Web Service Security Testing

Since Web services and SOAP protocol had become extremely popular in enterprises that pursue service oriented architecture as their major software development platfrom, Credelius has created a soap-sec tool that can be used for testing security controls defined by WS-Security standards.

The tool allows sending single or multiple SOAP messges to a web service using a convinient GUI and observe the results of execution in an output window. Messages can be sent sequentially or concurrently; XML paylod can be created mannually or generated automatically from formal interface definition defined by a WSDL.

When multiple messages are sent to a web service, soap-sec can be used to generate a report with common metrcics (e.g. average/min/max response time, number of processed messages, etc). The tool has been used in big SOA workshop to troubleshhot web services and test implemented security controls.