Scribd Logo
Importer

Bienvenue sur Scribd !

  • Bulletproofing Web Services With Parasoft SOA Test™: Rami Jaamour

    Transféré par

    chrchary1086
    41 vues24 pages
    "We Make Software Work" bulletproofing Web services with Parasoft SOA test(tm) Message, Description, Authentication, Security, Interoperability, Performance, Change Management "we Make Software Work" Web services are the backbone of your SOA - Critical business tasks - Failure can result in significant revenue losses.

    Description originale:

    Titre original

    10

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Formats disponibles

    PPT ou lisez en ligne sur Scribd

    Avez-vous trouvé ce document utile ?

    Ce contenu est-il inapproprié ?

    Signaler ce document
    "We Make Software Work" bulletproofing Web services with Parasoft SOA test(tm) Message, Description, Authentication, Security, Interoperability, Performance, Change Management "we Make Software Work" Web services are the backbone of your SOA - Critical business tasks - Failure can result in significant revenue losses.

    Droits d'auteur :

    Attribution Non-Commercial (BY-NC)
    Téléchargez comme PPT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    41 vues24 pages

    Bulletproofing Web Services With Parasoft SOA Test™: Rami Jaamour

    Transféré par

    chrchary1086
    "We Make Software Work" bulletproofing Web services with Parasoft SOA test(tm) Message, Description, Authentication, Security, Interoperability, Performance, Change Management "we Make Software Work" Web services are the backbone of your SOA - Critical business tasks - Failure can result in significant revenue losses.

    Droits d'auteur :

    Attribution Non-Commercial (BY-NC)
    Téléchargez comme PPT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    sur 24

    “We Make Software Work”

    Bulletproofing Web Services With


    Parasoft SOA Test™

    Rami Jaamour
    Assistant Product Manager
    “We Make Software Work”

    Company Background
    Company Background

     Founded in 1987, privately held


     200+ employees worldwide
     Headquarters in Monrovia, CA
     10,000 customers worldwide
    “We Make Software Work”

    The Parasoft N-tier Solution


    Web Client Service Provider Database

    Web
    Service
    “We Make Software Work”

    Addressing Web Services Quality

    • Web services are the backbone of your SOA


    – Critical business tasks
    – Failure can result in significant revenue losses

    • Quality Concerns
    – Security
    – Interoperability
    – Standards Compliance
    – Performance
    – Change Management
    – Testing Practices and Methodologies
    “We Make Software Work”

    Addressing Web Services Quality

    • Effective engineering practices for SOA quality include


    – Governance
    – Development best practices
    – Testing

    • Web services testing differs from traditional Web application testing


    – Different standards and skill sets (WSDL, SOAP, etc.)
    – No GUI

    • Web services error prevention requires a multi-layered approach


    “We Make Software Work”

    Web Services Testing Practices

    Multi-layered Web services testing practices:

    • Testing the implementation layer

    • Testing the messaging layer


    “We Make Software Work”

    Implementation Layer Testing (Jtest/.TEST)

    • Coding Standards and Best Practices


    make sure that the code adheres to general industry standards and
    your own organizational standards for security, optimization,
    maintainability and reusability, validity, etc.

    • Unit Testing package com.parasoft.app;


    perform effective unit testing on public class Customer {
    the code level to make sure the private String name;
    private int id; Application
    smallest unit of code behaves public Customer(String name, int id) {
    setName(name);
    Java/J2EE/.NET

    correctly under both expected and }


    setId(id);

    unexpected conditions public String getName() {


    return name;
    • Automatically generate white-box tests to make } WS Provider
    public void setName(String name) {
    sure each code unit behaves correctly under this.name = name;

    Endpoint

    Endpoint
    unexpected conditions

    WSDL

    • Define black-box test cases to validate the


    functionality of each component
    • Use coverage metrics to ensure proper back
    end code testing
    “We Make Software Work”

    Message Layer Testing With SOA Test™


    • Message, Description and Discovery
     WSDL
     XML/SOAP
     UDDI Application Application Application
    J2EE .NET Packaged

    WS Provider WS Provider WS Provider


    • Transports/Messaging API

    Endpoint

    Endpoint

    Endpoint

    Endpoint

    Endpoint

    Endpoint
    WSDL

    WSDL

    WSDL
    SOA Test™ 4.1
     HTTP
     JMS
     IBM MQ
    nse
    t
    Bind

    Reques

     TIBCO Rendezvous Registry


    Respo

     SMTP
    UDDI
     RMI over
    Disc
     EJB
    WS Consumer WS Consumer WS Consumer WS Consumer

    WS Consumer WS Consumer WS Consumer


    “We Make Software Work”

    Message Layer Testing With SOA Test™


    WSDL Tests
    • Validate the WSDL (Web Service Description Document)
     W3C Schema
     WS-I
    Application
     Semantic Correctness Java/J2EE/.NET

     Organizational Rules
    WS Provider
     Regression

    Endpoint

    Endpoint
    WSDL
    SOA Test™
    “We Make Software Work”

    Message Layer Testing With SOA Test™


    Tier Isolation
     Stub out the service consumer (client) to
    test the service provider (server)
     Stub out the service provider (server) to
    test the service consumer (client)
     Stub out both end to test a proxy or an
    intermediary
    “We Make Software Work”

    Message Layer Testing With SOA Test™


    Unit Tests

    • Unit Test at the Service Layer

    Test each operation in isolation to ensure the validity of the XML


    payloads and that it returns the expected response per request
     Positive Conditions
     Fault and Error (Negative) Conditions
     Standards Compliance

    Web Service
    operation

    operation Application
    SOA Test™ WebSphere/BEA/.NET

    operation
    “We Make Software Work”

    Message Layer Testing With SOA Test™


    Functional (Scenario) Tests

    • Test Scenarios and Business Processes


    Create test cases which are representative of the
     Expected (positive) usage patterns of the end users
     Unexpected (Negative) usage patterns

    Web Service
    operation

    operation Application
    WebSphere/BEA/.NET

    operation
    SOA Test™
    Web Service
    operation

    operation Application
    WebSphere/BEA/.NET
    “We Make Software Work”

    Message Layer Testing With SOA Test™


    Load Tests
    • Load tests allow you to
     Identify Bottlenecks
     Predict Scalability
     Verify SLAs
    • Use load testing to predict the behavior of the service early as part of
    an iterative development process in a continuous automated manner,
    not only before deployment
    • Exercise load tests with realistic scenarios
     Expected usage patterns of the end users
     Unexpected usage patterns
     Live messages with dynamic values
    “We Make Software Work”

    Security Testing With SOA Test™

    Functional Security Testing


    • Security scenario tests verify the implementation of your security policies
     Positive Conditions
     Fault and Error Conditions
     Standards Compliance
    • XML Signature, Encryption, WS-Security Username Tokens and SAML
    • Maintain as regression tests throughout your development life cycle
    “We Make Software Work”

    Security Threats

    Example Threats Common to Web services and Web sites

    • SQL Injections
    • Capture and Replay Attacks
    • DOS
    “We Make Software Work”

    Security Threats

    Example Threats Specific to Web services

    • Broken Access Control/Bad Policy Enforcement


    • Large Payloads
    • XPath Injections
    • External Entity Attacks
    • XML Bombs
    “We Make Software Work”

    Penetration Testing With SOA Test™

    • Mitigate threats by simulating attacks


    • SOA Test™ automates the process of creating
    and executing penetration tests
    “We Make Software Work”

    “Securing Web Services”


    http://www.infosectoday.com/
    “We Make Software Work”

    Message Layer Testing With SOA Test™


    Regression Tests
    Test execution is automated to run on a regular basis

     Spend time creating the tests, not running them!


     The regression tests assets created during development can
    be used later for
     Maintenance
     Troubleshooting services in production
    “We Make Software Work”

    SOA Test™
    1. Create, Manage and Collaborate on Tests:
    • WSDL Tests
    • Unit Tests
    • Functional (Use Case Scenarios) Tests
    • Security Tests
    • Load Tests
    2. Automate with regression testing throughout
    the Web service lifecycle
    3. Report
    “We Make Software Work”

    Build Collaboration into the Process


    “We Make Software Work”

    Automation is key…

    • Improved productivity and labor savings through auto


    generation of test cases
    • Accelerated time to market by leveraging test cases
    between development, QA, and performance testing
    teams
    • Reduced overhead from creating and maintaining
    homegrown scripts or test harnesses
    • Mitigated risk for business critical applications by
    expanding the breadth of current test processes
    using SOA Test™
    • Reduced cost of maintaining tests going forward
    “We Make Software Work”

    SOA Test™ Customers…


    “We Make Software Work”

    Bulletproofing Web Services with


    Parasoft SOA Test™

    Questions?

    Rami Jaamour
    rjaamour@parasoft.com

    Vous aimerez peut-être aussi