|
|
Speaker Background Parth Srivastava |
Web Services Security Testing with a focus on XML Signature Parth Srivastava — Test Manager — Infosys Technologies Limited |
Over the past two years Parth has been managing large performance testing engagements in the Banking and Financial services industry. He has lead and has been instrumental in streamlining performance-testing activity at a large US bank based out of Chicago. At present he is Program Managing a testing engagement in Netherlands. This engagement has projects based on Functional testing, automated and Regression testing, Performance Testing, Security and Availability testing. With the evolution of service based architecture and Web services hekeenly pursues new developments in the testing related domain of Web Services. Of late Security related issues in Web Services are his source of motivation for learning new technologies.
|
Web Services based on Service Oriented Architecture offer huge benefits like Interoperability, Usability, Reusability, Deploy ability, and Reliability. These benefits are accompanied by risks, which are inherent to the nature of SOAP messages and Service Oriented Architecture. To ensure that Web Services are able to offer the published features under all situations, proper validation of Web Services. The primary areas that need to be tested while deploying Web Services are
Since Web Services do not have a user interface, usual testing methods for functionality and performance do not work with Web Services. There are tools available which do test the functionality and performance of Web Services. When it comes to testing the security risks or interoperability of Web Services, there is no definite process or tool available which can test these features of Web Services. Testing, Security and Interoperability features, of Web Services is a requirement that has to be verified before Web Services are deployed. This paper works towards identifying testing of features defined by WS — Security for securing Web Services. This is done in a step by step manner so that readers not familiar with Web Services and its WS-Security specifications do understand about the security features in Web Services and thereby identify the testing needed around Web Services Security. This paper first presents the concepts of why security is a very critical feature of Web Services. Then the basics of WS-Security framework are discussed. This will familiarize the reader with the features implemented in Web Services, to cover the security related aspects of SOAP messages and Web Services. Since the complete WS-Security implementation details and its testing will become too vast a topic, this paper focuses on XML-Signature, which is the most widely used security feature being implemented in Web Services. Workings and implementation of XML Signature is explained in this paper, taking the reader towards the details which are required to test XML Signature implementation in Web Services. Having explained to the reader the security features and XML Signature implementation, this paper lastly covers scenarios which need to be tested in any implementation of XML Signature. Audience: This paper is primarily intended for Test Analysts and Test Managers who can identify the need for security in SOA based Web Services and develop a testing methodology for Web Services Security Testing. Other parties who benefit from this paper are Project Mangers and Program Managers, who can appreciate the testing, needed for security features in Web Services, and engage with the Project Testing teams more effectively.
|
Parth holds a B.E. Electrical from M.N.N.I.T Allahabad. During the 9 years of his career in the IT industry, Parth has been playing various roles in the organization. He started my career as a developer and over the years got interested in performance related issues. His exposure to the world of testing and validation services has been through performance testing projects that he has participated in and managed.