SOA Testing: An
Approach to Test
the Security Aspects
of SOA based
Application


Presenter’s: Jaipal & Uday
Date:4-Nov-09
SOA and its Industry acceptance


                                                         SOA is becoming the most sought...
Challenges in Securing SOA environment




3| SOA Testing             Testing Security Aspects of SOA Based
              ...
Security Infrastructure in SOA implementation
                          Message Layer Security

                          ...
WS-Security Standards and Open Source tools

      Various Security Standards which the Web Services adhere too are
     ...
Web Services Security standards usage in a Scenario




6| SOA Testing                 Testing Security Aspects of SOA Bas...
Proposed Solution




7| SOA Testing   Testing Security Aspects of SOA Based
                               Application
Solution Phase 1 – Test Assertion Document
                                      Identify Security Specifications


      ...
Solution Phase 2 – Capture SOAP Messages


     •     Services communicate using
           SOAP Protocol

     •     SOAP...
Solution Phase 3 – Test Result Report


   •    Develop code to compare XML
        documents (similar to DOM or SAX
     ...
Conclusion




Maximized ROI : Streamlined Testing
approach brought in by very few
changes in the testing lifecycle

Incre...
Thank you
12| SOA Testing    Testing Security Aspects of SOA Based
                                 Application
Upcoming SlideShare
Loading in …5
×

Soa Security Testing

1,898 views

Published on

SOA Testing: An
Approach to Test
the Security Aspects
of SOA based
Application

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,898
On SlideShare
0
From Embeds
0
Number of Embeds
19
Actions
Shares
0
Downloads
55
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Soa Security Testing

  1. 1. SOA Testing: An Approach to Test the Security Aspects of SOA based Application Presenter’s: Jaipal & Uday Date:4-Nov-09
  2. 2. SOA and its Industry acceptance SOA is becoming the most sought after solution for any new Enterprise Architecture Design and its steady growth in acceptance is re-affirmed by Gartner’s Hype Cycle. SOA and Enterprise Architecture have a common goal of Aligning Business and IT objectives 2| SOA Testing Testing Security Aspects of SOA Based Application
  3. 3. Challenges in Securing SOA environment 3| SOA Testing Testing Security Aspects of SOA Based Application
  4. 4. Security Infrastructure in SOA implementation Message Layer Security Transport Layer Web Service 1 Security Security W Specification E B Web Service 2 S Security E Specification R Client Application V E R Web Service 3 Security Specification • Security Specifications are  WS-Security  WS-Secure Conversation  WS-Trust External -  WS-Federation Security Token Service  WS-Security Policy 4| SOA Testing Testing Security Aspects of SOA Based Application
  5. 5. WS-Security Standards and Open Source tools Various Security Standards which the Web Services adhere too are SAML, WS-Security, XML-Encryption, WS-SecureConversation, WS-Trust, WS-SecurityPolicy and WS-Federation SAML WS-Security XML- XML- WS- WS-Trust WS- WS- Encryption Signature SecureConver SecurityPolicy Federation sation SOAP UI Push To Test Web-Inject WS-I Tools 5| SOA Testing Testing Security Aspects of SOA Based Application
  6. 6. Web Services Security standards usage in a Scenario 6| SOA Testing Testing Security Aspects of SOA Based Application
  7. 7. Proposed Solution 7| SOA Testing Testing Security Aspects of SOA Based Application
  8. 8. Solution Phase 1 – Test Assertion Document Identify Security Specifications WS-SECURE WS-SECURE SAML WS-SECURITY WS-TRUST CONVERSATION POLICY Element/Attribute Name Description Required/Optional/Recommended Test Assertion Document Table <<optional>> Test Assertion XML Document 8| SOA Testing Testing Security Aspects of SOA Based Application
  9. 9. Solution Phase 2 – Capture SOAP Messages • Services communicate using SOAP Protocol • SOAP message contains the security information • Develop SOAP Monitor tool to capture request and response of services Ex: 1) Request initiated for a web service 2) Services establish Security Tokens with Security Context information 3) Data is exchanged after the Security Token is verified 9| SOA Testing Testing Security Aspects of SOA Based Application
  10. 10. Solution Phase 3 – Test Result Report • Develop code to compare XML documents (similar to DOM or SAX parsers in Java) • Compare SOAP header with TAD: TAD/XML done by the code developed to compare XML documents • Generate the Test Result Report Test Req& Resp XML containing the status and descriptions Test Result Report Format Comparison Status True Pass – Provide the description given in the <assertionDesription> element of TAD False Fail - Provide the description given in the <failureMessage> and <failureDetailDescription> elements of TAD Test Result Report 10| SOA Testing Testing Security Aspects of SOA Based Application
  11. 11. Conclusion Maximized ROI : Streamlined Testing approach brought in by very few changes in the testing lifecycle Increased Agility: Customizable at any stage and applicable in any complicated Enterprise Application Architecture Reduced IT investment: Vendor Reusable and audit ready artifacts are created independent procedure implementable which are alive throughout the Testing lifecycle with very little training imparted to the thus enabling better understanding of the system existing team. limitations 11| SOA Testing Testing Security Aspects of SOA Based Application
  12. 12. Thank you 12| SOA Testing Testing Security Aspects of SOA Based Application

×