Penetration testing is critical to uncover security holes in your application. With Parasoft SOAtest, you can efficiently take your existing API and web UI functional testing scenarios and automatically create security tests, adding penetration testing into your automated CI process.
Parasoft SOAtest helps teams prevent security vulnerabilities through API penetration testing and execution of complex authentication, encryption, and access control test scenarios. By leveraging already-existing functional tests for security scenarios, teams can approach security testing earlier, and address critical security defects before they are buried deep in the release.
There are specific areas of your application that you want to attack but they are buried under multiple web or API steps. With SOAtest, you can define the steps needed to get your application in the the state where it could be penetrated and then launch your attack.
Using Parasoft’s Burp Suite extensions, users can use existing SOAtest REST API and browser test scenarios to run penetration tests against the endpoints accessed by the API and browser tests. The ability to re-use scenarios saves users critical time in setting up test scenarios.
Security tests can be run as part of an automated CI process through the command line or through integration with CI systems like Jenkins, TeamCity, Bamboo, and VSTS. Most testing tools make penetration testing a process that must be initiated manually, while integration with SOAtest makes it possible to turn penetration tests into regression tests. This automation allows teams to discover vulnerabilities as soon as they are injected into the application – otherwise vulnerabilities may not be discovered until much later.