Forum Discussion

Akshay03's avatar
Akshay03
New Contributor
8 years ago

How to perform malicious attachment security scan using SOAP UI opensource?

How to perform malicious attachment security scan using SOAP UI opensource?
nmrao's avatar
nmrao
Champion Level 3
8 years ago
What type of attachment does your service consumes?

Couple of inputs:
File with non-compliant format.
Denial of service using very large file.
  • Akshay03's avatar
    Akshay03
    New Contributor
    8 years ago

    Answers to your question:-

    1)The file I am trying to attach is in XML and text format.

    2)File size I tried with 300bytes, 500bytes, 900bytes. It still isn't accepting it.

     

     

    I am trying to perform malicious attachment scan to sample WSDL.

    I tried it as per the tutorial provided on the below link:-

    https://www.soapui.org/security-testing/security-scans/malicious-attachment.html

     

    It displays an existing attachment in the image. My sample wsdl does not has one. I created a sample malicious java script code and saved in a text file. 

    Whenever I try to generate it using the second tab...it displays 'No attachment in the test step message'.

    I tried to find out an option to add an attachment but din't get it. I came across a option 'Copy Attachments' in the 'Add request to test case' option but it is greyed out.

    Is it possible to perform malicious security scan in the opensource SOAP UI.

     

    Please refer the attached images.

    Awaiting your reply...