Book Image

Mastering SoapUI

Book Image

Mastering SoapUI

Overview of this book

SoapUI is an open-source cross-platform testing application that provides complete test coverage and supports all the standard protocols and technologies. This book includes real-time examples of implementing SoapUI to achieve quality and business assurance. Starting with the features and functionalities of SoapUI, the book will then focus on functional testing, load testing, and security testing of web services. Furthermore, you will learn how to automate your services and then design data-driven, keyword-driven, and hybrid-driven frameworks in SoapUI. Then the book will show you how to test UIs and services using SoapUI with the help of Selenium. You will also learn how to integrate SoapUI with Jenkins for CI and SoapUI test with QC with backward- and forward-compatibility. The final part of the book will show you how to virtualize a service response in SoapUI using Service Mocking. You will finish the journey by discovering the best practices for SoapUI test automation and preparing yourself for the online certification of SoapUI.
Table of Contents (18 chapters)
Mastering SoapUI
Credits
About the Author
Acknowledgments
About the Reviewer
www.PacktPub.com
Preface
7
SoapUI Integration with Jenkins and HP QC
Index

Security testing in SOA world


Service-oriented architecture, as the name implies, is a collection of loosely coupled services which can be over the same or different network. These services talk to multiple databases and share lots of critical information within the organizational services as well as third-parties. The sharing of complex information across multiple WAN and multiple third-party services across enterprises raises concerns for the stakeholders.

Let's have a look at few of the attack types:

  • SQL injection: The purpose of this attack is to gain access to the database or to get an inappropriate response when we pass SQL fragments in the request parameters.

  • XPath injection: The purpose of this attack type is to extract information from an XML database.

  • XML bomb: The purpose of this attack is to result in denial of service for an application. This attacks works by overloading the XML parser recursively by using the entities defined in the DTD.

  • Cross-site scripting attack: This is...