SlideShare a Scribd company logo

Web Services and Introduction of SOAPUI

Download as PPTX, PDF
Dinesh Kaushik
Dinesh Kaushik

This document provides an introduction to web services and the API testing tool SoapUI. It discusses what web services are, their components like XML, SOAP, WSDL and UDDI. It describes the architecture of web services including roles like service provider, requester and registry. It explains operations like publish, find and bind. It then introduces SoapUI for testing web services, covering its project structure of test suites, cases and steps. It provides details on creating a project, adding tests, assertions and response time verification. It also briefly mentions the pro version and using SoapUI for security testing through security scans and assertions.

Technology
1 of 67
Web Services and Introduction of SOAPUI Dinesh kaushik +91- 9555927575
Discussion Points ● What are web services? ● Component of web services ● Architecture ● Operations in web service architecture ● Diagram of web service architecture ● Types of web services ● What is SoapUI ● SoapUI test structure
Discussion Points(Continued..) ● Creating a new SOAP project ● Adding a TestSuite ● Adding a Test ● Assertion ● SoapUI Pro
What are web services ● Web services are the method of communication between the systems over a network. ● This communication is done over http platform. ● XML is used to encode all communication in form of XML message. ● It is not tied to any particular Operating system or any programming language.
Components of web services All standard web services uses the following components. 1. XML 2. SOAP 3. WSDL 4. UDDI
SOAP ● Its stand for Simple Object Access Protocol ● It is an XML based protocol for exchanging the information between the computers. ● It can extend extends HTTP for XML messaging. ● It is an XML way of defining what information gets sent. ● It is platform and language independent.
WSDL ● It stands for Web Service Description Language. ● It is a standard format for describing the web services. ● Its definition describe how to access a web service and what operation it will perform. ● It was developed jointly by microsoft and IBM.
UDDI ● It stands for Universal Description,Discovery and Integration ● It is an XML standard for describing,finding and publishing the web services. ● It communicate via SOAP,CORBA and Java RMI protocol. ● It is platform independent and open framework.
Architecture There are three major roles with in web service architecture. ● Service Provider : It implements the service and make it available on internet.
● Service Requester : It utilizes existing web service by opening a network connection and sending an XML request. ● Service registry : It is a central place where developers can publish new services or find the existing one.
Operations in web service architecture There are three major types of operations performed in web service architecture. ● Publish : A service description needs to be published so that a service requester can find it.
● Find : In this operation,service requester retrieves a service description directly or queries the service registry for the type of service required. ● Bind : In this operation,a service requestor use the binding detail to invoke the service.
Diagram of web service architecture
Type Web Services ● XML-RPC ● SOAP ● REST
What is SoapUI ● SoapUI is a API testing tool which is free and open source cross-platform for Functional Testing solution. ● SoapUI provides complete test coverage and supports all the standard protocols and technologies. ● SoapUI allows you to easily and rapidly create and execute automated functional, load tests and security testing.
SoapUI Test structure It structures functional tests into three level. ● Test Suites ● Test Cases ● Test Steps
Test Suite ● It is a collection of test cases that can be used for grouping functional tests into logical units ● We can create any number of test suites inside the soapUI project.
Test Case ● It is a collection of test steps that are assembled to test some specific aspect of your service. ● We can add any number of test cases to a containing test suite. ● We can even modularize them to call each other for complex test scenarios.
Test Steps ● These are “building blocks” of functional tests in soapUI. ● They are added to a Test Case and used to control the flow of execution. ● Validate the functionality of service to be tested.
Creating a new SoapUI project ● Start SoapUI ● Click on “File” ● Click on “New Soap Project”. ● Add Project Name and URL ● Select the checkbox option ● Click on “OK”
New SOAP Project window
Adding a TestSuite ● Right click on the name of interface ● Click on “Generate TestSuite”. ● A dialog box will show up where you can customize the generation
Adding a Test ● Expand the tree until the test steps have been unfolded. ● Double click on the test step. A sample request should appear in the request editor.
Assertion ● It gives an indication that your test case has been passed or failed. ● If we add at least one assertion,it will warn us about the problem which failed our test case.
Adding an assertion ● Click on the label “Assertions” at the bottom of the request editor. ● This will expand the assertions editor. It is empty. ● Click on the small +-sign at the top of the assertions editor. ● Select “Property Content assertions.” The first one in the list is a Contains assertion.
● Let’s use that one. Click on the “Contains” box ● Click on “Add” to add it to the test case.
Verify a range We need the assertion “Range” when value is expected to change then we need a test that can handle a range instead of fix value.
Steps to add range ● Click on the label “Assertions” at the bottom of the request editor. ● Click on the small +-sign at the top of the assertions editor. ● Select “Property Content.” ● Select “XPath match” and click “Add.”
● Click “Declare” in the XPath editor, SoapUI declared two namespaces for you. They can be called anything. The two namespaces that were declared are called soap and ns1. ● Rename ns1 to something more descriptive. ● The next step is to add an XPath3 expression that will search for the element that contains the conversion rate. //Web:ConversionRateResult
Verify response time Verifying the response time is often important. A slow API is a problem waiting to emerge. Customers will probably start to complain when you have a lot of traffic and they don’t get their response quickly enough.
Steps to add response time ● Add a new assertion. ● Select “SLA” and “Response SLA.” ● Add it. ● Specify the desired response time. ● Click on “OK”
SOAP UI Pro It comes with several time saving features aimed at making your testing faster and testing life easier. ● Test Debugging ● Multi Environment Support ● Data Driven ● Reporting
Security Testing with SOAP UI
Discussion Points ● What is Security Testing ● Purpose of Security Testing ● Security Test in SOAPUI ● Security Scans ● Add Security Scan ● Add New Security Parameters ● Assertions ● Execution
What is Security Testing? ● Testing how well the system protects against unauthorized internal or external access. ● To check whether there is any information leakage. ● Non-functional testing
Purpose of Security Testing The purpose of the security test is to discover the vulnerabilities of the application so that the developers can then remove these vulnerabilities from the application and make application and data safe from unauthorized actions.
What is a Security Test in SOAPUI ● A Security Test is used in soapUI to scan your target services for common security vulnerabilities, like for example SQL Injections and XML Bombs. ● Security Tests are layered “on top” of an existing TestCase to which it then applies a configurable number of “Security Scans” which perform the actual vulnerability scanning and detection.
In the main navigator Security Tests are visible under a corresponding “Security Tests” node under the containing TestCase:
Security Scans ● SQL Injection : tries to exploit bad database integration coding ● XPath Injection : tries to exploit bad XML processing inside your target service ● Boundary Scan : tries to exploit bad handling of values that are outside of defined ranges ● Invalid Types : tries to exploit handling of invalid input data
Security Scans ● Malformed XML : tries to exploit bad handling of invalid XML on your server or in your service. ● Malicious Attachment : tries to exploit bad handling of attached files ● Cross Site Scripting : tries to find cross-site scripting vulnerabilities
Add Security Scan ● Once added, double-click a Security Test to see its main configuration and execution window: ● A toolbar with actions related to execution, reports, etc. ● A progress-bar at the top for tracking progress of the Security Test as it executes.
Add Security Scan (Continue) ● A toolbar and list of the TestSteps in the underlying TestCase, with additional information. on execution progress and configured Security Scans for each TestStep. ● a number of log tabs for viewing results from the execution of the Security Test.
Add Security Scan
Add Security Scan ● Add a Security Scan to a TestStep in your Security Tests either with the “Add SecurityScan” button or the corresponding TestStep right-click menu option in the Security Test window. ● You will first be prompted for which type of Security Scan to add (differs based on the underlying TestStep) and then open the corresponding Security Scan configuration window:
Add Security Scan
Security Scan Parameters ● Most Security Scans require you define which content of the underlying request you want to use as placeholders for the corresponding scan, for example for a Rest request you might have a message as follows: ● When performing for example a SQL Injection scan with this request, you would want to send the malicious SQL statements in OS, User Id, Deal Id and version fields, which would require you to define these four as parameters in the table.
Adding New Security Parameters
Adding New Security Parameters Here you need to specify the following: ● The underlying Test Property that contains the parameter value (for example Request for Rest requests). ● A unique label for the parameter. ● An optional XPath statement specifying where in the Test Property value to find the parameter.
Add Assertions
Add Assertions ● The top of the dialog usually contains a table for defining which parameters in the request to use for test testing (see below). ● In the middle there is an area for Security Scan specific configuration components (not used in the above screenshot).
Add Assertions At the bottom there are a number of tabs for further configuration: ● Assertions : the assertions used to validate and check the response for any signs of a successful security exploit ● Strategy : settings related to how multiple parameters should be permutated against each other (see below) ● Advanced : settings specific for the Security Scan (if applicable)
Security Scan Assertions ● Assertions are used to assess if the responses for the Security Scan requests contain some kind of content that indicates if the target system has a corresponding vulnerability. ● All the standard assertions are available, but also a number of new ones have been added specifically for this purpose.
Security Scan Assertions ● Invalid HTTP Codes : Allows you to specify a comma- separated list of HTTP status codes that should not be returned by the target service. e.g 500, 404, 403. ● Valid HTTP Codes : Allows you to specify a comma- separated list of HTTP status codes that should be returned. e.g 200, 201, 202
Invalid HTTP Codes
Security Scan Assertions ● System Information Exposure : Checks the response for content that reveals system information which could be used by hackers to further exploit any existing vulnerabilities, for example if the response gives away which database version that is being used (in an error message), hackers could use this information to try to exploit known security issues with that database.
Execution ● When a Security Scan is run as part of the containing Security Test, it sends the different mutation requests as configured, mutating the defined parameters for each request. ● The Security Log shows specifically which values were sent for each parameter and request, together with any assertion failures:
Execution
Any Questions
Thanks

Recommended

Ppt of soap ui
Ppt of soap uiPpt of soap ui
Ppt of soap uipkslide28
 
Learn SoapUI
Learn SoapUILearn SoapUI
Learn SoapUIDavid Ionut
 
Soap ui
Soap uiSoap ui
Soap uiEPAM_Dnipropetrovsk_Testing_Community
 
Web Services Automated Testing via SoapUI Tool
Web Services Automated Testing via SoapUI ToolWeb Services Automated Testing via SoapUI Tool
Web Services Automated Testing via SoapUI ToolSperasoft
 
Presentation for soap ui
Presentation for soap uiPresentation for soap ui
Presentation for soap uiAnjali Rao
 
How to Automate API Testing
How to Automate API TestingHow to Automate API Testing
How to Automate API TestingBruno Pedro
 
Test your microservices with REST-Assured
Test your microservices with REST-AssuredTest your microservices with REST-Assured
Test your microservices with REST-AssuredMichel Schudel
 
API Testing Using REST Assured with TestNG
API Testing Using REST Assured with TestNGAPI Testing Using REST Assured with TestNG
API Testing Using REST Assured with TestNGSiddharth Sharma
 

Recommended

Ppt of soap ui
Ppt of soap uiPpt of soap ui
Ppt of soap uipkslide28
 
Learn SoapUI
Learn SoapUILearn SoapUI
Learn SoapUIDavid Ionut
 
Soap ui
Soap uiSoap ui
Soap uiEPAM_Dnipropetrovsk_Testing_Community
 
Web Services Automated Testing via SoapUI Tool
Web Services Automated Testing via SoapUI ToolWeb Services Automated Testing via SoapUI Tool
Web Services Automated Testing via SoapUI ToolSperasoft
 
Presentation for soap ui
Presentation for soap uiPresentation for soap ui
Presentation for soap uiAnjali Rao
 
How to Automate API Testing
How to Automate API TestingHow to Automate API Testing
How to Automate API TestingBruno Pedro
 
Test your microservices with REST-Assured
Test your microservices with REST-AssuredTest your microservices with REST-Assured
Test your microservices with REST-AssuredMichel Schudel
 
API Testing Using REST Assured with TestNG
API Testing Using REST Assured with TestNGAPI Testing Using REST Assured with TestNG
API Testing Using REST Assured with TestNGSiddharth Sharma
 
Testing soap UI
Testing soap UITesting soap UI
Testing soap UIRazia Sultana
 
Deep dive into SoapUI
Deep dive into SoapUIDeep dive into SoapUI
Deep dive into SoapUIAndrey Oleynik
 
Introduction to Selenium Web Driver
Introduction to Selenium Web DriverIntroduction to Selenium Web Driver
Introduction to Selenium Web DriverReturn on Intelligence
 
API Test Automation
API Test Automation API Test Automation
API Test Automation SQALab
 
API Testing
API TestingAPI Testing
API TestingBikash Sharma
 
B4USolution_API-Testing
B4USolution_API-TestingB4USolution_API-Testing
B4USolution_API-Testingb4usolution .
 
RESTful API Testing using Postman, Newman, and Jenkins
RESTful API Testing using Postman, Newman, and JenkinsRESTful API Testing using Postman, Newman, and Jenkins
RESTful API Testing using Postman, Newman, and JenkinsQASymphony
 
An Introduction To Automated API Testing
An Introduction To Automated API TestingAn Introduction To Automated API Testing
An Introduction To Automated API TestingSauce Labs
 
Postman. From simple API test to end to end scenario
Postman. From simple API test to end to end scenarioPostman. From simple API test to end to end scenario
Postman. From simple API test to end to end scenarioHYS Enterprise
 
Postman.ppt
Postman.pptPostman.ppt
Postman.pptParrotBAD
 
Test Automation and Selenium
Test Automation and SeleniumTest Automation and Selenium
Test Automation and SeleniumKarapet Sarkisyan
 
POSTMAN.pptx
POSTMAN.pptxPOSTMAN.pptx
POSTMAN.pptxRamaKrishna970827
 
API Testing for everyone.pptx
API Testing for everyone.pptxAPI Testing for everyone.pptx
API Testing for everyone.pptxPricilla Bilavendran
 
Test automation using selenium
Test automation using seleniumTest automation using selenium
Test automation using seleniumCynoteck Technology Solutions Private Limited
 
Test Design and Automation for REST API
Test Design and Automation for REST APITest Design and Automation for REST API
Test Design and Automation for REST APIIvan Katunou
 
4 Major Advantages of API Testing
4 Major Advantages of API Testing4 Major Advantages of API Testing
4 Major Advantages of API TestingQASource
 
Automation - web testing with selenium
Automation - web testing with seleniumAutomation - web testing with selenium
Automation - web testing with seleniumTzirla Rozental
 
Postman
PostmanPostman
PostmanIgor Shubovych
 
API Testing. Streamline your testing process.
API Testing. Streamline your testing process.API Testing. Streamline your testing process.
API Testing. Streamline your testing process.Andrey Oleynik
 
SOAP-UI The Web service Testing
SOAP-UI The Web service TestingSOAP-UI The Web service Testing
SOAP-UI The Web service TestingGanesh Mandala
 
Introduction to SoapUI day 1
Introduction to SoapUI day 1Introduction to SoapUI day 1
Introduction to SoapUI day 1Qualitest
 
SOAPUI Test Design & Utilities
SOAPUI Test Design & UtilitiesSOAPUI Test Design & Utilities
SOAPUI Test Design & UtilitiesAkshay Sharma
 

More Related Content

What's hot

API Test Automation
API Test Automation API Test Automation
API Test Automation SQALab
 
B4USolution_API-Testing
B4USolution_API-TestingB4USolution_API-Testing
B4USolution_API-Testingb4usolution .
 
RESTful API Testing using Postman, Newman, and Jenkins
RESTful API Testing using Postman, Newman, and JenkinsRESTful API Testing using Postman, Newman, and Jenkins
RESTful API Testing using Postman, Newman, and JenkinsQASymphony
 
An Introduction To Automated API Testing
An Introduction To Automated API TestingAn Introduction To Automated API Testing
An Introduction To Automated API TestingSauce Labs
 
Postman. From simple API test to end to end scenario
Postman. From simple API test to end to end scenarioPostman. From simple API test to end to end scenario
Postman. From simple API test to end to end scenarioHYS Enterprise
 
Test Automation and Selenium
Test Automation and SeleniumTest Automation and Selenium
Test Automation and SeleniumKarapet Sarkisyan
 
Test Design and Automation for REST API
Test Design and Automation for REST APITest Design and Automation for REST API
Test Design and Automation for REST APIIvan Katunou
 
4 Major Advantages of API Testing
4 Major Advantages of API Testing4 Major Advantages of API Testing
4 Major Advantages of API TestingQASource
 
Automation - web testing with selenium
Automation - web testing with seleniumAutomation - web testing with selenium
Automation - web testing with seleniumTzirla Rozental
 
API Testing. Streamline your testing process.
API Testing. Streamline your testing process.API Testing. Streamline your testing process.
API Testing. Streamline your testing process.Andrey Oleynik
 
SOAP-UI The Web service Testing
SOAP-UI The Web service TestingSOAP-UI The Web service Testing
SOAP-UI The Web service TestingGanesh Mandala
 

What's hot (20)

Testing soap UI
Testing soap UITesting soap UI
Testing soap UI
 
Deep dive into SoapUI
Deep dive into SoapUIDeep dive into SoapUI
Deep dive into SoapUI
 
Introduction to Selenium Web Driver
Introduction to Selenium Web DriverIntroduction to Selenium Web Driver
Introduction to Selenium Web Driver
 
API Test Automation
API Test Automation API Test Automation
API Test Automation
 
API Testing
API TestingAPI Testing
API Testing
 
B4USolution_API-Testing
B4USolution_API-TestingB4USolution_API-Testing
B4USolution_API-Testing
 
RESTful API Testing using Postman, Newman, and Jenkins
RESTful API Testing using Postman, Newman, and JenkinsRESTful API Testing using Postman, Newman, and Jenkins
RESTful API Testing using Postman, Newman, and Jenkins
 
An Introduction To Automated API Testing
An Introduction To Automated API TestingAn Introduction To Automated API Testing
An Introduction To Automated API Testing
 
Postman. From simple API test to end to end scenario
Postman. From simple API test to end to end scenarioPostman. From simple API test to end to end scenario
Postman. From simple API test to end to end scenario
 
Postman.ppt
Postman.pptPostman.ppt
Postman.ppt
 
Test Automation and Selenium
Test Automation and SeleniumTest Automation and Selenium
Test Automation and Selenium
 
POSTMAN.pptx
POSTMAN.pptxPOSTMAN.pptx
POSTMAN.pptx
 
API Testing for everyone.pptx
API Testing for everyone.pptxAPI Testing for everyone.pptx
API Testing for everyone.pptx
 
Test automation using selenium
Test automation using seleniumTest automation using selenium
Test automation using selenium
 
Test Design and Automation for REST API
Test Design and Automation for REST APITest Design and Automation for REST API
Test Design and Automation for REST API
 
4 Major Advantages of API Testing
4 Major Advantages of API Testing4 Major Advantages of API Testing
4 Major Advantages of API Testing
 
Automation - web testing with selenium
Automation - web testing with seleniumAutomation - web testing with selenium
Automation - web testing with selenium
 
Postman
PostmanPostman
Postman
 
API Testing. Streamline your testing process.
API Testing. Streamline your testing process.API Testing. Streamline your testing process.
API Testing. Streamline your testing process.
 
SOAP-UI The Web service Testing
SOAP-UI The Web service TestingSOAP-UI The Web service Testing
SOAP-UI The Web service Testing
 

Viewers also liked

Introduction to SoapUI day 1
Introduction to SoapUI day 1Introduction to SoapUI day 1
Introduction to SoapUI day 1Qualitest
 
SOAPUI Test Design & Utilities
SOAPUI Test Design & UtilitiesSOAPUI Test Design & Utilities
SOAPUI Test Design & UtilitiesAkshay Sharma
 
SoapUI Pro Plugin Workshop #SoapUIPlugins
SoapUI Pro Plugin Workshop #SoapUIPluginsSoapUI Pro Plugin Workshop #SoapUIPlugins
SoapUI Pro Plugin Workshop #SoapUIPluginsSmartBear
 
Introduction to SoapUI day 3
Introduction to SoapUI day 3Introduction to SoapUI day 3
Introduction to SoapUI day 3Qualitest
 
Design First API's with RAML and SoapUI
Design First API's with RAML and SoapUIDesign First API's with RAML and SoapUI
Design First API's with RAML and SoapUIDaniel Feist
 
Webservices testing using SoapUI
Webservices testing using SoapUIWebservices testing using SoapUI
Webservices testing using SoapUITesting World
 
Testing web services
Testing web servicesTesting web services
Testing web servicesTaras Lytvyn
 
Testing Agile Web Services from soapUI
Testing Agile Web Services from soapUITesting Agile Web Services from soapUI
Testing Agile Web Services from soapUIPLM Mechanic .
 

Viewers also liked (9)

Introduction to SoapUI day 1
Introduction to SoapUI day 1Introduction to SoapUI day 1
Introduction to SoapUI day 1
 
SOAPUI Test Design & Utilities
SOAPUI Test Design & UtilitiesSOAPUI Test Design & Utilities
SOAPUI Test Design & Utilities
 
SoapUI Pro Plugin Workshop #SoapUIPlugins
SoapUI Pro Plugin Workshop #SoapUIPluginsSoapUI Pro Plugin Workshop #SoapUIPlugins
SoapUI Pro Plugin Workshop #SoapUIPlugins
 
Testing soapui
Testing soapuiTesting soapui
Testing soapui
 
Introduction to SoapUI day 3
Introduction to SoapUI day 3Introduction to SoapUI day 3
Introduction to SoapUI day 3
 
Design First API's with RAML and SoapUI
Design First API's with RAML and SoapUIDesign First API's with RAML and SoapUI
Design First API's with RAML and SoapUI
 
Webservices testing using SoapUI
Webservices testing using SoapUIWebservices testing using SoapUI
Webservices testing using SoapUI
 
Testing web services
Testing web servicesTesting web services
Testing web services
 
Testing Agile Web Services from soapUI
Testing Agile Web Services from soapUITesting Agile Web Services from soapUI
Testing Agile Web Services from soapUI
 

Similar to Web Services and Introduction of SOAPUI

Web services testing
Web services testingWeb services testing
Web services testingrammikn
 
Getting started with_testcomplete
Getting started with_testcompleteGetting started with_testcomplete
Getting started with_testcompleteankit.das
 
Cloud-based Test Microservices JavaOne 2014
Cloud-based Test Microservices JavaOne 2014Cloud-based Test Microservices JavaOne 2014
Cloud-based Test Microservices JavaOne 2014Shelley Lambert
 
API Testing following the Test Pyramid
API Testing following the Test PyramidAPI Testing following the Test Pyramid
API Testing following the Test PyramidElias Nogueira
 
POST/CON 2019 Workshop: Testing, Automated Testing, and Reporting APIs with P...
POST/CON 2019 Workshop: Testing, Automated Testing, and Reporting APIs with P...POST/CON 2019 Workshop: Testing, Automated Testing, and Reporting APIs with P...
POST/CON 2019 Workshop: Testing, Automated Testing, and Reporting APIs with P...Postman
 
Laravel Load Testing: Strategies and Tools
Laravel Load Testing: Strategies and ToolsLaravel Load Testing: Strategies and Tools
Laravel Load Testing: Strategies and ToolsMuhammad Shehata
 
LoadUI web performance testing tool
LoadUI web performance testing toolLoadUI web performance testing tool
LoadUI web performance testing toolMilind Rupchandani
 
Load ui web Load Testing Open source Performance Testing tool Learn Load UI W...
Load ui web Load Testing Open source Performance Testing tool Learn Load UI W...Load ui web Load Testing Open source Performance Testing tool Learn Load UI W...
Load ui web Load Testing Open source Performance Testing tool Learn Load UI W...Vishal Parekh
 
Webapp Automation Testing of performance marketing and media platform
Webapp Automation Testing of performance marketing and media platformWebapp Automation Testing of performance marketing and media platform
Webapp Automation Testing of performance marketing and media platformKnoldus Inc.
 
Slides for Automation Testing or End to End testing
Slides for Automation Testing or End to End testingSlides for Automation Testing or End to End testing
Slides for Automation Testing or End to End testingSwapnilNarayan
 
Testing Frameworks
Testing FrameworksTesting Frameworks
Testing FrameworksMoataz Nabil
 
Qtp interview questions and answers
Qtp interview questions and answersQtp interview questions and answers
Qtp interview questions and answersRamu Palanki
 
Qtp interview questions and answers
Qtp interview questions and answersQtp interview questions and answers
Qtp interview questions and answersRamu Palanki
 
Netserv Software Testing
Netserv Software TestingNetserv Software Testing
Netserv Software Testingsthicks14
 
Soap ui documentation
Soap ui documentationSoap ui documentation
Soap ui documentationFollower Test
 
Automation Tools Overview
Automation Tools OverviewAutomation Tools Overview
Automation Tools OverviewMurageppa-QA
 

Similar to Web Services and Introduction of SOAPUI (20)

Web services testing
Web services testingWeb services testing
Web services testing
 
Getting started with_testcomplete
Getting started with_testcompleteGetting started with_testcomplete
Getting started with_testcomplete
 
Cloud-based Test Microservices JavaOne 2014
Cloud-based Test Microservices JavaOne 2014Cloud-based Test Microservices JavaOne 2014
Cloud-based Test Microservices JavaOne 2014
 
Test automation
Test automationTest automation
Test automation
 
White paper ready api
White paper ready apiWhite paper ready api
White paper ready api
 
API Testing following the Test Pyramid
API Testing following the Test PyramidAPI Testing following the Test Pyramid
API Testing following the Test Pyramid
 
POST/CON 2019 Workshop: Testing, Automated Testing, and Reporting APIs with P...
POST/CON 2019 Workshop: Testing, Automated Testing, and Reporting APIs with P...POST/CON 2019 Workshop: Testing, Automated Testing, and Reporting APIs with P...
POST/CON 2019 Workshop: Testing, Automated Testing, and Reporting APIs with P...
 
28791456 web-testing
28791456 web-testing28791456 web-testing
28791456 web-testing
 
Testing microservices with rest assured
Testing microservices with rest assuredTesting microservices with rest assured
Testing microservices with rest assured
 
Laravel Load Testing: Strategies and Tools
Laravel Load Testing: Strategies and ToolsLaravel Load Testing: Strategies and Tools
Laravel Load Testing: Strategies and Tools
 
LoadUI web performance testing tool
LoadUI web performance testing toolLoadUI web performance testing tool
LoadUI web performance testing tool
 
Load ui web Load Testing Open source Performance Testing tool Learn Load UI W...
Load ui web Load Testing Open source Performance Testing tool Learn Load UI W...Load ui web Load Testing Open source Performance Testing tool Learn Load UI W...
Load ui web Load Testing Open source Performance Testing tool Learn Load UI W...
 
Webapp Automation Testing of performance marketing and media platform
Webapp Automation Testing of performance marketing and media platformWebapp Automation Testing of performance marketing and media platform
Webapp Automation Testing of performance marketing and media platform
 
Slides for Automation Testing or End to End testing
Slides for Automation Testing or End to End testingSlides for Automation Testing or End to End testing
Slides for Automation Testing or End to End testing
 
Testing Frameworks
Testing FrameworksTesting Frameworks
Testing Frameworks
 
Qtp interview questions and answers
Qtp interview questions and answersQtp interview questions and answers
Qtp interview questions and answers
 
Qtp interview questions and answers
Qtp interview questions and answersQtp interview questions and answers
Qtp interview questions and answers
 
Netserv Software Testing
Netserv Software TestingNetserv Software Testing
Netserv Software Testing
 
Soap ui documentation
Soap ui documentationSoap ui documentation
Soap ui documentation
 
Automation Tools Overview
Automation Tools OverviewAutomation Tools Overview
Automation Tools Overview
 

Recently uploaded

AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 

Recently uploaded (20)

AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 

Web Services and Introduction of SOAPUI

  • 1. Web Services and Introduction of SOAPUI Dinesh kaushik +91- 9555927575
  • 2. Discussion Points ● What are web services? ● Component of web services ● Architecture ● Operations in web service architecture ● Diagram of web service architecture ● Types of web services ● What is SoapUI ● SoapUI test structure
  • 3. Discussion Points(Continued..) ● Creating a new SOAP project ● Adding a TestSuite ● Adding a Test ● Assertion ● SoapUI Pro
  • 4. What are web services ● Web services are the method of communication between the systems over a network. ● This communication is done over http platform. ● XML is used to encode all communication in form of XML message. ● It is not tied to any particular Operating system or any programming language.
  • 5. Components of web services All standard web services uses the following components. 1. XML 2. SOAP 3. WSDL 4. UDDI
  • 6. SOAP ● Its stand for Simple Object Access Protocol ● It is an XML based protocol for exchanging the information between the computers. ● It can extend extends HTTP for XML messaging. ● It is an XML way of defining what information gets sent. ● It is platform and language independent.
  • 7. WSDL ● It stands for Web Service Description Language. ● It is a standard format for describing the web services. ● Its definition describe how to access a web service and what operation it will perform. ● It was developed jointly by microsoft and IBM.
  • 8. UDDI ● It stands for Universal Description,Discovery and Integration ● It is an XML standard for describing,finding and publishing the web services. ● It communicate via SOAP,CORBA and Java RMI protocol. ● It is platform independent and open framework.
  • 9. Architecture There are three major roles with in web service architecture. ● Service Provider : It implements the service and make it available on internet.
  • 10. ● Service Requester : It utilizes existing web service by opening a network connection and sending an XML request. ● Service registry : It is a central place where developers can publish new services or find the existing one.
  • 11. Operations in web service architecture There are three major types of operations performed in web service architecture. ● Publish : A service description needs to be published so that a service requester can find it.
  • 12. ● Find : In this operation,service requester retrieves a service description directly or queries the service registry for the type of service required. ● Bind : In this operation,a service requestor use the binding detail to invoke the service.
  • 13. Diagram of web service architecture
  • 14. Type Web Services ● XML-RPC ● SOAP ● REST
  • 15. What is SoapUI ● SoapUI is a API testing tool which is free and open source cross-platform for Functional Testing solution. ● SoapUI provides complete test coverage and supports all the standard protocols and technologies. ● SoapUI allows you to easily and rapidly create and execute automated functional, load tests and security testing.
  • 16. SoapUI Test structure It structures functional tests into three level. ● Test Suites ● Test Cases ● Test Steps
  • 17. Test Suite ● It is a collection of test cases that can be used for grouping functional tests into logical units ● We can create any number of test suites inside the soapUI project.
  • 18. Test Case ● It is a collection of test steps that are assembled to test some specific aspect of your service. ● We can add any number of test cases to a containing test suite. ● We can even modularize them to call each other for complex test scenarios.
  • 19. Test Steps ● These are “building blocks” of functional tests in soapUI. ● They are added to a Test Case and used to control the flow of execution. ● Validate the functionality of service to be tested.
  • 20. Creating a new SoapUI project ● Start SoapUI ● Click on “File” ● Click on “New Soap Project”. ● Add Project Name and URL ● Select the checkbox option ● Click on “OK”
  • 22.
  • 23. Adding a TestSuite ● Right click on the name of interface ● Click on “Generate TestSuite”. ● A dialog box will show up where you can customize the generation
  • 24.
  • 25. Adding a Test ● Expand the tree until the test steps have been unfolded. ● Double click on the test step. A sample request should appear in the request editor.
  • 26.
  • 27. Assertion ● It gives an indication that your test case has been passed or failed. ● If we add at least one assertion,it will warn us about the problem which failed our test case.
  • 28. Adding an assertion ● Click on the label “Assertions” at the bottom of the request editor. ● This will expand the assertions editor. It is empty. ● Click on the small +-sign at the top of the assertions editor. ● Select “Property Content assertions.” The first one in the list is a Contains assertion.
  • 29. ● Let’s use that one. Click on the “Contains” box ● Click on “Add” to add it to the test case.
  • 30.
  • 31.
  • 32. Verify a range We need the assertion “Range” when value is expected to change then we need a test that can handle a range instead of fix value.
  • 33. Steps to add range ● Click on the label “Assertions” at the bottom of the request editor. ● Click on the small +-sign at the top of the assertions editor. ● Select “Property Content.” ● Select “XPath match” and click “Add.”
  • 34. ● Click “Declare” in the XPath editor, SoapUI declared two namespaces for you. They can be called anything. The two namespaces that were declared are called soap and ns1. ● Rename ns1 to something more descriptive. ● The next step is to add an XPath3 expression that will search for the element that contains the conversion rate. //Web:ConversionRateResult
  • 35.
  • 36. Verify response time Verifying the response time is often important. A slow API is a problem waiting to emerge. Customers will probably start to complain when you have a lot of traffic and they don’t get their response quickly enough.
  • 37. Steps to add response time ● Add a new assertion. ● Select “SLA” and “Response SLA.” ● Add it. ● Specify the desired response time. ● Click on “OK”
  • 38.
  • 39.
  • 40. SOAP UI Pro It comes with several time saving features aimed at making your testing faster and testing life easier. ● Test Debugging ● Multi Environment Support ● Data Driven ● Reporting
  • 42. Discussion Points ● What is Security Testing ● Purpose of Security Testing ● Security Test in SOAPUI ● Security Scans ● Add Security Scan ● Add New Security Parameters ● Assertions ● Execution
  • 43. What is Security Testing? ● Testing how well the system protects against unauthorized internal or external access. ● To check whether there is any information leakage. ● Non-functional testing
  • 44. Purpose of Security Testing The purpose of the security test is to discover the vulnerabilities of the application so that the developers can then remove these vulnerabilities from the application and make application and data safe from unauthorized actions.
  • 45. What is a Security Test in SOAPUI ● A Security Test is used in soapUI to scan your target services for common security vulnerabilities, like for example SQL Injections and XML Bombs. ● Security Tests are layered “on top” of an existing TestCase to which it then applies a configurable number of “Security Scans” which perform the actual vulnerability scanning and detection.
  • 46. In the main navigator Security Tests are visible under a corresponding “Security Tests” node under the containing TestCase:
  • 47. Security Scans ● SQL Injection : tries to exploit bad database integration coding ● XPath Injection : tries to exploit bad XML processing inside your target service ● Boundary Scan : tries to exploit bad handling of values that are outside of defined ranges ● Invalid Types : tries to exploit handling of invalid input data
  • 48. Security Scans ● Malformed XML : tries to exploit bad handling of invalid XML on your server or in your service. ● Malicious Attachment : tries to exploit bad handling of attached files ● Cross Site Scripting : tries to find cross-site scripting vulnerabilities
  • 49. Add Security Scan ● Once added, double-click a Security Test to see its main configuration and execution window: ● A toolbar with actions related to execution, reports, etc. ● A progress-bar at the top for tracking progress of the Security Test as it executes.
  • 50. Add Security Scan (Continue) ● A toolbar and list of the TestSteps in the underlying TestCase, with additional information. on execution progress and configured Security Scans for each TestStep. ● a number of log tabs for viewing results from the execution of the Security Test.
  • 52. Add Security Scan ● Add a Security Scan to a TestStep in your Security Tests either with the “Add SecurityScan” button or the corresponding TestStep right-click menu option in the Security Test window. ● You will first be prompted for which type of Security Scan to add (differs based on the underlying TestStep) and then open the corresponding Security Scan configuration window:
  • 54. Security Scan Parameters ● Most Security Scans require you define which content of the underlying request you want to use as placeholders for the corresponding scan, for example for a Rest request you might have a message as follows: ● When performing for example a SQL Injection scan with this request, you would want to send the malicious SQL statements in OS, User Id, Deal Id and version fields, which would require you to define these four as parameters in the table.
  • 55. Adding New Security Parameters
  • 56. Adding New Security Parameters Here you need to specify the following: ● The underlying Test Property that contains the parameter value (for example Request for Rest requests). ● A unique label for the parameter. ● An optional XPath statement specifying where in the Test Property value to find the parameter.
  • 58. Add Assertions ● The top of the dialog usually contains a table for defining which parameters in the request to use for test testing (see below). ● In the middle there is an area for Security Scan specific configuration components (not used in the above screenshot).
  • 59. Add Assertions At the bottom there are a number of tabs for further configuration: ● Assertions : the assertions used to validate and check the response for any signs of a successful security exploit ● Strategy : settings related to how multiple parameters should be permutated against each other (see below) ● Advanced : settings specific for the Security Scan (if applicable)
  • 60. Security Scan Assertions ● Assertions are used to assess if the responses for the Security Scan requests contain some kind of content that indicates if the target system has a corresponding vulnerability. ● All the standard assertions are available, but also a number of new ones have been added specifically for this purpose.
  • 61. Security Scan Assertions ● Invalid HTTP Codes : Allows you to specify a comma- separated list of HTTP status codes that should not be returned by the target service. e.g 500, 404, 403. ● Valid HTTP Codes : Allows you to specify a comma- separated list of HTTP status codes that should be returned. e.g 200, 201, 202
  • 63. Security Scan Assertions ● System Information Exposure : Checks the response for content that reveals system information which could be used by hackers to further exploit any existing vulnerabilities, for example if the response gives away which database version that is being used (in an error message), hackers could use this information to try to exploit known security issues with that database.
  • 64. Execution ● When a Security Scan is run as part of the containing Security Test, it sends the different mutation requests as configured, mutating the defined parameters for each request. ● The Security Log shows specifically which values were sent for each parameter and request, together with any assertion failures: