Automated API Security Testing for
the Ultimate DevSecOps Experience

Shift your security left with powerful security scans and tests against your most vulnerable services.  Identify vulnerabilities before your application gets a formal security scan.

Try Secure Pro Now

SmartBear Named a Leader in Gartner Magic Quadrant for Software Test Automation

Fit API Security Right Into Your Delivery Pipeline. 

Secure Pro makes it easy to fit security testing right into your DevSecOps or Agile development workflow. With integrations up and down the pipeline, you can store your test cases in a Git repo, commit new code, and have your CI server run those stored tests during every build on nearly any environment - Docker included.

  • Native Integrations with Jenkins, Azure DevOps, and TeamCity 
  • Command-line support for automated testing on nearly any CI server
  • Results can be exported in common formats like jUnit or XML


Types of Security Tests in SoapUI Pro

Boun​dary Scan

Sending in data at the boundary of allowed values or in direct opposition of the allowed values may cause your system to display unwanted information. This scan sends those requests through to see if your API can be breached.

Cross-Site Scripting

This test checks to make sure your API doesn't expose the parameters it uses by displaying the in messages and URLs. 

Fuzzing Scan

This scan injects random text as API requests to provoke unknown errors, buffer overflows, stack traces, or string vulnerabilities.

Invalid Types

This scan sends an unexpected data format in the request so you can validate that the API can gracefully handle input of the wrong data type.

Malformed XML

This scan will insert malformed XML snippets into the API request in an effort to expose sensitive information or potentially crash a vulnerable server.

Malicious Attachment

Malicious attachments can take several forms and have multiple purposes - for our scan, we add and/or replace attachments to the request with invalid or large attachments to seek out vulnerabilities in the server or the code.

SQL Injection

Our SQL injection test can send malicious SQL statements to your API in an effort to access and weaken your databases.

XML Bomb

The XML Bomb sends an extremely large XML file to your API in an effort to create a stack overflow.

XML Injection

This scan injects unexpected XML content and/or structures into the API request in an attempt to disrupt its behavior.

Quick Build Security Tests and Assertions Against Critical API Endpoints

Take your security scanning to the next level by creating assertions against endpoint responses that validate whether or not there is a potential security defect.

  • Import API descriptions like OpenAPI specs to quickly build out security tests against all your endpoints.
  • Reuse functional tests made in SoapUI Pro to automatically create end-to-end tests with security scans built in.

Inject Malicious Requests From Generated or Sourced Data

Use realistic data to simulate the way users and hackers could bypass your API's security. 

  • Import data from external files or databases
  • Create synthetic data like addresses and phone numbers
  • Share data sets across functional, load, and security tests

Drive Measurable ROI

Get Started


Learn how SoapUI Pro enables Atena testers to accelerate the regression process by 25x

Read Case Study

HDS / IMS Health

Healthcare Data Solutions

Discover how HDS reduced API testing setup time by over 80%

Read Case Study

Cisco Case Study

Cisco Systems

Point-and-click testing in SoapUI Pro makes it easy for Cisco's engineers to automate their REST and SOAP tests.

Read Case Study


Increase API quality beyond security testing

The ReadyAPI Platform is a suite of solutions for functional, performance, and security testing as well as virtualization of REST, SOAP, and other web services.

The ReadyAPI Platform enables software developers, QA engineers, and manual testers to work together to create, manage, and execute complex end-to-end API tests in their CI/CD pipelines without needing to code.

You can reuse API definitions to automatically create functional, load, and security test assertions and then drive data through your endpoints and parameters to test hundreds of realistic scenarios in just minutes.


Start Your SoapUI Pro Trial Now

By submitting this form, you agree to our Terms of Use and Privacy Policy

Test the functionality of your REST and SOAP APIs faster, while improving quality and security.

  • Fully-functional 14 day free trial
  • Create and execute API tests in seconds
  • Automate your API tests with CI servers
  • Quickly generate security scans
  • Integrate with leading API management platforms