Contributions
Security test parameters
Hello. I'm having a really hard time to define parameters on security scans. From what i've understand... we have to provide a label, Parameter name (type), and xpath. for instance for the following web service : http://www.webservicex.com/globalweather.asmx?WSDL i've done: declare namespace web="http://www.webserviceX.NET"; declare namespace soap="http://schemas.xmlsoap.org/soap/envelope/"; //soapenv:Envelope/soapenv:Body/web:GetCitiesByCountry/web:CountryName; request: <soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:web="http://www.webserviceX.NET"> <soap:Header/> <soap:Body> <web:GetCitiesByCountry> <!--Optional:--> <web:CountryName>?</web:CountryName> </web:GetCitiesByCountry> </soap:Body> </soap:Envelope> My goal is to pass the mutation to the parameter CountryName of the GetCitiesByCountry operation from Web Service. That doesn't work for instance for the malformed xml attack, i get "Property value is not XML or XPath is wrong!" I don't see any example on how to create a parameter on the soapUI official documentation here: http://www.soapui.org/Security/security ... rview.html i only see in that that it is mandatory to declare namespaces (partially in the screenshots provided on previous link), but i don't know whats wrong with my expression. Anyone can please help me with this issue, since i need this for a work on school.1.4KViews0likes1CommentHow to perform a security scan using the API
Hello. I'm using soapUI API for integrating it's security scans with one application i'm developing. I'm having much difficulties understanding SOAPui behaviour from it's Javadoc. Although it is structured, due to it's lack of description is very difficult to know which methods/classes do what... So basically i have this code sample: project = MyClass.getInstance().getProject(); WsdlTestSuite wts = new WsdlTestSuite(project, null) ; WsdlTestCase wtc = wts.addNewTestCase("testcase"); SecurityTest st = wtc.addNewSecurityTest("security"); WsdlTestStep wtstep = wtc.addTestStep("calltestcase", "teststep"); //example to specify a XML BOMB attack SecurityScan sc= st.addNewSecurityScan(wtstep, "XML Bomb"); So how do i execute the security scan? is it the run method inside SecurityScan, or will i have to instantiate the attack that i want to use like this... XmlBombSecurityScan xs = XmlBombSecurityScan( TestStep testStep, SecurityScanConfig config, ModelItem parent, String icon ) and then call execute.... if it is the second option i have to call, i'm having a doubt about what these classes do and what is the best way to instantiate them: SecurityTestRunner SecurityTestRunContext I was hoping that someone could provide me insight how to do this, if possible with insightful code samples. Thanks in advance.1KViews0likes0Comments