Testing Web Services
You can import an OpenAPI document describing the service's capabilities on the Tests Assets page or via the API to test your web services. GUARDARA validates and processes this document to create all the necessary test configurations so that you can run tests by simply clicking a button or calling the appropriate API endpoints. The test configurations are fully configurable, editable and transparent.
A non-exhaustive list of issues GUARDARA can find is shown below.
- Documentation, design, implementation and security-related issues by performing static analysis of OpenAPI documents
- Performance bottlenecks and availability issues that a malicious actor can trigger by abusing the web service
- Errors and security issues due to improper/insecure input handling, including but not limited to SQL injection, command injection, and the classic memory-corruption issues, such as buffer overflow, format string issues and NULL pointer dereference
- Insecure, clear-text communication
- Broken web service operations
- Broken authentication mechanism
- Unexpected or undocumented service responses
- Unhandled exceptions and edge cases
This feature has been released in version 0.9.5 of GUARDARA and is currently in the Alpha stage. There are plenty of improvements planned for the upcoming months. Please let us know if you have any suggestions on how we could improve the feature for you or if there are any features you would like to see in the upcoming releases.
The tutorial is divided into two main sections to show how to test web services using the user interface and the API separately. We recommend getting familiar with using the web service testing feature via the user interface first.