Apache AXIS server pentest
In one of my pentest engagement the scope was to test a website abc.com/xyz/pqr.html and its mobile application. The website seems to be stronger and I was not able to find any vulnerability. So I switched to mobile application. When I was testing the mobile application, I was doing code analysis and found a URL in the code which was invoking a web service. The URL is as follows. https://abc.com/InstaWebServices/services/VersionCheck