Submit and vote on feature ideas.

Welcome to the new Parasoft forums! We hope you will enjoy the site and try out some of the new features, like sharing an idea you may have for one of our products or following a category.

Penetration Tests

LegacyForum Posts: 1,664 ✭✭
edited December 2016 in SOAtest
How to set them up
I have been tasked to set up Penetration Tests. Using the wizard I have created the Test Suites for the various tests, Parm Fuzzing, SQL Injections, etc. but am not sure as to what goes into the Data Source Attck Fields. I'm assuming in the Successful & failure fields I enter the data that is needed to test, but even to this im not sure. Anything that would help me to get going in the right direction would be greatly appreciated. Thanks

-S Richard Loiacano


  • LegacyForum
    LegacyForum Posts: 1,664 ✭✭
    The "Attack Values" table is for attack values that you want to test in addition to the values in the Data Source in "Attack Value Data Source". The "Success Values" table is for values that are known to cause the test to succeed. The "Failure Values" table is for values that are known to cause the test to fail. The Failure Values can be used to get the expected failure response message and this can be compared to the response received from the Attack Values. It also helps reduce false positives in the Vulnerability Detector tool.

    There is an overview of penetration testing in the documentation. This can be found by going to the Help menu and selecting Documentation to open the User's Guide. In the section "Functional Testing (Emulating the Client)", there should be a topic "Automatic Creation of Test Suites." Click on this topic and scroll to the bottom for the section "Penetration Testing with the New Test Suite Wizard".