API Security Testing

API Security Testing

Fuzzing | Parameter Injection | Patented Dynamic Schema Mutation | Data Driven Dynamic Inputs

API Security Testing

Regression Testing

Embedded behavior variance engine provides XDiff technology to automatically detect behavior variances and regression between API tests and API versions. Capture API baseline behavior and then run regression tests to detect and report any regression of functionality or expected behavior.

PKI and Security

Built-in PKI engine for TLS, Digital Signature generation, and Encryption. Supports direct access to X.509 keys from Windows, Java keystore and dynamic SmartCard readers. Also support dynamic PKI for run-time specified PKI when API tests move from one environment to another.

Automatic Message Generation

OpenAPI and WSDL schema parsing with automatic JSON and XML generation. Enables simplified message generation by providing schema from OpenAPI, WSDL or stand-alone XSD schema. Messages can then be created via graphical form editor and resulting messages automatically created.

MFA and SSO

Protocol identity generation for Basic Auth, SSL X509 Auth, and NTLM. Message based identity generation for SAML, OAuth, Amazon AWSv4, X509, and Kerberos Identity Tokens

Test Reports

Detailed reports for results based on type of test performed including Functional, Performance, Compliance, and Vulnerability reports. Export formats XML, DOC, XLS, PDF, RTF, and RPT.

Test Variables

Variable substitution in message headers, message body, tasks, identity credentials. Dynamic X.509 aliases for PKI. Runtime variable, global variables, context functions, and automation variables.

Project Management

Built-in project management features allow for import and export of project data. The test data and rules are stored in portable project files which can be moved around for shared environment testing and also versioned using any source control tools.

Success Criteria Rules

Validating API behavior is simplified by creating expected behavior rules using the success criteria rule framework. Quickly enable functional and performance testing to detect and report API expected behavior.

Test Automation

Drive inputs and response analysis using dynamic data from File, Excel, or Database tables. Can be used for functional API validation or with virtual client performance testing. Supports data source splitting and synchronization across data sources.

Download SOAPSonar Datasheet