AnsweredAssumed Answered

Scanning a SOAP webservice for vulnerabilities

Question asked by Steve P on May 12, 2020
Latest reply on May 13, 2020 by Sheela Sarva

I tried running a Qualys web application scan on below WSDL

and received the error message


"Failed to parse the WSDL due to following error in the WSDL.
Schema Parser Exception : Error while parsing imported namespace Fatal Error in SchemaParser"


I am not posting my actual company URL for privacy and security reasons in a public forum but using

I know  goes to an Error page in Oracle but this WSDL was auto-generated by Oracle weblogic for services it provides out of the box. Oracle SOA(Service-Oriented Architecture) composite is an assembly of services, service components, and references designed and deployed together in a single application and it generated this WSDL. We did not build this WSDL so cannot change this WSDL.


1. Has anyone faced such errors with Oracle SOA generated WSDL with a Qualys scan and if yes, how can this be addressed?


2. Is there a way to tell Qualys web app scanner to ignore the imported namespace error and continue scanning?


3. I see docs for Qualys scanning REST API but is there anything for doing a vulnerability scan for SOAP APIs?


4. Any other suggestions for finding vulnerabilities in SOAP API using Qualys would be helpful. We are using Business Process Execution Language for Web Services