You Need Some Soap

It turned out hat we have reached the stage were we can launch new tools in just a matter of hours. Such is the story of Soap - a SOAP service auditing tool, which is capable of loading projects from SoapUI and interact with the requests by using the rest of the tools from our platform.

Soap Auditing Tool

It have all started out of necessity. Upon receiving a fairly large SoapUI project file and not having the right tools to open it (i.e. SoapUI itself), we thought that it will be a good idea if we could all do it from the Suite. We copied the folder of another tool of ours that does something similar and started the re-sculpturing and reshaping process, which typically involves moving code around and trimming it down to get the desired function out of it.

It took us less than an hour to assemble everything together and wire-up the bits and bobs that make our platform so that the the tool feels coherent and integrated with the rest of the tools. You will notice that while the purpose of Soap is different, the main UI remains unchanged and feels familiar if you have experience with other tools such as Httpview.

The result was quite surprising even for us. We not only managed to quickly load the SoapUI file in question, by using just a browser, but also do a pretty good job with Xmlfuzz to identify if there are any input validation bugs within the service. This is a story for another time.

Now you have it - a free SOAP auditing tool that works from the cloud. There is no need to install anything. BTW, for those of you who think that we are uploading project files to our services to process them you will be pleasantly surprised to find out that this is not how the Suite works. It is all client-side.


Petko D. Petkov (pdp), is founder of Websecurify and frontman of the GNUCITIZEN Information Security Think Tank. pdp is a recognized information security researcher, security tools developer, penetration tester, frequent speaker at industry events, and published author who has contributed to several best-selling books in the field of information security.

Comments Powered ByDisqus