Malformed XML Scan

Applies to ReadyAPI 3.53, last modified on May 15, 2024


The Malformed XML scan checks how your service behaves when it gets malformed XML snippets.

Typically, attackers try to send a malformed XML to crash a vulnerable server or execute arbitrary commands. For example, the following code:

ReadyAPI: Malformed XML Example

The Malformed XML scan simulates this procedure, notifying you if the server cannot handle the malformed XML snippets correctly.

If the scan does not reveal any information about possible vulnerabilities, it passes successfully.

If the scan has Failed, that indicates your service is vulnerable to attacks based on faulty or malicious XML content.


This scan is applicable to SOAP test steps or requests that contain XML data.

How it works

The malformed XML security scan alters the target request by inserting malformed XML snippets, leaving elements or attributes open, adding non-defined attributes, and so on.

This scan uses assertions to validate each response and check if it includes any information about potential vulnerabilities.

If a response passes all assertions, PASS will be logged for that response. If any assertion fails, FAIL will be logged.

If you have not applied any assertions to the scan, Unknown will be logged for the response.


  • Default Assertion
    Sensitive Information Exposure – Verifies that your server does not reveal any information that is useful for attacks (such as stack traces if the server crashes).


The Malformed XML scan inserts values into the message parameters.

ReadyAPI: Configuring the malformed XML scan

Normally, parameters are extracted automatically when you create the scan. If there are no parameters present, ReadyAPI will not run the Malformed XML scan. See Parameters for more information.

Use the following options to configure the scan Strategy:

Option Description
Select Strategy One by One – Select to send requests one by one (may take some time).
All At Once – Select to send all requests at once.
Request Delay (ms) Set a pause between requests during the scan in milliseconds.
Apply to Failed Test Steps Select to run the scan even if the target test step fails.
Run only once Select to run the scan only once for each test step, even if ReadyAPI runs that step several times for the test case.

On the Advanced panel, define the behavior for the scan.

ReadyAPI: Malformed XML scan advanced options
Option Description
Insert new element Add a new element to the XML content.
Element value Put a value in a new element.
Change tag name Modify a tag name.
Leave tag open Allow leaving a tag open.
Insert invalid char in XML Allow using invalid characters in XML.
Mutate attributes Change XML attributes.
Insert invalid chars in attribute Use invalid characters in attribute strings.
Leave attribute open Allow leaving an attribute string open.
Add new attribute Add a new attribute.
Attribute name Name a new attribute.
Attribute value Put a value in a new attribute.

See Also

XML Bomb Scan
Sensitive Information Exposure Assertion
Security Scans Types

Highlight search results