Security Scan Wizard
SoapUI NG Pro, helps you find and address API security vulnerabilities before you go to production by providing several built-in security scans that you can easily add to your API tests. Our unique Security Scan Wizard walks you through the steps of customizing the test run by selecting the scans you want to use and the test steps you want to run them against.
Types of Security Tests in SoapUI Pro
Sending in data at the boundary of allowed values or in direct opposition of the allowed values may cause your system to display unwanted information. This scan sends those requests through to see if your API can be breached.
This test checks to make sure your API doesn't expose the parameters it uses by displaying the in messages and URLs.
This scan injects random text as API requests to provoke unknown errors, buffer overflows, stack traces, or string vulnerabilities.
This scan sends an unexpected data format in the request so you can validate that the API can gracefully handle input of the wrong data type.
This scan will insert malformed XML snippets into the API request in an effort to expose sensitive information or potentially crash a vulnerable server.
Malicious attachments can take several forms and have multiple purposes - for our scan, we add and/or replace attachments to the request with invalid or large attachments to seek out vulnerabilities in the server or the code.
Our SQL injection test can send malicious SQL statements to your API in an effort to access and weaken your databases.
The XML Bomb sends an extremely large XML file to your API in an effort to create a stack overflow.
This scan injects unexpected XML content and/or structures into the API request in an attempt to disrupt its behavior.
For those who want more control over the design and execution of their API security tests, SoapUI NG Pro, provides the ability to start from a clean slate and build your own scans. In SoapUI NG Pro, a security test is basically a layer on top of an existing test case, adding any number of security scans to each of the Request TestSteps beneath.
To help you build and configure the security scans that make sense for your API, the tool includes the scans defined in the above section that you can populate.
Security Test Generator
The types and amount of API security testing you need depends greatly on who will be using your API and the level of exposure you might have as a result. With SoapUI NG Pro, we provide you with the option of building custom security scans from scratch, using our pre-built security scans, or jump start your security testing with our Security Test Generator.
Back To All Features