- Authentication, encryption, and access control (i.e., runtime security policy validation).
- Hybrid security analysis, which integrates penetration testing with runtime error detection.
About Authentication, Encryption, and Access Control
SOAtest assists with runtime security policy validation by enabling execution of complex authentication, encryption, and access control test scenarios. SOAtest includes security support for testing services with security layers.
For details on how to perform this validation, see Authentication, Encryption, and Access Control.
About Hybrid Security Analysis
SOAtest’s hybrid security analysis takes the functional tests that you and your team have already defined and uses them to perform a fully-automated assessment of where security attacks actually penetrate the application.
The two key components of hybrid analysis—penetration testing and runtime error detection—can also be used independently of one another.
SOAtest’s penetration testing can generate and run a variety of attack scenarios (such as Parameter Fuzzing, SQL and XPath injections, Cross Site Scripting, XML Bombs, and more) against your functional test suites.
If you are not able or ready to configure your application server for runtime error detection, you can still use penetration testing to generate and run attack scenarios, then use alternative strategies to determine if the attacks caused security breaches.
Runtime Error Detection
SOAtest’s runtime error detection monitors the application from the back-end as SOAtest tests executes and alerts you if security breaches or other runtime defects (such as race conditions, exceptions, resource leaks) actually occur.