Forum Systems, Inc. - Forum XRay

Forum XRay™ Web Services Diagnostics

Test the accuracy and security susceptibility of Web services within service-oriented applications.

Product Overview

Forum XRay Web Services Diagnostics is a quality assurance solution that tests Web services within service-oriented applications against business and technical requirements of security, accuracy and performance.

Forum XRay allows development groups as well as operations departments to systematically detect and then to eliminate design-centric as well as attack-centric vulnerabilities.

Background

People expect technology to work. Unfortunately, even technology is susceptible to mishaps, be they accidental or malicious, which lead to anything from system delays that inconvenience a customer all the way to service level agreement violations that result in lost customers. Even seemingly trivial errors that occur repeatedly will eventually result in lost business due to unaccounted transactions, underperforming or ineffective business processes and false alarms that disrupt the flow of information and time-sensitive decision making.

Web services rely on software technologies to enable dynamic information sharing and distributed transactions that are interoperable using open standards. Web services will be susceptible to software quality challenges including:

poor development practices
ignored security policies
incorrect configurations
unanticipated incompatibilities
inadequate identification or authentication
exploitable logic errors
improper initialization
inadequate testing
design flaws
validation and boundary errors

Business Benefits

Reduction in development costs by eliminating programming errors
Assurance of functional application accuracy
Shorter time to market through systematic regression testing
Assurance that applications comply with service level agreements
Discovery of security vulnerabilities in the development phase

Feature Highlights

Comprehensive Web Services Test Case Management Suite
WS-Security Application Testing with support for XML Digital Signatures, XML Encryption and WS-Security Headers
WS-I Basic Profile Compliance Validation
WSDL-based Graphic User Interface
SOAP Request/Response Management
HTTP Basic Authentication with SSL v3/TLS
Integrated X.509 Certificate Management
Logging and Monitoring
Eclipse Plug-in Support

Forum Systems Product Matrix

Feature	Enterprise SOA	Enterprise
Support for a shared library, enabling CSOs, QA testers, and development teams to share policies, vulnerability profiles, tests, and test results
Support for multiple roles in an enterprise, including policy experts, testers, and compliance officers
Policy Editor, which enables users to define policies and associate them with WSDLs
Security policies and vulnerability policies: policies reflect best practices with security policies defining internal guidelines for implementing security requirements and vulnerability policies relate to specific software exposures.
Security Test Profile Library, supporting import and export operations
Security Test Profile authoring, enabling users to define their own Security Test Profiles
Policy Compliance Test Generation
Vulnerability Test Generation
Support for X.509, including embedded X.509 tokens and X.509 policy assertions
Reports generator, which produces four reports with graphics: Service Policy Report Vulnerability Compliance Report Test Suite Execution Report Status Report
Job Log Explorer with automatic flagging of test results as pass or fail, enabling testers to tell at a glance which tests require action on the part of developers
Vulnerability Test Profiles, a library of known vulnerabilities; which generates a series of test specific to the Web Service including tests for parameter tampering vulnerabilities, such as coercive parsing, SQL injection, and cross-site scripting
Vulnerability Test Profile import capability, enabling testers to take advantage of new Vulnerability Test Profiles as they are released by Kenai
Automatic generation of test cases, based on Security Test Profiles
Support for client SSL authentication
Support for SOAP with attachments (MIME and DIME)
Shortcuts for common tasks
WSDL operations, including opening, display, importing, exporting, searching, and saving WSDLs, and listing files, services, ports, and operations in real time
Request-Response Management, including editing and displaying WSDL SOAP header requests and responses in raw, formatted, and tree formats, facet data values, and editing basic HTTP authentication data in real time
Batch Execution
Test Management, including the creation, executing, modification and saving of tests in real time based on requests with defined parameters, tests can specify the time intervals between requests