Security Assertions

Applies to ReadyAPI 3.53, last modified on May 15, 2024

Use assertions for security tests to check if the responses the server sends contain information that reveal vulnerabilities in your service.

Assertion types

Security scans support various types of assertions. Some of them are similar to those you use in functional tests, some of them are available only for security tests. On the other hand, functional tests also support some security test assertions.

When using multiple assertions, make sure their types match the service type. For example, SOAP assertions are applicable to SOAP requests.

To learn more about all assertions available in ReadyAPI, see Assertion Reference.

Configure assertions

To configure assertions for security tests, use the same procedure as for standard test requests.

In most cases, all assertions necessary for a particular scan will appear automatically when you add that scan. The configuration information and settings are available in the table on the Assertions tab.

Not all assertions are configurable. Some of them just provide a predefined test, and some use the settings of the parent scan or test step.

To start working with assertions, click a response handler in the security test window.

ReadyAPI: A response handler in the security test

Click the image to enlarge it.

Assertions will appear in the Assertion inspector.

Tip: To simplify configuring assertions, run the request you want to use at least once.
ReadyAPI: The assertions inspector
  • To create a new assertion:

    1. Click .

    2. In the Add Assertion dialog, select the assertion you want to to apply.

      Note: Some assertions can be missing from the dialog. It happens because they are not applicable to the currently selected test step.

      Use the search box at the top of the dialog to quickly find the needed assertion.

    3. Click Add.

    4. In the subsequent dialog, specify the assertion options.

    5. Click OK. The new assertion will appear in the inspector.

  • To remove an assertion:

    1. Select an assertion in the inspector.

    2. Click .

    3. Click Yes in the Remove Assertion dialog to confirm the removal.

  • To configure an assertion:

    1. Double-click an assertion in the inspector, or select it and click .

    2. In the subsequent dialog, edit the settings specific to that assertion.

    3. Save the changes.

View assertion results

To see the results of an assertion, open the transaction log.

The transaction log contains information about each request and response pair and the results of specific assertions.

ReadyAPI: Assertions in the transaction log

Click the image to enlarge it.

To view information about a response, click it. The response details will appear in the inspector.

ReadyAPI: Response details

See Also

Assertions Reference
Security Tests

Highlight search results