Applies to ReadyAPI 2.7, last modified on June 25, 2019

Use security tests to ensure your service is well-protected from most common malicious attacks and does not expose any sensitive information.

Security tests include various types of security scans. Each of them detects a specific vulnerability. With multiple security scans in one test, you guarantee your service is well-protected against possible attacks.

Security tests interface

Below is a screenshot of the security test window:

ReadyAPI: The Security Test window

Click the image to enlarge it.

The security test window is similar to the test case window. It contains:

  • A toolbar with common actions: execution, report generation and so on.

  • A progress bar for tracking the progress of the security test.

  • A toolbar and a list of test steps in the underlying test case, with more information on the execution progress and with configured security scans for each step.

  • Inspectors for adding a description, properties and setup or teardown scripts to the security test.

  • Security test logs.

To run a security test, prepare your scans and click Run in the top left corner. For more information on running tests, see Run Security Tests.

Execution order

If you have a security test for a test case with three test steps and matching security scans:

  • A login request.

    • SQL Injection Scan

    • XPath Injection Scan

    • Malformed XML

  • A property transfer of the session ID from the login response to the logout request.

  • A logout request.

    • SQL Injection Scan

    • XPath Injection Scan

The execution of that security test will include the following steps:

  • Run the login request.

  • Run the login SQL Injection scan using the login request as a template.

  • Run the login XPath Injection scan using the login request as a template.

  • Run the login Malformed XML scan using the login request as a template.

  • Run the property transfer test step.

  • Run the logout request.

  • Run the logout SQL Injection scan using the logout request as a template.

  • Run the logout XPath Injection scan using the logout request as a template.

Licenses

Security tests are part of ReadyAPI and are available to all users of the product.

Basic security testing functionality is available for free to any user who has a license for any tool of ReadyAPI (for instance, basic security scans are available to LoadUI Pro users).

To use all the security testing features available in SoapUI, you need a SoapUI Pro license.

For information on the differences between the licenses, see below.

Differences between Base and Pro licenses

Feature Base Pro

Security scans

Creating tests

Security test reporting

Absent

Available

Scan parameters extraction

Absent

Available

Dashboard tile

Absent

Available

Endpoint scans

Absent

Available

See Also

Getting Started With Security Tests
SoapUI Security Tests Samples
Security Tests

Highlight search results