Ken Johnson

Ken Johnson is a Senior Application Security Consultant performing source code analysis and web application penetration testing. Ken is the primary developer of the Web Exploitation Framework (wXf) and contributes to various open source application security projects. He has spoken at AppSec DC, OWASP NoVA, Northern Virginia Hackers Association.

Application security July 15, 2011 Ken Johnson

Attacking web services Pt 2 – SOAP

In the previous article, we discussed forming a SOAP request based off the operations listed in a WSDL file and automating this task with Buby and Burp Suite....

Application security July 15, 2011 Ken Johnson

Attacking web services Pt 1 – SOAP

I often receive testing related questions from AppSec folks new to web services about the techniques used to discover and attack them. Often, web services are...