Skip to content

Instantly share code, notes, and snippets.

@infomaven

infomaven/soapui_security_quickstart.md Secret

Last active June 17, 2024 02:49
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save infomaven/d6e2ba7b5f3600ceb3061f5ede7f8a26 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save infomaven/d6e2ba7b5f3600ceb3061f5ede7f8a26 to your computer and use it in GitHub Desktop.
Download ZIP
Security Quickstart
Raw
soapui_security_quickstart.md

Security Testing Workflow

Using a SoapUI Project with passing Functional TestCases. The Scans can only be applied to TestStep Requests.

  1. Set up Scans and Parameters to target fields of interest
  2. Inspect results and structure - note the warning of “Missing assertions”
  3. Consider business and security requirements
  4. Add scans to appropriate TestSteps
  5. Add Assertions to the Scans (Security Assertions use the same type of editor as Functional Assertions)
  6. Execute Security Test using the Security TestRunner Launcher with a designated reporting directory
  7. Review results. Provide actionable recommendations to team

References

capec.org Security Exploit Database

Exploratory testing repo with "naughty tokens" for security scanning Security Testing Techniques with SoapUI. (google doc)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment