How to perform security tests on SOAP request that contains XML in a string attribute.
I have a web service that submits a soap request that contains an XML file in the request in a string element. The actual request (i.e. data that would change in different requests) are in the embedded document. And yes, the xml document is enclosed in CDATA. Is there a way to have the security functionality perform the testing on the elements in the embedded XML document? Thanks.Configure WSS11 Security Policy
Has anyone had any luck in configuring WSS11 security policy on Soap UI? I am using Ready API 1.4.1. I have attempted to find multiple forum articles regarding this, but no-one seems to have had an answer e.g. - https://community.smartbear.com/t5/SoapUI-NG/Support-for-signature-using-secretkey/td-p/33846 - http://community.smartbear.com/t5/SoapUI-NG/SecretKey-not-supported-due-to-JCEKS-keystores-not-supported/m-p/110835#M25770 It looks like a feature request was raised for this. If anyone has managed to configure this, please get in touch. Thanks.
SecurePRO (ReadyAPI 1.6.0): How to modify the default assertion "Valie HTTP Status Codes"
We run SecurePRO Security-Tests. Therefore we use all the default scans provided. One of them is "HTTP Method Fuzzing" Request: PATCH http://localhost:14080/rest-service/rest/contact/contacts?languageCode=xx Response: HTTP/1.1 500 Internal Server Error Now, SecurePro isalerting (Warning): Valid HTTP Status Codes: Response status code 500 is not in the list of status codes But I can't find any place to modify the list of valid status codes. Please note, I did not add this assertion manually It's a default assertion as it is alsoa default security scan. Any ideas? Thanks Regards, Reto
Allow setting ReadyAPI working directory for user
Feature request:Please consider adding aglobal log file location and removing the dependency on the bin/ directorybeing writeable by the user running ReadyAPI (or testrunner.sh, etc). Evenbetter would be if you would support using a variable in the path, orsimply relative paths, so that the ReadyAPI logs of one project could beplaced under the project's working directory. I'm not overly familiar with ReadyAPI but I imagine the ideal location inwhich to specify a log path would be in soapui-settings.xml. Background (as per our forum post and support ticket): We have installed in a system-wide location at /opt/SmartBear/ReadyAP-1.2.2, but unless we make the bin/ subdirectory of that path writeable by the user (not a good idea!) the software refuses to start. Even giving write permissions to all of the individual log files that ReadyAPI expects to write to is insufficient. It requires write access to the bin/ subdirectory. If I temporarily make bin/ writeable, I can launch the GUI, run tests, etc. Even if installed into a user's home directory, we'd prefer for logs not to be created in the same dir as the binaries. I have so far tried setting global properties as follows using the GUI: Name: soapui.logroot /home/user/soapui-workdir user.dir /home/user/soapui-workdir Neither of these worked when running our test suite, even after restarting the ReadyAPI GUI. I have tried various combinations but ended up having to make our user theowner of the directory for ReadyAPI to even launch at all. I had consideredediting soapui-log4j.xml but thought it was bad form to do so (and it'slikely changes will be over-written next time we upgrade ReadyAPI). I think many *nix systems administrators would be concerned about the factthat ReadyAPI requires write access to the binaries directory (not just thelog files in it, but the whole directory).
