Forum Discussion

racoliv's avatar
New Contributor
13 years ago

Security test parameters


I'm having a really hard time to define parameters on security scans.

From what i've understand... we have to provide a label, Parameter name (type), and xpath.

for instance for the following web service :

i've done:

declare namespace web="http://www.webserviceX.NET";
declare namespace soap="";

<soap:Envelope xmlns:soap="" xmlns:web="http://www.webserviceX.NET">

My goal is to pass the mutation to the parameter CountryName of the GetCitiesByCountry operation from Web Service. That doesn't work for instance for the malformed xml attack, i get "Property value is not XML or XPath is wrong!"

I don't see any example on how to create a parameter on the soapUI official documentation here: ... rview.html

i only see in that that it is mandatory to declare namespaces (partially in the screenshots provided on previous link), but i don't know whats wrong with my expression.

Anyone can please help me with this issue, since i need this for a work on school.

1 Reply

  • mfebrestrop's avatar
    New Contributor

    Hello everyone,


    I have the same problem trying to define parameters on security scans for a REST service. Here you can see my json payload and according to the documentation it seems I need to create also a plain request parameter with the same name.



    Then , I create a Security Test, and added a new parameter using the Hello property and Hello Label (not sure if they need to be the same)




    When I run the security Scan, I can see that is using Hello to set the values for test:



    But when monitoring the request with a proxy, Hello parameter is empty all the time:





    Can you help me to understand how to configure correctly the parameter?