[Owasp-o2-platform] Documenting how to test WebServices using scripts - the story so far (5th April 2012)

Dinis Cruz dinis.cruz at owasp.org
Mon May 7 18:30:54 UTC 2012


Here is the chronological consolidation of the  efforts (by
Arvind<http://ardsec.blogspot.com/> and me) to
write a detailed story of the steps required to create a Security / QA test
suite for TeamMentor <http://teammentor.net/>


These are my posts with analysis of what is going on, key concepts, extra
briefing notes, and links to relevant Arvind's posts:

   - Testing TeamMentor 2.0 security using
O2<http://diniscruz.blogspot.co.uk/2012/04/testing-teammentor-20-security-using-o2.html>

   - First you create Tests for WebServices, then you add the
   abuse/security
cases<http://diniscruz.blogspot.co.uk/2012/04/first-you-create-tests-for-webservices.html>

   - A journey into testing WebServices in a developer friendly
way<http://diniscruz.blogspot.co.uk/2012/04/journey-into-testing-webservices-in.html>
   - If you not blowing up the database, you're not testing the whole
app<http://diniscruz.blogspot.co.uk/2012/04/if-you-not-blowing-up-database-youre.html>
   - What is the formula for the WebServices Authentication
mappings?<http://diniscruz.blogspot.co.uk/2012/05/what-is-formula-for-webservices.html>
   - Roadmap for Testing an WebService's Authorization
Model<http://diniscruz.blogspot.co.uk/2012/05/roadmap-for-testing-webservices.html>

   - Creating a spreadsheet with WebService's Authorization
Mappings<http://diniscruz.blogspot.co.uk/2012/05/creating-spreadsheet-with-webservices.html>
   - Is there a spreadsheet/template for Mapping WebServices Authorization
   Rules?<http://diniscruz.blogspot.co.uk/2012/05/is-there-spreadsheettemplate-for.html>
   - Using BDD-Security to test WebServices Authorization
Rules?<http://diniscruz.blogspot.co.uk/2012/05/using-bdd-security-to-test-webservices.html>
   - ... to be continued...


These are Arvind's posts with his efforts, ideas, problems, solutions and
scripts:

   - Finding the WSDL and why should I
automate?<http://teammentordevelopment.wordpress.com/2012/04/28/testing-teammentor-web-services-1/>
   - Finalizing my dev env – Python +
Suds<http://teammentordevelopment.wordpress.com/2012/04/28/testing-teammentor-web-services-2/>
   - Authorization testing – the thought
process…<http://teammentordevelopment.wordpress.com/2012/04/28/testing-teammentor-web-services-3/>
   - Why Unit tests?<http://teammentordevelopment.wordpress.com/2012/04/28/testing-teammentor-web-services-4/>
   - My first working..independent…unit tests
:)<http://teammentordevelopment.wordpress.com/2012/05/01/my-first-working-independent-unit-tests/>
   - Authorization testing…analysis logic
added<http://teammentordevelopment.wordpress.com/2012/05/01/authorization-testing-analysis-logic-added/>
   - Unit Tests – Handling complex arguments with
Suds<http://teammentordevelopment.wordpress.com/2012/05/02/unit-tests-handling-complex-arguments-with-suds/>
   - Unit Tests – 38 methods done
:)<http://teammentordevelopment.wordpress.com/2012/05/05/unit-tests-38-methods-done/>

   - ... to be continued...


I'm really happy with the way this is coming along, and I hope that it will
help others when faced with the same challenges (i.e. adding security/qa
tests to WebServices)


Dinis Cruz
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-o2-platform/attachments/20120507/92aa8a13/attachment.html>


More information about the Owasp-o2-platform mailing list