SOAPtest 4.0 targets Web services
New security tests, load testing make for squeaky-clean Web services
Whereas most of us surf the “visible” HTTP exchanges between browser and Web server, Web services are transporting an increasing load of otherwise invisible traffic. With the help of SOAP, Web service clients and servers carry on unseen conversations, similar to messages traveling over a subfrequency.
They may be invisible, but these conversations are important: More and more frequently, Web services are being used to conduct vital business transactions.
Parasoft’s SOAPtest is one of a growing number of tools that test these increasingly critical applications. Although its name implies its only job is identifying and diagnosing problems in SOAP messages, SOAPtest delivers comprehensive regression, unit, and security testing for Web services and Web service client applications.
Version 4.0 adds features that make SOAPtest easier to use than its earlier editions. It also adds new test categories -- for example, SOAPtest’s new security tests ascertain how well your Web service is protected against a malevolent user’s attacks.
Getting lathered
SOAPtest has two primary uses, but it functions as an automatic test generator in both cases.
First, it creates static WSDL verification tests for the content of a Web service’s WSDL document. The tests that SOAPtest builds check not only for proper WSDL syntax but also for correct WSDL semantics -- for example, it verifies the document’s internal consistency.
Second, SOAPtest reads the WSDL document’s contents and creates unit tests for the Web service’s methods. SOAPtest can also create its tests from the Web service’s UDDI information, as well as from an HTTP traffic log file involving Web services.
Although these unit tests begin as simple, single calls into Web service methods, they don’t stay that way. You can easily configure a test to execute repeatedly, drawing its succession of input parameters from a data table, a comma-delimited file, an Excel spreadsheet, or a database. If you need to instill more intelligence into a particular test, you can augment the test’s behavior with scripts written in Jython (Python written in Java), Java, or JavaScript.
This is SOAPtest’s real power. Beginning with a small, simple set of static and dynamic tests automatically generated by a wizard (one of the new features of SOAPtest 4.0), you can extend, duplicate, and modify those tests to build -- Lego-style -- an increasingly powerful suite. Tests are executed in sequence; by properly ordering tests, you can simulate a lengthy session between Web client and Web service.
I ran SOAPtest on a pair of sample Web services I had been using to explore various ASP.Net features. The tool’s best feature is its seemingly instantaneous creation of tests, and the equally speedy way I could iteratively extend and modify those tests. SOAPtest allowed me to assemble my tests in such a way that what began as a collection of unit tests blossomed into an array of functional tests. And throughout this process, I never needed to stoop into the source code.
Security spotlight
With SOAPtest, subsequent tests can use data from preceding tests as their inputs, and that allows you to build a “mock” workflow of a user carrying out a complex series of transactions with the particular Web service. By incrementally layering tests on a suite’s foundation, you produce a comprehensive project that -- taken as a whole -- ends up being greater than the sum of its parts.
| Test Center Scorecard | |||||||
|---|---|---|---|---|---|---|---|
 |  |  |  |  |  |  | |
| 20% | 20% | 20% | 20% | 10% | 10% | ||
| Parasoft SOAPtest 4.0 | 8 | 8 | 10 | 8 | 9 | 9 |
8.6
Very Good
|
