Vordel SOAPbox for analyzing Webservices Security

SOAPbox is a Web services testing tool, which supports both SOAP-based and REST-based invocation modes. It shares some of its architecture with the Vordel XML Gateway, especially for security features or policy creation.

Using SOAPbox, you can:

  • Test Web services residing in your internal network, or provided from the Web, or in a cloud environment. SOAP-style and REST-style services and SOAP attachments are supported.
  • Test Web services that require encrypted input.
  • Test Web services that perform digital signatures validation.
  • Test Web services that require authentication using security tokens such as WS-Security, SAML or Kerberos tokens, simple HTTP basic authentication, or mutual SSL authentication.

SOAPbox also enables you to create test suites, composed of one or multiple test cases.
Finally, you can use SOAPbox to execute stress tests. SOAPboxConsole is a headless version of SOAPbox, which you can use to run test cases and test suites from the command line.
Stress tests are also available on the command line using the SOAPbox SR companion tool.

GIF - 1.3 kb

Features

- Security Testing:

Vordel SOAPbox includes a set of attack vectors which are used to probe for vulnerabilities in Web Services. The security vulnerabilities detected by SOAPbox are then blocked by Vordel XML Gateway.

  • Run standard attack vectors for penetration testing
  • Simple Graphical Keystore
  • Add or Remove Security Tokens
  • Kerberos & SSL support
  • SOAP Attachment
  • Test Federated Identity deployments

- Performance Testing:

Vordel SOAPbox ensures that services meet throughput, latency and availability performance criteria. Checking that Service Level Agreements are maintained under all of these conditions is the only way to ensure that applications will work as expected.

  • Simulate messages per second, message size, message complexity and the load on other services
  • Automated Performance Testing
  • Traffic simulation to test your application infrastructure
  • Sample SOAP messages
  • Automated Regression Testing
  • Automated Stress Testing
  • Test Suite Generation based on WSDL

- Integration Testing:

In an integration environment, it is natural that "protocol mixing" occurs between SOAP, lightweight REST services, and message queues. SOAPbox is used to test all parts of the integration environment, and is not limited to Web Services only.

  • Advanced Web Services standards used by AXIS, Metro and .NET Framework supported
  • Test Federated Identity deployments
  • Multiple transport protocols supported
  • Generate SAML requests to Test Federated Identity deployments
  • Place a digitally signed message onto a JMS queue
  • Simulate a browser connecting to an SSL-enabled web server
  • create Kerberos tickets used for integration with Microsoft Active Directory.

More information about Web services testing and security analyzing

Post scriptum

Compliance Mandates

  • Application Scanner :

    PCI/DSS 6.3, SOX A12.4, GLBA 16 CFR 314.4(b) and (2), HIPAA 164.308(a)(1)(i), FISMA RA-5, SA-11, SI-2, ISO 27001/27002 12.6, 15.2.2


Comments

Related Articles

Application Scanner
Configurations checks
Connectivity
SOAPbox