchange info for web services
  • Project file provides low-level web service interface details (input/output/server info)
• SDK documentation
  • Software Development Kit (SDK) docs help provide info on tools used to develop software
• Swagger document
  • A popular open-source framework for developing REST services
  • REST is a lightweight API
  • The document can provide internal info on REST services exposed to clients
• XSD
  • XML Schema Definition - defines XML document content
• Sample application requests
  • Well-formed requests, generally to web services
  • Useful when testing web services/applications of all types
• Architectural diagrams
  • Diagrams of networks and connected devices
  • Helpful when determining targets to attack

QUICK REVIEW

• Find out if any internal resources are available
• Look for artifacts from application development
• Also, look for any deployment or support documents