Penetration Tests

LegacyForumLegacyForum Posts: 1,669 ✭✭
edited December 2016 in SOAtest
How to set them up
Hello
I have been tasked to set up Penetration Tests. Using the wizard I have created the Test Suites for the various tests, Parm Fuzzing, SQL Injections, etc. but am not sure as to what goes into the Data Source Attck Fields. I'm assuming in the Successful & failure fields I enter the data that is needed to test, but even to this im not sure. Anything that would help me to get going in the right direction would be greatly appreciated. Thanks

-S Richard Loiacano
Tagged:

Comments

  • LegacyForumLegacyForum Posts: 1,669 ✭✭
    The "Attack Values" table is for attack values that you want to test in addition to the values in the Data Source in "Attack Value Data Source". The "Success Values" table is for values that are known to cause the test to succeed. The "Failure Values" table is for values that are known to cause the test to fail. The Failure Values can be used to get the expected failure response message and this can be compared to the response received from the Attack Values. It also helps reduce false positives in the Vulnerability Detector tool.

    There is an overview of penetration testing in the documentation. This can be found by going to the Help menu and selecting Documentation to open the User's Guide. In the section "Functional Testing (Emulating the Client)", there should be a topic "Automatic Creation of Test Suites." Click on this topic and scroll to the bottom for the section "Penetration Testing with the New Test Suite Wizard".
Sign In or Register to comment.