shubhamsharma84

 Profile Answers by shubhamsharma84 

• Dec 17th, 2008

 

security testing can be performed by having an complete idea about the application to be tested

KauShreya

 Profile Answers by KauShreya Questions by KauShreya

• Dec 18th, 2008

 

I totally agree with you, but if I need to perform testing on Authentication Web Services, do you suggest any approach to perform unit /load testing as it is totally new field to me.

Thanks,
Sreya

srinivasulub1981

 Profile Answers by srinivasulub1981 Questions by srinivasulub1981

• Mar 31st, 2009

 

Webservice:

A Web service is a software system designed to support interoperable machine-to-machine interaction over a network.

How to test:

I've tested a web service called 'Soap server' in my project and it is worked as below.

-> first of request will send to service in XML format
-> Server is also respond to client in terms of XML

Ex:

Request:

<GIFTS_PAYLOAD><AUTHENTICATION><SC_CLIENT_ID>afasdfasdfasd</SC_CLIENT_ID></AUTHENTICATION></GIFTS_PAYLOAD>

Responce:

<GIFTS_PAYLOAD>
<PARAMETERS>
<ERROR>
<ERROR_CODE><![CDATA[001]]></ERROR_CODE>
<ERROR_LOCATION><![CDATA[Authentication Error]]></ERROR_LOCATION>
<ERROR_MESSAGE><![CDATA[Authentication Failed. Unable to find the specified GUID in the SmartChange system. If the problem persists please contact the SmartChange administrator.]]></ERROR_MESSAGE>
</ERROR>
</PARAMETERS>
</GIFTS_PAYLOAD>


Security testing: It can't tell in one word, it's a big process and vary sever to server.

Srinivas

rachana.thakur

 Profile Answers by rachana.thakur 

• Jul 22nd, 2009

 

It depends on application you test. In my case we download data from one central database to a local database using webservice.
In central database data is stored as per pariticular service area and it should be visible only to user of that particular service area and while connecting to central database through webservice we provide user name and password.
So we test that when we log in to particular service area we should not be able to see and download data from other service area...
This is what I do
1) Created data in both service area which can be downloaded
2) However login with 1 service area
2) Try to download data
3) Verify that only particular service areas data gets downloaded..
We do lot many things.. but it actaully depends on application.