Contributions
Re: How to add security tests to REST requests with JSON content
Ok, here you can see how I set parameter values: Here is my SecurityScan configuration: Screen from Security log after running tests: And Raw request, as you can see "exter*" property still have default value: And quick look on Properties > SecurityChangedParameters - he think he do everything right:5.3KViews0likes0CommentsRe: How to add security tests to REST requests with JSON content
Yes, I'm sure, I checked it directly in server logs. When I do the same for more "static" properties (directly placed in request body, like authorization header) everything works fine (they are replaced by SQL Injection strings), problem occurs only for parameters that I put in the request by editor under the table of parameters.5.3KViews0likes0CommentsHow to add security tests to REST requests with JSON content
Ok, let me explain my problem: I have REST request with few parameters, POST method, service accept only JSON content, so I changed Media Type to application/json and put values to the request body by this way: { "param1" : "${param1}" "param2" : "${param2}" } Everything works fine (functional tests), but... ...when I trying add security tests: I choose my request in SecurityTest window > Add SecurityScan > SQL Injection > Adds a parameter > choosing param1 from the list > etc And when I running that tests I getting informations like that one: [SQL Injection] Request 1 - OK - [param1=' or '1'='1]: took 17 ms But when looking on the request body in Message Viewer window, it seems I still sending default values, not SQL Injections: { "param1" : "value1" "param2" : "value2" } And when I looking to my server logs I really getting standard requests. So, the question is: why SoapUI doesn't overwrites this parameters? Bug on your side, or I do something wrong? Maybe because you not support natively JSON in requests and I must create request circuitous way? Thank you for any help, Regards!6.6KViews0likes9Comments