Penetration testing is critical to uncover security holes in your application. With Parasoft SOAtest, you can efficiently take your existing API and web UI functional testing scenarios and automatically create security tests, adding penetration testing into your automated CI process.
Parasoft SOAtest helps teams prevent security vulnerabilities through API penetration testing and execution of complex authentication, encryption, and access control test scenarios. By leveraging already-existing functional tests for security scenarios, teams can approach security testing earlier, and address critical security defects before they are buried deep in the release.
There are specific areas of your application that you want to attack but they are buried under multiple web or API steps. With SOAtest, you can define the steps needed to get your application in the the state where it could be penetrated and then launch your attack.
Using Parasoft’s Burp Suite extensions, users can use existing SOAtest REST API and browser test scenarios to run penetration tests against the endpoints accessed by the API and browser tests. The ability to re-use scenarios saves users critical time in setting up test scenarios.
Security tests can be run as part of an automated CI process through the command line or through integration with CI systems like Jenkins, TeamCity, Bamboo, and VSTS. Most testing tools make penetration testing a process that must be initiated manually, while integration with SOAtest makes it possible to turn penetration tests into regression tests. This automation allows teams to discover vulnerabilities as soon as they are injected into the application – otherwise vulnerabilities may not be discovered until much later.
With Parasoft, you can make penetration testing easier and more effective with automation. If stuck doing penetration testing at the end of the development cycle with specialized tools or manually, testers will expose security holes late, when the issues are too costly or too complex to fix. Parasoft enables penetration test scenarios to be automated and seamlessly run as part of a CI process, so teams can catch problems sooner, when they can more realistically be resolved.
With Parasoft, you can collect code coverage as penetration tests are run, and aggregate that data with the overall code coverage data collected by all testing practices, such as unit and functional tests, in Parasoft’s centralized reporting server. Aggregating this data together allows for sophisticated analytics and reporting.
Security testing failures can be reported through Parasoft’s centralized reporting dashboard to make the results of security testing visible to stakeholders in the same ways that functional tests are displayed and reviewed. This complete view of testing enables stakeholders to make informed decisions that impact the business.
