SlideShare a Scribd company logo
1 of 67
Download to read offline
Web Services and
Introduction of SOAPUI
Dinesh kaushik
+91-
9555927575
Discussion Points
● What are web services?
● Component of web services
● Architecture
● Operations in web service architecture
● Diagram of web service architecture
● Types of web services
● What is SoapUI
● SoapUI test structure
Discussion Points(Continued..)
● Creating a new SOAP project
● Adding a TestSuite
● Adding a Test
● Assertion
● SoapUI Pro
What are web services
● Web services are the method of communication
between the systems over a network.
● This communication is done over http platform.
● XML is used to encode all communication in form of
XML message.
● It is not tied to any particular Operating system or any
programming language.
Components of web services
All standard web services uses the following components.
1. XML
2. SOAP
3. WSDL
4. UDDI
SOAP
● Its stand for Simple Object Access Protocol
● It is an XML based protocol for exchanging the
information between the computers.
● It can extend extends HTTP for XML messaging.
● It is an XML way of defining what information gets sent.
● It is platform and language independent.
WSDL
● It stands for Web Service Description Language.
● It is a standard format for describing the web services.
● Its definition describe how to access a web service and
what operation it will perform.
● It was developed jointly by microsoft and IBM.
UDDI
● It stands for Universal Description,Discovery and
Integration
● It is an XML standard for describing,finding and
publishing the web services.
● It communicate via SOAP,CORBA and Java RMI
protocol.
● It is platform independent and open framework.
Architecture
There are three major roles with in web service
architecture.
● Service Provider : It implements the service and make it
available on internet.
● Service Requester : It utilizes existing web service by
opening a network connection and sending an XML
request.
● Service registry : It is a central place where developers
can publish new services or find the existing one.
Operations in web service architecture
There are three major types of operations performed in
web service architecture.
● Publish : A service description needs to be published so
that a service requester can find it.
● Find : In this operation,service requester retrieves a
service description directly or queries the service
registry for the type of service required.
● Bind : In this operation,a service requestor use the
binding detail to invoke the service.
Diagram of web service architecture
Type Web Services
● XML-RPC
● SOAP
● REST
What is SoapUI
● SoapUI is a API testing tool which is free and open
source cross-platform for Functional Testing solution.
● SoapUI provides complete test coverage and supports
all the standard protocols and technologies.
● SoapUI allows you to easily and rapidly create and
execute automated functional, load tests and security
testing.
SoapUI Test structure
It structures functional tests into three level.
● Test Suites
● Test Cases
● Test Steps
Test Suite
● It is a collection of test cases that can be used for
grouping functional tests into logical units
● We can create any number of test suites inside the
soapUI project.
Test Case
● It is a collection of test steps that are assembled to test
some specific aspect of your service.
● We can add any number of test cases to a containing
test suite.
● We can even modularize them to call each other for
complex test scenarios.
Test Steps
● These are “building blocks” of functional tests in soapUI.
● They are added to a Test Case and used to control the
flow of execution.
● Validate the functionality of service to be tested.
Creating a new SoapUI project
● Start SoapUI
● Click on “File”
● Click on “New Soap Project”.
● Add Project Name and URL
● Select the checkbox option
● Click on “OK”
New SOAP Project window
Web Services and Introduction of SOAPUI
Adding a TestSuite
● Right click on the name of interface
● Click on “Generate TestSuite”.
● A dialog box will show up where you can customize the
generation
Web Services and Introduction of SOAPUI
Adding a Test
● Expand the tree until the test steps have been unfolded.
● Double click on the test step. A sample request should
appear in the request editor.
Web Services and Introduction of SOAPUI
Assertion
● It gives an indication that your test case has been
passed or failed.
● If we add at least one assertion,it will warn us about the
problem which failed our test case.
Adding an assertion
● Click on the label “Assertions” at the bottom of the
request editor.
● This will expand the assertions editor. It is empty.
● Click on the small +-sign at the top of the assertions
editor.
● Select “Property Content assertions.” The first one in
the list is a Contains assertion.
● Let’s use that one. Click on the “Contains” box
● Click on “Add” to add it to the test case.
Web Services and Introduction of SOAPUI
Web Services and Introduction of SOAPUI
Verify a range
We need the assertion “Range” when value is expected to
change then we need a test that can handle a range
instead of fix value.
Steps to add range
● Click on the label “Assertions” at the bottom of the
request editor.
● Click on the small +-sign at the top of the assertions
editor.
● Select “Property Content.”
● Select “XPath match” and click “Add.”
● Click “Declare” in the XPath editor, SoapUI declared
two namespaces for you. They can be called anything.
The two namespaces that were declared are called
soap and ns1.
● Rename ns1 to something more descriptive.
● The next step is to add an XPath3 expression that will
search for the element that contains the conversion
rate.
//Web:ConversionRateResult
Web Services and Introduction of SOAPUI
Verify response time
Verifying the response time is often important. A slow API
is a problem waiting to emerge. Customers will probably
start to complain when you have a lot of traffic and they
don’t get their response quickly enough.
Steps to add response time
● Add a new assertion.
● Select “SLA” and “Response SLA.”
● Add it.
● Specify the desired response time.
● Click on “OK”
Web Services and Introduction of SOAPUI
Web Services and Introduction of SOAPUI
SOAP UI Pro
It comes with several time saving features aimed at making
your testing faster and testing life easier.
● Test Debugging
● Multi Environment Support
● Data Driven
● Reporting
Security Testing with SOAP UI
Discussion Points
● What is Security Testing
● Purpose of Security Testing
● Security Test in SOAPUI
● Security Scans
● Add Security Scan
● Add New Security Parameters
● Assertions
● Execution
What is Security Testing?
● Testing how well the system protects against
unauthorized internal or external access.
● To check whether there is any information leakage.
● Non-functional testing
Purpose of Security Testing
The purpose of the security test is to discover the
vulnerabilities of the application so that the developers can
then remove these vulnerabilities from the application and
make application and data safe from unauthorized actions.
What is a Security Test in SOAPUI
● A Security Test is used in soapUI to scan your target
services for common security vulnerabilities, like for
example SQL Injections and XML Bombs.
● Security Tests are layered “on top” of an existing
TestCase to which it then applies a configurable
number of “Security Scans” which perform the actual
vulnerability scanning and detection.
In the main navigator Security Tests are visible
under a corresponding “Security Tests” node under
the containing TestCase:
Security Scans
● SQL Injection : tries to exploit bad database
integration coding
● XPath Injection : tries to exploit bad XML
processing inside your target service
● Boundary Scan : tries to exploit bad handling
of values that are outside of defined ranges
● Invalid Types : tries to exploit handling of
invalid input data
Security Scans
● Malformed XML : tries to exploit bad handling of invalid
XML on your server or in your service.
● Malicious Attachment : tries to exploit bad handling of
attached files
● Cross Site Scripting : tries to find cross-site scripting
vulnerabilities
Add Security Scan
● Once added, double-click a Security Test to see
its main configuration and execution window:
● A toolbar with actions related to execution,
reports, etc.
● A progress-bar at the top for tracking progress
of the Security Test as it executes.
Add Security Scan (Continue)
● A toolbar and list of the TestSteps in the
underlying TestCase, with additional information.
on execution progress and configured Security
Scans for each TestStep.
● a number of log tabs for viewing results from the
execution of the Security Test.
Add Security Scan
Add Security Scan
● Add a Security Scan to a TestStep in your Security
Tests either with the “Add SecurityScan” button or the
corresponding TestStep right-click menu option in the
Security Test window.
● You will first be prompted for which type of Security
Scan to add (differs based on the underlying TestStep)
and then open the corresponding Security Scan
configuration window:
Add Security Scan
Security Scan Parameters
● Most Security Scans require you define which content
of the underlying request you want to use as
placeholders for the corresponding scan, for example
for a Rest request you might have a message as
follows:
● When performing for example a SQL Injection scan with
this request, you would want to send the malicious SQL
statements in OS, User Id, Deal Id and version fields,
which would require you to define these four as
parameters in the table.
Adding New Security Parameters
Adding New Security Parameters
Here you need to specify the following:
● The underlying Test Property that contains the
parameter value (for example Request for Rest
requests).
● A unique label for the parameter.
● An optional XPath statement specifying where in the
Test Property value to find the parameter.
Add Assertions
Add Assertions
● The top of the dialog usually contains a table for
defining which parameters in the request to use for test
testing (see below).
● In the middle there is an area for Security Scan specific
configuration components (not used in the above
screenshot).
Add Assertions
At the bottom there are a number of tabs for further
configuration:
● Assertions : the assertions used to validate and check
the response for any signs of a successful security
exploit
● Strategy : settings related to how multiple parameters
should be permutated against each other (see below)
● Advanced : settings specific for the Security Scan (if
applicable)
Security Scan Assertions
● Assertions are used to assess if the responses for the
Security Scan requests contain some kind of content
that indicates if the target system has a corresponding
vulnerability.
● All the standard assertions are available, but also a
number of new ones have been added specifically for
this purpose.
Security Scan Assertions
● Invalid HTTP Codes : Allows you to specify a comma-
separated list of HTTP status codes that should not be
returned by the target service. e.g 500, 404, 403.
● Valid HTTP Codes : Allows you to specify a comma-
separated list of HTTP status codes that should be
returned. e.g 200, 201, 202
Invalid HTTP Codes
Security Scan Assertions
● System Information Exposure : Checks the response for
content that reveals system information which could be
used by hackers to further exploit any existing
vulnerabilities, for example if the response gives away
which database version that is being used (in an error
message), hackers could use this information to try to
exploit known security issues with that database.
Execution
● When a Security Scan is run as part of the
containing Security Test, it sends the different
mutation requests as configured, mutating the
defined parameters for each request.
● The Security Log shows specifically which values
were sent for each parameter and request,
together with any assertion failures:
Execution
Any Questions
Thanks

More Related Content

What's hot

Web Services Automated Testing via SoapUI Tool
Web Services Automated Testing via SoapUI ToolWeb Services Automated Testing via SoapUI Tool
Web Services Automated Testing via SoapUI ToolSperasoft
 
How to Automate API Testing
How to Automate API TestingHow to Automate API Testing
How to Automate API TestingBruno Pedro
 
POST/CON 2019 Workshop: Testing, Automated Testing, and Reporting APIs with P...
POST/CON 2019 Workshop: Testing, Automated Testing, and Reporting APIs with P...POST/CON 2019 Workshop: Testing, Automated Testing, and Reporting APIs with P...
POST/CON 2019 Workshop: Testing, Automated Testing, and Reporting APIs with P...Postman
 
An Introduction To Automated API Testing
An Introduction To Automated API TestingAn Introduction To Automated API Testing
An Introduction To Automated API TestingSauce Labs
 
B4USolution_API-Testing
B4USolution_API-TestingB4USolution_API-Testing
B4USolution_API-Testingb4usolution .
 
Postman Introduction
Postman IntroductionPostman Introduction
Postman IntroductionRahul Agarwal
 
REST API and CRUD
REST API and CRUDREST API and CRUD
REST API and CRUDPrem Sanil
 
API_Testing_with_Postman
API_Testing_with_PostmanAPI_Testing_with_Postman
API_Testing_with_PostmanMithilesh Singh
 
Test Design and Automation for REST API
Test Design and Automation for REST APITest Design and Automation for REST API
Test Design and Automation for REST APIIvan Katunou
 
4 Major Advantages of API Testing
4 Major Advantages of API Testing4 Major Advantages of API Testing
4 Major Advantages of API TestingQASource
 

What's hot (20)

Web Services Automated Testing via SoapUI Tool
Web Services Automated Testing via SoapUI ToolWeb Services Automated Testing via SoapUI Tool
Web Services Automated Testing via SoapUI Tool
 
Belajar Postman test runner
Belajar Postman test runnerBelajar Postman test runner
Belajar Postman test runner
 
Soap ui
Soap uiSoap ui
Soap ui
 
How to Automate API Testing
How to Automate API TestingHow to Automate API Testing
How to Automate API Testing
 
Postman.ppt
Postman.pptPostman.ppt
Postman.ppt
 
POST/CON 2019 Workshop: Testing, Automated Testing, and Reporting APIs with P...
POST/CON 2019 Workshop: Testing, Automated Testing, and Reporting APIs with P...POST/CON 2019 Workshop: Testing, Automated Testing, and Reporting APIs with P...
POST/CON 2019 Workshop: Testing, Automated Testing, and Reporting APIs with P...
 
Postman
PostmanPostman
Postman
 
Selenium with java
Selenium with javaSelenium with java
Selenium with java
 
An Introduction To Automated API Testing
An Introduction To Automated API TestingAn Introduction To Automated API Testing
An Introduction To Automated API Testing
 
Api testing
Api testingApi testing
Api testing
 
Api Testing
Api TestingApi Testing
Api Testing
 
B4USolution_API-Testing
B4USolution_API-TestingB4USolution_API-Testing
B4USolution_API-Testing
 
Postman Introduction
Postman IntroductionPostman Introduction
Postman Introduction
 
API Testing
API TestingAPI Testing
API Testing
 
REST API and CRUD
REST API and CRUDREST API and CRUD
REST API and CRUD
 
API_Testing_with_Postman
API_Testing_with_PostmanAPI_Testing_with_Postman
API_Testing_with_Postman
 
Test Design and Automation for REST API
Test Design and Automation for REST APITest Design and Automation for REST API
Test Design and Automation for REST API
 
4 Major Advantages of API Testing
4 Major Advantages of API Testing4 Major Advantages of API Testing
4 Major Advantages of API Testing
 
API Testing for everyone.pptx
API Testing for everyone.pptxAPI Testing for everyone.pptx
API Testing for everyone.pptx
 
Api testing
Api testingApi testing
Api testing
 

Viewers also liked

Introduction to SoapUI day 1
Introduction to SoapUI day 1Introduction to SoapUI day 1
Introduction to SoapUI day 1Qualitest
 
SOAPUI Test Design & Utilities
SOAPUI Test Design & UtilitiesSOAPUI Test Design & Utilities
SOAPUI Test Design & UtilitiesAkshay Sharma
 
SoapUI Pro Plugin Workshop #SoapUIPlugins
SoapUI Pro Plugin Workshop #SoapUIPluginsSoapUI Pro Plugin Workshop #SoapUIPlugins
SoapUI Pro Plugin Workshop #SoapUIPluginsSmartBear
 
Introduction to SoapUI day 3
Introduction to SoapUI day 3Introduction to SoapUI day 3
Introduction to SoapUI day 3Qualitest
 
Design First API's with RAML and SoapUI
Design First API's with RAML and SoapUIDesign First API's with RAML and SoapUI
Design First API's with RAML and SoapUIDaniel Feist
 
Webservices testing using SoapUI
Webservices testing using SoapUIWebservices testing using SoapUI
Webservices testing using SoapUITesting World
 
Testing web services
Testing web servicesTesting web services
Testing web servicesTaras Lytvyn
 
Testing Agile Web Services from soapUI
Testing Agile Web Services from soapUITesting Agile Web Services from soapUI
Testing Agile Web Services from soapUIPLM Mechanic .
 

Viewers also liked (9)

Introduction to SoapUI day 1
Introduction to SoapUI day 1Introduction to SoapUI day 1
Introduction to SoapUI day 1
 
SOAPUI Test Design & Utilities
SOAPUI Test Design & UtilitiesSOAPUI Test Design & Utilities
SOAPUI Test Design & Utilities
 
SoapUI Pro Plugin Workshop #SoapUIPlugins
SoapUI Pro Plugin Workshop #SoapUIPluginsSoapUI Pro Plugin Workshop #SoapUIPlugins
SoapUI Pro Plugin Workshop #SoapUIPlugins
 
Testing soapui
Testing soapuiTesting soapui
Testing soapui
 
Introduction to SoapUI day 3
Introduction to SoapUI day 3Introduction to SoapUI day 3
Introduction to SoapUI day 3
 
Design First API's with RAML and SoapUI
Design First API's with RAML and SoapUIDesign First API's with RAML and SoapUI
Design First API's with RAML and SoapUI
 
Webservices testing using SoapUI
Webservices testing using SoapUIWebservices testing using SoapUI
Webservices testing using SoapUI
 
Testing web services
Testing web servicesTesting web services
Testing web services
 
Testing Agile Web Services from soapUI
Testing Agile Web Services from soapUITesting Agile Web Services from soapUI
Testing Agile Web Services from soapUI
 

Similar to Web Services and Introduction of SOAPUI

Web services testing
Web services testingWeb services testing
Web services testingrammikn
 
Getting started with_testcomplete
Getting started with_testcompleteGetting started with_testcomplete
Getting started with_testcompleteankit.das
 
Cloud-based Test Microservices JavaOne 2014
Cloud-based Test Microservices JavaOne 2014Cloud-based Test Microservices JavaOne 2014
Cloud-based Test Microservices JavaOne 2014Shelley Lambert
 
API Testing following the Test Pyramid
API Testing following the Test PyramidAPI Testing following the Test Pyramid
API Testing following the Test PyramidElias Nogueira
 
Laravel Load Testing: Strategies and Tools
Laravel Load Testing: Strategies and ToolsLaravel Load Testing: Strategies and Tools
Laravel Load Testing: Strategies and ToolsMuhammad Shehata
 
LoadUI web performance testing tool
LoadUI web performance testing toolLoadUI web performance testing tool
LoadUI web performance testing toolMilind Rupchandani
 
Load ui web Load Testing Open source Performance Testing tool Learn Load UI W...
Load ui web Load Testing Open source Performance Testing tool Learn Load UI W...Load ui web Load Testing Open source Performance Testing tool Learn Load UI W...
Load ui web Load Testing Open source Performance Testing tool Learn Load UI W...Vishal Parekh
 
Webapp Automation Testing of performance marketing and media platform
Webapp Automation Testing of performance marketing and media platformWebapp Automation Testing of performance marketing and media platform
Webapp Automation Testing of performance marketing and media platformKnoldus Inc.
 
Testing Frameworks
Testing FrameworksTesting Frameworks
Testing FrameworksMoataz Nabil
 
Qtp interview questions and answers
Qtp interview questions and answersQtp interview questions and answers
Qtp interview questions and answersRamu Palanki
 
Qtp interview questions and answers
Qtp interview questions and answersQtp interview questions and answers
Qtp interview questions and answersRamu Palanki
 
Netserv Software Testing
Netserv Software TestingNetserv Software Testing
Netserv Software Testingsthicks14
 
Soap ui documentation
Soap ui documentationSoap ui documentation
Soap ui documentationFollower Test
 
Automation Tools Overview
Automation Tools OverviewAutomation Tools Overview
Automation Tools OverviewMurageppa-QA
 
Silk Performer Presentation v1
Silk Performer Presentation v1Silk Performer Presentation v1
Silk Performer Presentation v1Sun Technlogies
 

Similar to Web Services and Introduction of SOAPUI (20)

Web services testing
Web services testingWeb services testing
Web services testing
 
Getting started with_testcomplete
Getting started with_testcompleteGetting started with_testcomplete
Getting started with_testcomplete
 
Cloud-based Test Microservices JavaOne 2014
Cloud-based Test Microservices JavaOne 2014Cloud-based Test Microservices JavaOne 2014
Cloud-based Test Microservices JavaOne 2014
 
Test automation
Test automationTest automation
Test automation
 
White paper ready api
White paper  ready apiWhite paper  ready api
White paper ready api
 
API Testing following the Test Pyramid
API Testing following the Test PyramidAPI Testing following the Test Pyramid
API Testing following the Test Pyramid
 
28791456 web-testing
28791456 web-testing28791456 web-testing
28791456 web-testing
 
Testing microservices with rest assured
Testing microservices with rest assuredTesting microservices with rest assured
Testing microservices with rest assured
 
Laravel Load Testing: Strategies and Tools
Laravel Load Testing: Strategies and ToolsLaravel Load Testing: Strategies and Tools
Laravel Load Testing: Strategies and Tools
 
LoadUI web performance testing tool
LoadUI web performance testing toolLoadUI web performance testing tool
LoadUI web performance testing tool
 
Load ui web Load Testing Open source Performance Testing tool Learn Load UI W...
Load ui web Load Testing Open source Performance Testing tool Learn Load UI W...Load ui web Load Testing Open source Performance Testing tool Learn Load UI W...
Load ui web Load Testing Open source Performance Testing tool Learn Load UI W...
 
Webapp Automation Testing of performance marketing and media platform
Webapp Automation Testing of performance marketing and media platformWebapp Automation Testing of performance marketing and media platform
Webapp Automation Testing of performance marketing and media platform
 
Testing Frameworks
Testing FrameworksTesting Frameworks
Testing Frameworks
 
Qtp interview questions and answers
Qtp interview questions and answersQtp interview questions and answers
Qtp interview questions and answers
 
Qtp interview questions and answers
Qtp interview questions and answersQtp interview questions and answers
Qtp interview questions and answers
 
Netserv Software Testing
Netserv Software TestingNetserv Software Testing
Netserv Software Testing
 
Soap ui documentation
Soap ui documentationSoap ui documentation
Soap ui documentation
 
Automation Tools Overview
Automation Tools OverviewAutomation Tools Overview
Automation Tools Overview
 
Silk Performer Presentation v1
Silk Performer Presentation v1Silk Performer Presentation v1
Silk Performer Presentation v1
 
Selenium training in chennai
Selenium training in chennaiSelenium training in chennai
Selenium training in chennai
 

Recently uploaded

UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8DianaGray10
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Will Schroeder
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6DianaGray10
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.YounusS2
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URLRuncy Oommen
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024D Cloud Solutions
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintMahmoud Rabie
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfJamie (Taka) Wang
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IES VE
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdfPedro Manuel
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsSeth Reyes
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxMatsuo Lab
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfAijun Zhang
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsSafe Software
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?IES VE
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1DianaGray10
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Websitedgelyza
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationIES VE
 

Recently uploaded (20)

UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6
 
20150722 - AGV
20150722 - AGV20150722 - AGV
20150722 - AGV
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URL
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership Blueprint
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdf
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and Hazards
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptx
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdf
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Website
 
20230104 - machine vision
20230104 - machine vision20230104 - machine vision
20230104 - machine vision
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
 

Web Services and Introduction of SOAPUI

  • 1. Web Services and Introduction of SOAPUI Dinesh kaushik +91- 9555927575
  • 2. Discussion Points ● What are web services? ● Component of web services ● Architecture ● Operations in web service architecture ● Diagram of web service architecture ● Types of web services ● What is SoapUI ● SoapUI test structure
  • 3. Discussion Points(Continued..) ● Creating a new SOAP project ● Adding a TestSuite ● Adding a Test ● Assertion ● SoapUI Pro
  • 4. What are web services ● Web services are the method of communication between the systems over a network. ● This communication is done over http platform. ● XML is used to encode all communication in form of XML message. ● It is not tied to any particular Operating system or any programming language.
  • 5. Components of web services All standard web services uses the following components. 1. XML 2. SOAP 3. WSDL 4. UDDI
  • 6. SOAP ● Its stand for Simple Object Access Protocol ● It is an XML based protocol for exchanging the information between the computers. ● It can extend extends HTTP for XML messaging. ● It is an XML way of defining what information gets sent. ● It is platform and language independent.
  • 7. WSDL ● It stands for Web Service Description Language. ● It is a standard format for describing the web services. ● Its definition describe how to access a web service and what operation it will perform. ● It was developed jointly by microsoft and IBM.
  • 8. UDDI ● It stands for Universal Description,Discovery and Integration ● It is an XML standard for describing,finding and publishing the web services. ● It communicate via SOAP,CORBA and Java RMI protocol. ● It is platform independent and open framework.
  • 9. Architecture There are three major roles with in web service architecture. ● Service Provider : It implements the service and make it available on internet.
  • 10. ● Service Requester : It utilizes existing web service by opening a network connection and sending an XML request. ● Service registry : It is a central place where developers can publish new services or find the existing one.
  • 11. Operations in web service architecture There are three major types of operations performed in web service architecture. ● Publish : A service description needs to be published so that a service requester can find it.
  • 12. ● Find : In this operation,service requester retrieves a service description directly or queries the service registry for the type of service required. ● Bind : In this operation,a service requestor use the binding detail to invoke the service.
  • 13. Diagram of web service architecture
  • 14. Type Web Services ● XML-RPC ● SOAP ● REST
  • 15. What is SoapUI ● SoapUI is a API testing tool which is free and open source cross-platform for Functional Testing solution. ● SoapUI provides complete test coverage and supports all the standard protocols and technologies. ● SoapUI allows you to easily and rapidly create and execute automated functional, load tests and security testing.
  • 16. SoapUI Test structure It structures functional tests into three level. ● Test Suites ● Test Cases ● Test Steps
  • 17. Test Suite ● It is a collection of test cases that can be used for grouping functional tests into logical units ● We can create any number of test suites inside the soapUI project.
  • 18. Test Case ● It is a collection of test steps that are assembled to test some specific aspect of your service. ● We can add any number of test cases to a containing test suite. ● We can even modularize them to call each other for complex test scenarios.
  • 19. Test Steps ● These are “building blocks” of functional tests in soapUI. ● They are added to a Test Case and used to control the flow of execution. ● Validate the functionality of service to be tested.
  • 20. Creating a new SoapUI project ● Start SoapUI ● Click on “File” ● Click on “New Soap Project”. ● Add Project Name and URL ● Select the checkbox option ● Click on “OK”
  • 23. Adding a TestSuite ● Right click on the name of interface ● Click on “Generate TestSuite”. ● A dialog box will show up where you can customize the generation
  • 25. Adding a Test ● Expand the tree until the test steps have been unfolded. ● Double click on the test step. A sample request should appear in the request editor.
  • 27. Assertion ● It gives an indication that your test case has been passed or failed. ● If we add at least one assertion,it will warn us about the problem which failed our test case.
  • 28. Adding an assertion ● Click on the label “Assertions” at the bottom of the request editor. ● This will expand the assertions editor. It is empty. ● Click on the small +-sign at the top of the assertions editor. ● Select “Property Content assertions.” The first one in the list is a Contains assertion.
  • 29. ● Let’s use that one. Click on the “Contains” box ● Click on “Add” to add it to the test case.
  • 32. Verify a range We need the assertion “Range” when value is expected to change then we need a test that can handle a range instead of fix value.
  • 33. Steps to add range ● Click on the label “Assertions” at the bottom of the request editor. ● Click on the small +-sign at the top of the assertions editor. ● Select “Property Content.” ● Select “XPath match” and click “Add.”
  • 34. ● Click “Declare” in the XPath editor, SoapUI declared two namespaces for you. They can be called anything. The two namespaces that were declared are called soap and ns1. ● Rename ns1 to something more descriptive. ● The next step is to add an XPath3 expression that will search for the element that contains the conversion rate. //Web:ConversionRateResult
  • 36. Verify response time Verifying the response time is often important. A slow API is a problem waiting to emerge. Customers will probably start to complain when you have a lot of traffic and they don’t get their response quickly enough.
  • 37. Steps to add response time ● Add a new assertion. ● Select “SLA” and “Response SLA.” ● Add it. ● Specify the desired response time. ● Click on “OK”
  • 40. SOAP UI Pro It comes with several time saving features aimed at making your testing faster and testing life easier. ● Test Debugging ● Multi Environment Support ● Data Driven ● Reporting
  • 42. Discussion Points ● What is Security Testing ● Purpose of Security Testing ● Security Test in SOAPUI ● Security Scans ● Add Security Scan ● Add New Security Parameters ● Assertions ● Execution
  • 43. What is Security Testing? ● Testing how well the system protects against unauthorized internal or external access. ● To check whether there is any information leakage. ● Non-functional testing
  • 44. Purpose of Security Testing The purpose of the security test is to discover the vulnerabilities of the application so that the developers can then remove these vulnerabilities from the application and make application and data safe from unauthorized actions.
  • 45. What is a Security Test in SOAPUI ● A Security Test is used in soapUI to scan your target services for common security vulnerabilities, like for example SQL Injections and XML Bombs. ● Security Tests are layered “on top” of an existing TestCase to which it then applies a configurable number of “Security Scans” which perform the actual vulnerability scanning and detection.
  • 46. In the main navigator Security Tests are visible under a corresponding “Security Tests” node under the containing TestCase:
  • 47. Security Scans ● SQL Injection : tries to exploit bad database integration coding ● XPath Injection : tries to exploit bad XML processing inside your target service ● Boundary Scan : tries to exploit bad handling of values that are outside of defined ranges ● Invalid Types : tries to exploit handling of invalid input data
  • 48. Security Scans ● Malformed XML : tries to exploit bad handling of invalid XML on your server or in your service. ● Malicious Attachment : tries to exploit bad handling of attached files ● Cross Site Scripting : tries to find cross-site scripting vulnerabilities
  • 49. Add Security Scan ● Once added, double-click a Security Test to see its main configuration and execution window: ● A toolbar with actions related to execution, reports, etc. ● A progress-bar at the top for tracking progress of the Security Test as it executes.
  • 50. Add Security Scan (Continue) ● A toolbar and list of the TestSteps in the underlying TestCase, with additional information. on execution progress and configured Security Scans for each TestStep. ● a number of log tabs for viewing results from the execution of the Security Test.
  • 52. Add Security Scan ● Add a Security Scan to a TestStep in your Security Tests either with the “Add SecurityScan” button or the corresponding TestStep right-click menu option in the Security Test window. ● You will first be prompted for which type of Security Scan to add (differs based on the underlying TestStep) and then open the corresponding Security Scan configuration window:
  • 54. Security Scan Parameters ● Most Security Scans require you define which content of the underlying request you want to use as placeholders for the corresponding scan, for example for a Rest request you might have a message as follows: ● When performing for example a SQL Injection scan with this request, you would want to send the malicious SQL statements in OS, User Id, Deal Id and version fields, which would require you to define these four as parameters in the table.
  • 55. Adding New Security Parameters
  • 56. Adding New Security Parameters Here you need to specify the following: ● The underlying Test Property that contains the parameter value (for example Request for Rest requests). ● A unique label for the parameter. ● An optional XPath statement specifying where in the Test Property value to find the parameter.
  • 58. Add Assertions ● The top of the dialog usually contains a table for defining which parameters in the request to use for test testing (see below). ● In the middle there is an area for Security Scan specific configuration components (not used in the above screenshot).
  • 59. Add Assertions At the bottom there are a number of tabs for further configuration: ● Assertions : the assertions used to validate and check the response for any signs of a successful security exploit ● Strategy : settings related to how multiple parameters should be permutated against each other (see below) ● Advanced : settings specific for the Security Scan (if applicable)
  • 60. Security Scan Assertions ● Assertions are used to assess if the responses for the Security Scan requests contain some kind of content that indicates if the target system has a corresponding vulnerability. ● All the standard assertions are available, but also a number of new ones have been added specifically for this purpose.
  • 61. Security Scan Assertions ● Invalid HTTP Codes : Allows you to specify a comma- separated list of HTTP status codes that should not be returned by the target service. e.g 500, 404, 403. ● Valid HTTP Codes : Allows you to specify a comma- separated list of HTTP status codes that should be returned. e.g 200, 201, 202
  • 63. Security Scan Assertions ● System Information Exposure : Checks the response for content that reveals system information which could be used by hackers to further exploit any existing vulnerabilities, for example if the response gives away which database version that is being used (in an error message), hackers could use this information to try to exploit known security issues with that database.
  • 64. Execution ● When a Security Scan is run as part of the containing Security Test, it sends the different mutation requests as configured, mutating the defined parameters for each request. ● The Security Log shows specifically which values were sent for each parameter and request, together with any assertion failures: