SOAPUI Chinese Operation Manual (v)----Introduction and safety testing

The security testing features introduced in SoapUI4.0 make it very easy for you to verify the functional security of your target service, and you can evaluate the vulnerabilities of common security attacks on your system. Especially if the system is publicly available, even if this is not the case, it is important to ensure a completely secure environment.

1. Create a testcase function (or use existing)

We'll start with including a trusted sample project, import it into your workspace, and open the first test case:

2. Adding security tests

You can see an empty "Security test" node, in the left tree (see), right-click it, select the "New securitytest" option, which opens the following dialog box (if you are using the free version, then read down):

Select "Auto" mode, generate the default security scan, and assert the teststeps in your testcase and then press "Next":

Here you can see that all the security scans and assertions will be added to the security test, press OK to create the configuration described by the security test, and open the Security Test window:

If you are running the free version of SOAPUI, you will only be prompted to enter the name of the security test, and once created you must manually add the security scan and their claims in the teststeps of the test case (read more about the security scan ).

3. Run the safety test

Press the green arrow in the upper-left corner to run the test (make sure the target service or Mockservice is running), and you'll see the progress of each step test being made and the Security Test window that configures the security scan:

You will see continuous progress in the main window as the execution of different security scans, and more detailed information is available at the bottom of the security log.

4. Analysis Results

The security log at the bottom of the Security Test window shows the details of the failed security scan, and in the main window click on a security scan and the log will scroll to the scan entry:

Clicking to view an unexpected alert may indicate a possible security vulnerability to your target service. Double-click each entry to see your actual message exchange.

Here, you can see the XPath injection sent to our logout service operation.

5. Create a report

your manager is pleased that you have passed the report stating that your service is strong and stable; in the Open reports preview Press the "Create Report" button in the top menu:

SOAPUI Chinese Operation Manual (v)----Introduction and safety testing