SOAPUI is one of the most popular tools for functional and non-functional testing since the day of its first version released in October 2005 by Ole Lensmer. This is a defacto tool for web services testing including SOAP and Rest API.
But before moving ahead why not we talk about SOAP. SOAP stands for Simple Object Access Protocol. This protocol is used by the computers to exchange information in the form of XML, JSON on the computer network using HTTP or other Transfer Protocols. We will learn more about SOAP but here we should also see some more details of SOAPUI tool.
- Its cross-platform open source testing tool developed in Java. So can be used on any of the JDK supporting operating system(Like Windows, Linux and Mac)
- SOAPUI provide easy to use graphical interface along with enterprise-class feature which enables developers and QA to write(create) and execute functional, regression, security and load test.
- It supports spectra of protocols like SOAP, REST, HTTP(s), AMF, JMS and JDBC( Database testing) and many more make SOAPUI a very acceptable tool for the testing of web services.
- It was developed in Eviware in 2005 and in 2011 acquired by SmartBear.
Since SOAPUI is an open source and free utility, licensed under the terms of the GNU Lesser General Public License (LGPL). It means anyone can use all provided features of this tool and can customize its code base as per the project need.
SOAPUI has a commercial version as well with name SOAPUI pro which is loaded with many pre-written utilities and templates that can be used with great ease without going into code.
As we have seen in the very first line that SOAPUI could be used for functional and non-functional testing. So let’s see some of these.
- It’s innovative and powerful features enable testers to validate web services and complete application.
- It’s drag and drops feature give great ease to beginners in the creation of functional test cases, Test suite and assertion to test cases. It works as an enabler to create a complex test scenario with great ease just by dragging and dropping.
- Supports test debugging and give freedom to create data-driven test cases.
- SOAPUI supports multiple environments so it is quite easy to switch on the various environment for example staging and production.
- Web service coverage is also provided by SOAPUI which helps in the analysis of soap or rests web service coverage in functional testing.
- Provides interface to create scripts using groovy and java as per the need of project requirement and scenario.
- It also gives way to add manual TestSteps and also enables us to perform Asynchronous Testing.
- Service Simulation (Mocking) enables testers and developer to create the test case before SOAP or Rest Services get implemented by mimicking the response (Custom Response).
- By using SOAPUI, we could perform compliance testing and could pick it up for some of the clients provided the standard dataset to show the web service behaviour.
- By using SOAPUI, We could write automated test cases which could be used for the regression testing.
SOAPUI provides ways to perform security testing to keep the check on security vulnerability for any of the web services developed or used within any of the application.SOAPUI provides a way to scan the complete web services to find security glitches. So let’s see all the security testing features of SOAPUI
SQL Injection: This feature ensures the security of databases. In this, all malicious SQL queries are triggered to check the database access.
StackOverflow or XML Bomb: SOAPUI is capable to examine stack overflow by sending heavyweight XML or message on web service which slows the performance or makes it inaccessible to end user(remember end user means another machine).
Cross Site Scripting: SOAPUI helps in scanning the exposed parameters used in web services in messages. For cross-site scripting, such exposed parameters proved to be very dangerous for web service and application which is consuming these web services.
Fuzzy Scan: In this random parameters are send to the web service to find valuable information in the stack trace, error or buffer stack overflow.
Boundary Scan: This is a straight forward way to find information which is exposed by sending value opposite of permitted data to web services. So SOAPUI helps in finding such issues to harden the quality of the product.
Other Scan: Along with all the above methods, there are much other security scans that can be done. For example, sending malformed XML, Attaching Scripts in Messages.
So if you have gone through all above security scan then you might find that we are talking more about information exposed which might be used to exploit the application. So it is always necessary to scan any of the web services that are being exposed for the end user should be scanned properly.
In SOAPUI, We have options to perform load testing on existing functional test cases. In general load testing is done to analyze the web services or API to see how system behave on the heavy concurrent user performing a certain transaction on specific time. Load Testing determines how long the system can withhold with the heavy load at a certain time.
- SOAPUI has made things so easy that the user can just do right click on existing functional test cases or suite and can perform load testing.
- In this tool, some pre-defined load strategies are defined where users can opt Simple, Fixed-Rate, Variable, or another – to simulate various test conditions easily.
- Built-in assertions help in determining web service performance and also ensures the compliance to end user experience.
- SOAPUI gives us an advance monitoring report end to end where the user can see all the performance parameters with great ease
- The best thing that we should talk here is its capability to simulate virtual user from different Load Agent Machine in your network or in the cloud. But now this is part of SOAPUI Pro feature.
Now we are going to see all the Supported Protocols and Standards SOAPUI. So here is the List of supported protocols and standards.
- SOAP – Simple Object Access Protocol
- WSDL – Web Service Definition Language
- REST – Representational State Transfer
- HTTP – HyperText Transmission Protocol
- HTTPS – HyperText Transmission Protocol Secured
- AMF – Action Message Format
- JDBC – Java Database Connectivity
- JMS – Java Messaging Service
- OAuth 2 Support.
SOAPUI Integration with Other Build and Testing Tools
SOAPUI is one of the best tools that can be accessed from the console and can be used with any of the build tools, Testing frameworks and also with version control clients like Jenkins, Hudson, ant, maven, bamboo, and Junit. So let’s see some of them with a basic introduction.
ANT: This is a console based build tool and this can be used with SOAPUI using the console and can be opted to build only certain test cases or test suite
Maven: This is another build tool and at some extent better than ant because in ANT we need to provide complete jar library but here it download all the dependencies at run time or we can configure the existing jars. Here again like ANT we have the freedom to customise our suite (We can run the complete project or some of the selected test cases or test suites)
Hudson/Jenkins/Bamboo: Hudson, Bamboo and Jenkins are two continuous integration tool that is used for continuous development and merging of code. By using this with SOAPUI, it helps to find defects easily because we integrate our test cases with each build creation.
Junit: Junit is known for its annotation that proves to be the best when controlling of test cases comes in the picture and the same thing can be achieved when it gets integrated with SOAPUI using the console and if it used with maven or ant then we could also find beautiful reports which are additional benefits of Junit.
What we have learned in this tutorial
- Introduction of SOAPUI
- Its feature and kind of testing we could perform with this tool
- All Supported protocols and Standards.
- Its integration with various Tool.
So in the next Tutorial we would be learning about Web Services and its type.