Introduction
The topic of web service security can be challenging to understand and test. To be able to test secured web services effectively, it is naturally advisable to at least understand the basics of the security schemes involved. Building on this, it can also be advantageous to understand some of the common types of attacks for the security schemes involved. Since we cannot cover all this in a single chapter, we will try to understand at least the basics of the schemes involved, so that we can better understand how SoapUI can be used to test them. Fortunately, apart from any security-related complexity or setup work, the recipes here can actually be quite simple to do!
In the next chapter, we will build on some of the security concepts and testing skills learned here, while taking an in-depth look at OAuth 2 and AWS Access Key authentication in order to test cloud-based services.
What you'll learn
You will learn the following topics:
How HTTP-based authentication schemes work and can...