Throughout this chapter, we have identified a number of testing methods for web applications. Your challenge is as follows:
Review the information in the web services testing, and expand on this and experiment with the different tools you can discover based on this. As a reference, look at the SoapUI tool. An example of the website of the tool is shown in the following screenshot:
We have discussed the ModSecurity tool. For this challenge, install the tool and practice different types of evasion techniques; additionally, attempt to detect the WAF. See if either of the two methods that we have discussed in this chapter can detect it. Another method of detection is to compare the headers when you intercept them with a proxy. Experiment with and explore it. A quick example of how to install the software is shown in the following screenshot:
This challenge will allow you to explore the testing of Web Services, as well as practice the evasion methods against one of the most popular...