Have you considered techniques for testing SOAP and REST services? I've had some experience with SoapUI, a popular debugging application, in the past but am still amazed at how powerful it is.
SoapUI is a free, open-source Functional Testing solution, the self-proclaimed “Swiss-Army knife of testing.” Basically it’s the Fiddler-equivalent for web services, similar to the WCF Test Client that ships with Visual Studio, but with a much richer set of features.
Despite the name, “Soap” UI, devs can also use it to test RESTful services.
In a nutshell, you can:
- Create test projects
- Add your service endpoints (by pointing to an external service or importing your own WSDL definitions)
- Manually compose requests
- Inspect the responses
It also has an automated testing system to "unit-test" your services. This features means you can create assertions to check whether a certain condition is true upon calling the service.
For instance, you can dictate that the response must contain a specific value, or that the call was successful, etc.
There's also an advanced form of automated testing which tests the service methods in a chained manner by dispatching. With this feature, values are extracted from SOAP responses using XPath and if the response meets certain criteria, another method is called, and so on. This might come in handy if you know that service methods will be called in a certain order from an application.
You can create mock services to avoid repeatedly calling a live production service, or load test your services to see how it performs under high-load conditions.
SoapUI also has a security testing component. This feature generates a list of vulnerability scans to test whether your service is susceptible to attacks such as SQL injection, XPath injection, malformed XML, XSS, etc.
SoapUI is an extremely helpful item to have in developer toolboxes. Since it’s free and open-source, why not?
Photo Credit: Robert S. Donovan