Your SlideShare is downloading. ×
Soa Security Testing
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Soa Security Testing

1,433

Published on

SOA Testing: An …

SOA Testing: An
Approach to Test
the Security Aspects
of SOA based
Application

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,433
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
51
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. SOA Testing: An Approach to Test the Security Aspects of SOA based Application Presenter’s: Jaipal & Uday Date:4-Nov-09
  • 2. SOA and its Industry acceptance SOA is becoming the most sought after solution for any new Enterprise Architecture Design and its steady growth in acceptance is re-affirmed by Gartner’s Hype Cycle. SOA and Enterprise Architecture have a common goal of Aligning Business and IT objectives 2| SOA Testing Testing Security Aspects of SOA Based Application
  • 3. Challenges in Securing SOA environment 3| SOA Testing Testing Security Aspects of SOA Based Application
  • 4. Security Infrastructure in SOA implementation Message Layer Security Transport Layer Web Service 1 Security Security W Specification E B Web Service 2 S Security E Specification R Client Application V E R Web Service 3 Security Specification • Security Specifications are  WS-Security  WS-Secure Conversation  WS-Trust External -  WS-Federation Security Token Service  WS-Security Policy 4| SOA Testing Testing Security Aspects of SOA Based Application
  • 5. WS-Security Standards and Open Source tools Various Security Standards which the Web Services adhere too are SAML, WS-Security, XML-Encryption, WS-SecureConversation, WS-Trust, WS-SecurityPolicy and WS-Federation SAML WS-Security XML- XML- WS- WS-Trust WS- WS- Encryption Signature SecureConver SecurityPolicy Federation sation SOAP UI Push To Test Web-Inject WS-I Tools 5| SOA Testing Testing Security Aspects of SOA Based Application
  • 6. Web Services Security standards usage in a Scenario 6| SOA Testing Testing Security Aspects of SOA Based Application
  • 7. Proposed Solution 7| SOA Testing Testing Security Aspects of SOA Based Application
  • 8. Solution Phase 1 – Test Assertion Document Identify Security Specifications WS-SECURE WS-SECURE SAML WS-SECURITY WS-TRUST CONVERSATION POLICY Element/Attribute Name Description Required/Optional/Recommended Test Assertion Document Table <<optional>> Test Assertion XML Document 8| SOA Testing Testing Security Aspects of SOA Based Application
  • 9. Solution Phase 2 – Capture SOAP Messages • Services communicate using SOAP Protocol • SOAP message contains the security information • Develop SOAP Monitor tool to capture request and response of services Ex: 1) Request initiated for a web service 2) Services establish Security Tokens with Security Context information 3) Data is exchanged after the Security Token is verified 9| SOA Testing Testing Security Aspects of SOA Based Application
  • 10. Solution Phase 3 – Test Result Report • Develop code to compare XML documents (similar to DOM or SAX parsers in Java) • Compare SOAP header with TAD: TAD/XML done by the code developed to compare XML documents • Generate the Test Result Report Test Req& Resp XML containing the status and descriptions Test Result Report Format Comparison Status True Pass – Provide the description given in the <assertionDesription> element of TAD False Fail - Provide the description given in the <failureMessage> and <failureDetailDescription> elements of TAD Test Result Report 10| SOA Testing Testing Security Aspects of SOA Based Application
  • 11. Conclusion Maximized ROI : Streamlined Testing approach brought in by very few changes in the testing lifecycle Increased Agility: Customizable at any stage and applicable in any complicated Enterprise Application Architecture Reduced IT investment: Vendor Reusable and audit ready artifacts are created independent procedure implementable which are alive throughout the Testing lifecycle with very little training imparted to the thus enabling better understanding of the system existing team. limitations 11| SOA Testing Testing Security Aspects of SOA Based Application
  • 12. Thank you 12| SOA Testing Testing Security Aspects of SOA Based Application

×