Hi Joel
The project already have endpoint
http://computer20:28136 set.
I can send you the project for you to verify, separately.
But there is no problem with the endpoint, if so we would not be able to get any response, right?
The problem is with the security assertions.
They assert [Version x.y.z] because the response (HTTP 200 ) contain version info.
Which our aim to filter out with -t G:\123423412\soapui-settings.xml
(actually the project have them removed too, so this might be a generic problem with the security tests, when automated from command line, with the securitytestrunner.bat/sh ONLY.)
For example we have removed four [Version x.y.z] <con:property> sections from soapui-settings.xml:
<con:property>
<con:name>~(?s).*\w+/\d{1,2}(\.\d{1,3})+.*</con:name>
<con:value>[Version x.y.z] Exposing version numbers gives unnecessary hints on your systems vulnerabilities</con:value>
</con:property>
Please could YOU examine this (try it out for yourself) and register a bug accordingly?
In order to make it simpler for you, and if you do not have soap interface that returns version info, try add something similar to this to reproduce the issue at hand:
<con:property>
<con:name>~(?s).*(A|a)+.*</con:name>
<con:value>[Version x.y.z] A response that contain a or A letter</con:value>
</con:property>
Thank you for your hard efforts,
QA4Ever
