Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from space FUNCTDEV and version SVC2020.1

...

  • Authentication, encryption, and access control (i.e., runtime security policy validation).
  • Hybrid security analysis, which integrates penetration testing with runtime error detection.

About Authentication, Encryption, and Access Control

SOAtest assists with runtime security policy validation by enabling execution of complex authentication, encryption, and access control test scenarios. SOAtest includes security support for testing services with security layers. 

...

Info
titleLearning More

For details on how to perform this validation, see Authentication, Encryption, and Access Control.

About Hybrid Security Analysis

SOAtest’s hybrid security analysis takes the functional tests that you and your team have already defined and uses them to perform a fully-automated assessment of where security attacks actually penetrate the application. 

...

The two key components of hybrid analysis—penetration testing and runtime error detection—can also be used independently of one another. 

Penetration Testing

SOAtest’s penetration testing can generate and run a variety of attack scenarios (such as Parameter Fuzzing, SQL and XPath injections, Cross Site Scripting,  XML Bombs, and more) against your functional test suites.

If you are not able or ready to configure your application server for runtime error detection, you can still use penetration testing to generate and run attack scenarios, then use alternative strategies to determine if the attacks caused security breaches. 

Runtime Error Detection

SOAtest’s runtime error detection monitors the application from the back-end as SOAtest tests executes and alerts you if security breaches or other runtime defects (such as race conditions, exceptions, resource leaks) actually occur. 

...