SOAPtest 4.0 targets Web services
New security tests, load testing make for squeaky-clean Web services
Also new in SOAPtest 4.0 is its capability of launching attacks against a Web service to assay its security vulnerabilities. The set of new security tests currently generated by SOAPtest includes -- but is not limited to -- parameter fuzzing, which passes irregular parameters that might cause the Web service to throw an exception or reveal information it shouldn’t; XML bombs, detonated if an XML entity is defined recursively in a DTD, causing an XML parser to expand the enclosing document to an unmanageable size; SQL injection, which injects unwanted strings into the text of a SQL query, causing the application to throw an exception or execute improper SQL code; and XML external entity attacks that exploit a DTD’s capability of making an external reference.
As if that’s not enough, Version 4.0 also extends SOAPtest’s performance and load testing. Now you can simulate -- and view the effects of -- multiple clients posting requests to your Web service and graphically tune the simulation’s evolution. For example, you can see how your Web service performs if client requests increase with a gradual linearity, peak suddenly, or rise and fall in a bell curve.
Finally, SOAPtest 4.0 is not limited to testing Web services; it also exercises a Web service client. By configuring SOAPtest to act as the Web service itself, you cause it to mimic the server; as such, it can verify that clients post proper requests. It’s a valuable feature because it allows you to test the “whole” Web service application -- client and service/server -- instead of just the service.
SOAPtest 4.0’s strength lies in the ease and agility with which you can create and modify tests. In seconds, you can build a test, run it, and examine the response. If the test looks good, add it to your suite; if not, modify or extend it -- or throw it away and create a new one.
SOAPtest 4.0 effectively walks that narrow line between being entirely code-free (allowing the wizard to build the tests) and customizable (coding an involved script by hand). This balance makes it useful to QA engineers and developers. Because you can run it from the command line, it is easily incorporated into automated builds. If you’re building serious Web services, you need SOAPtest.