<Crosscheck your Web Services />TM

Pillars of SOA Testing

By Crosscheck Networks
Key Benefits
Introduction Comprehensive Identity
Management Testing
Ensures adoption of standards-
As Service Oriented Architecture (SOA) begins to form the based access control for Web
Services
fabric of IT infrastructure, actively and aggressively
testing Web Services has become crucial. Comprehensive
Functional, Performance, Interoperability and Intelligent Security
Assessment
Vulnerability Testing form the Pillars of SOA Testing. Effective gap analysis of existing
Only by adopting a comprehensive testing stance, Web Services security and cost-
effective planning for closing
enterprises can ensure that their SOA is robust, scalable, security gaps
interoperable, and secure.
Scalability and Reliability
Web Services have blurred the boundaries between Diagnosis
network devices, security products, applications and other Ensures deployment of robust
Web Services by easily
IT assets within an enterprise. Almost every IT asset diagnosing performance
now advertises its interface as a Web Services Definition bottlenecks
Language (WSDL) interface ready for SOAP/XML
messaging. Web Services interfaces provide Interoperability based on
unprecedented flexibility in integrating IT assets across standards
Enhance interoperability with
internal and external corporate domains. Such flexibility evolving Web services standards
makes it the responsibility of IT staff from all domains
such as Developers, Network Engineers, Security &
Compliance Officers, and Application QA Testers to
ensure that their Web Services work as advertised across
functional, performance, interoperable and security
requirements.
Pillar I: Functional & Regression Testing

Functional & Regression Testing is the First pillar of testing SOAs. IT Professionals need
to quickly test Web Services and setup desired regression Test Cases. Ease-of-use in
setting up such tests encourages technologist with varying skills and responsibilities to
test their Web Services quickly and often. Simple Test Case Management and Setup is
paramount to lowering the time required for setting up and maintaining functional &
regression tests.

Pillar II: Performance

Performance is the Second Pillar of SOA Testing. QA Testers, Network & Security
Engineers should test the scalability and robustness of Web Services and determine
performance and endurance characteristics of their WSDL operations. Testers should
determine response times, latency, throughput profiles for target Web Services. In
addition to performance profiles, tester should run test for a specified duration for
measuring endurance and robustness profiles. They also need to determine scalability
by bombarding target Web Services with varying SOAP messages across a range of
concurrent loading clients.

Pillar III: Interoperability

Interoperability is the Third Pillar of SOA Testing. While loading a Web Service WSDL,
consumer applications need to determine both design-time and run-time interoperability
characteristics of the target Web Services. Developers should run a set of
comprehensive WSI Profile tests and report interoperability issues with the Web Services
WSDL. Adhering to WSI Profiles ensures that SOA assets are interoperable and that
WSDL can work within heterogeneous .NET & Java environments.

Design-time WSDL interoperability testing is not enough. Run-time Interoperability

testing is also necessary. Testing the interoperability of a Web Services requires
creating specialized test suites for a WSDL. These tests ensure that the target Web
Services are interoperable by actively sending specialized request to the Web Services
and determining whether the Web Service responds per WSI Profile specification.
Comprehensive design-time WSDL WSI Profile testing combined with active run-time
Web Service interoperability behavior testing ensures that IT assets can integrate
independent of platform, operating system, and programming language.

Pillar IV: Vulnerability Assessment

Vulnerability Assessment is the Fourth Pillar of SOA Testing. Active Web Services
Vulnerability Assessment is an emerging area of SOA testing. By creating specialized
tests for a target Web Service, security officers can measure the vulnerability profiles of
the target Web Service. Security Engineers need to ensure that Web Services
vulnerabilities such as buffer overflows, deeply nested nodes, recursive payloads,
schema poisoning and malware traveling over SOAP messages do not affect their critical
Web Services. They need the ability to rapidly scan Web Services and assess areas of
exposure, determine severity levels, provide vulnerability diagnosis, and publish
remediation techniques. Web Services Vulnerability Assessment is a crucial pre-
production and post-production step that every .NET and Java developer and security
professional must take to ensure risk mitigation within their Service Oriented
Architecture.

Summary:

Web Services are the foundations of modern distributed systems. The widespread use
of Web Services across network devices, applications, and corporate infrastructure
mandates that all IT professionals take responsibility of testing their systems’ Web
Services before and after publishing them to consumers. Developers, QA Tester,
Network & Security Engineers are now fully responsible and accountable for ensuring
that their Web Services are robust, interoperable, scalable, and secure. Crosscheck
Networks’ SOAPSonar™ – an industry-first product that addresses all Pillars of SOA
testing – enables IT professional with varying SOAP/XML skills to quickly take control of
deploying comprehensively tested Web Services.

Contact Information
General: info@crosschecknet.com
Sales: sales@crosschecknet.com
Phone: 888.276.7725 Fax: 707.988.3840
25 Thurston Road . Newton, MA 02464 . USA