XML, SOAP, REST Testing for SOA and Cloud Computing

SOA Testing

Subscribe to SOA Testing: eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get SOA Testing: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Latest Blogs from SOA Testing
API Security has finally entered our security zeitgeist. OWASP Top 10 2017 - RC1 recognized API Security as a first class citizen by adding it as number 10, or A-10 on its list of web application vulnerabilities. We believe this is just the start. The attack surface area offered by API...
As IT professionals we have been overwhelmed with different standards for each component of architecture, service delivery, governance, security, and operations. Not only does IT need to ensure technical training and certification, but it is also desired to pursue certifications in IT...
Why should you think of API management as a platform? Because it’s becoming one of the most prodigious and important aspects of how Enterprises of all sizes participate in the digital economy.Keeping in line with the standard platform technology definition, … Read more...
Don and I have four children, all of whom have had the fortune to take piano lessons (I'm not sure if the youngest would agree he's fortunate at this point in his life but at five, he's not really able to answer the question with any degree of wisdom, anyway. Come to think of it, not s...
CGI has posted is an Application Engineer position with the US Coast Guard's REST-based SOA team. It's a
Recently, we have been talking a lot about JMX – especially about using the Monitis JMX Agent to monitor your JBoss server. As I mentioned in my previous post, in JBoss 6.x and earlier versions, the JMX web console and the JMX connector do not require authentication. This obvious...
Now that Agile development is mainstream and each day more teams are migrating from Waterfall to Agile development, it's important to understand how this methodology shift impacts testing teams. This blog is the first in a series of blogs where I will break down the common challenges t...
This is the fourth installment of blogs regarding the Top 5 Agile Testing Challenges. You can view the prior blogs or download a more detailed white paper, here:  1. Agile Testing...
Hot on the heels of the job I just posted in Brussels, here is another position, this
Mark Bakker from Xebia -- a specialized international IT consultancy focusing on Enterprise Java -- published an interesting overview of IBM DataPower Security Gateway and Forum Sentry.  Mark writes:
Some have tried to distinguish between “mobile cloud” and “cloud” by claiming the former is the use of the web browser on a mobile device to access services while the latter uses device-native applications. Like all things cloud, the marketing fluff is purposefully obfuscating and swee...
Recently, there has been a flurry of news emanating from the XML security world related to researchers demonstrating an attack on Amazon's AWS cloud management interface. The attack takes
Note: While talking about this post with Lori during a break, it occurred to me that you might be thinking I meant “MS Windows”. Not this time, but that gives me another blog idea… And I’ll sneak in the windows –> Windows simile somewhere, no doubt. Did you ever ponder the history of ...
This is my inagural post in this blog - in my new job - as Chief Solutions Architect at Vordel. In my time at Oracle, I had the opportunity to work with Vordel at a number of customers, and two things really stood out
SOA (Service-Oriented Architecture) seems to be the buzzword everywhere!!! SOA will solve all the problems, everyone wants SOA -- or so I hear. Anyway, I remember similar claims when CORBA was coming to town. It was supposed to change the way IT does business. To me SOA is XML/SOAP bas...
On March 16th I participated in the STKI summit by the local analysts company STKI. The company headed by Dr. Jimmy Schwarzkopf is focused on the Israeli market. The theme of this year conference was: Finding the Right Balance: Standardize vs. Innovate. Presentations were based o...
Web 2.0 is as much about integration as it is interactivity. Thus it’s no surprise that an increasing number of organizations are including a feed of their recent Twitter activity on their site. But like any user generated content, and it is user generated after all, there’s a potentia...
Next week at the RSA Conference in San Francisco I am speaking about XML security, a topic which has renewed importance because
So you’ve bought into the idea of service-orientation. Congratulations. You’ve begun to create services throughout your internal corporate network. Some of these run on .NET servers; others are Java services; still others are Ruby-on-Rails—in fact, one day you woke up and d...
Looking down my blogroll earlier today, I see "A message from Jamie Lewis". Jamie is the CEO of Burton Group, and always worth listening to, especially at his Catalyst talks. So, I click on the link and read that Burton has been acquired by Gartner! Analyst consolidation continues into...
Here is an interesting article by Rob Barry titled: "In SOA, cloud
As an exercise, I ran Signpost on the Vordel XML Gateway to see it insert the OAuth Authorization header into outbound messages. Getting Signpost up and running on the Vordel XML Gateway is simple. Firstly, download the jar files for Signpost and put them into the "/ext/lib" directory ...
XML Gateways are a great IT component for managing information flow between your enterprise and your trading partners. They provide the required functionality, such as: Identity bridging (e.g., from HTTP Basic Auth to SAML) Transport mediation (e.g., between HTTP and MQ Series) Protoc...
Forum Systems, the pioneer in XML Gateways became the first network appliance to be issued a Patent for XML security functionality. This issued patent 7,515,333 has a significant impact on the XML Gateway market landscape and locks Forum Systems position as the pioneer in the XML Secu...
Now let's take a simpler scenario where performance is not a problem and security is meant to be accomplished using SSL. I claim even in this scenario purchasing a dedicated server is a wise investment. Let's assume you intent to invoke web services from multiple partners. The number o...
Identity mediation is the first step for the majority of SOA Deployments. Identities come in may shapes and sizes represented at both the protocol level (e.g., HTTP Basic Auth, SSL Mutual Auth) and message level (WS-Security tokens X.509, SAML, etc.). Even if an enterprise successfully...
Looks like Forum Sentry, the pioneer and leader of XML Gateway and XML Firewall technology has announced its latest product that now addresses the growing need for handling not just XML/Web services traffic, but also HTML/Portal traffic. From a technology standpoint, this is not a revo...
Often in our tech industry there is a penchant to spout off performance numbers without qualifying the metrics and conditions under which these numbers are derived. The XML Gateway community is not immune to this indulgence. I have to admit, even I am guilty of committing this sin some...
Integration is the Enemy of Security and so is Flexibility - an attribute that is essential for organizations to survive.  A corporation that cannot service its customers and suppliers, establish long sticky relationships with them and build an
Finally! What companies such as Forum Systems pioneered a defensive layer for through its XML Gateway product, Forum Sentry, and Crosscheck Networks invented for identifying XML Security vulnerabilities thorough its XML/SOAP pen testing product, SOAPSonar is now becoming mainstream. Wa...
A view into the Hive Mind - what you see when you type "SOA is" into Google:
Firstly, there is the person designing the policy. As Randy says, the policy is defined "using the SOA product’s administration tool" (ie. not by writing code), and he goes on to say that "the important point here is that the policy is declared separately from the service, allowing it ...
The area of XML Performance Offload bridges not only applications in a SOA architecture, but also the use of Cloud-based PaaS services which often are invoked using XML (e.g. SalesForce.com's WSDL interface) or are invoked using REST-style interfaces
According to Gartner's Hype Cycle for Application Development, 2009, SOA Testing has almost traversed the "Peak of Inflated Expectation" and is on a glide-slope towards the "Slope of Enlighment." There is of course a "Trough of Disillusionment" in the middle where most enterprise find ...
The USPS services seem to be deployed as a SaaS model, accessed through a browser. As yet there do not seem to be managed PaaS APIs available (or are there?) which can be pulled into other applications, for example iPhone apps. Of course, right now it's easy to co-opt the Web interface...
In this article, we will discuss the limits of adopting an Open Source SOA testing tool for SOA and Web Services projects. Open Source has become an essential and popular resources for many tools and platforms used in SOA deployments. From operating systems such as Linux, to datab...
George Lawton recently provided a post describing how "as with SOA, some development costs obscured by cloud computing." He extensively quotes iTKO’s John Michelsen and this is greatly appreciated. George writes that while cloud computing holds great promise, it will be filled with sur...
George Lawton recently provided a post describing how "as with SOA, some development costs obscured by cloud computing." He extensively quotes iTKO’s John Michelsen and this is greatly appreciated. George writes that while cloud computing holds great promise, it will be filled with sur...
I recently received the first issue of the STAR Tester Newsletter for 2009. We're still a long way off, but they are already accepting presentations. This year’s conference theme is: ‘Testing for Real, Testing for Now’. The EuroSTAR 2009 Conference will be in Stockholm, 30th November –...
We have started an informal Facebook group on SOA testing and Virtualization for anyone interested in SOA and IT quality, validation and virtualization techniques. Bloggers, fans, LISA users, and anyone else interested in what iTKO is doing welcome. Jason English