Today, Open source has become very necessary resource for many tools and platforms which is used in SOA deployments. It has a record for cost-effective applications and tools. SOA (Service Oriented Architecture) testing involves the capability to test SOAP, XML and REST based messaging against a service endpoint to assess the robustness, reliability, quality and capabilities of the service.
Comprehensive testing of the service mainly focuses on four areas: Functional, Performance, Interoperability and Security. The open source tools which are available today for SOA testing mainly focus on Functional testing of the service as it is widely adopted by development teams.
Functional testing: provides the ability to verify the behavior of the services. Under this testing, regression test suites are built which automates testing and expected behavior of services so that the lifecycle of service revisions can be quickly assessed and the functionalities can be validated. Generally the functional testing capabilities of an open source testing tools are enough for simple type of SOA deployments which have simple WSDLs, Schemas or message patterns. If it is more complex, the challenge of functional testing from single request-response moves to scenario testing where behavior is not measured by one request-response but several transactions which are dependent on other are measured as a business functional unit.
Performance testing: provides concurrent, simultaneous loading agent framework which is helpful to determine throughput and capacity statistics of the back-end service as well as identifies bottlenecks and potential architectural weaknesses and performance dependencies.
There are many performance testing tools available in the market.
Interoperability testing: maximizes the interoperability of the service. This can be achieved by measuring the design characteristics of the service and runtime adherence to standards and best-practices. Interoperability testing involves both design time analysis of service characteristics such as WSDL and schema as well as run-time assessment of service robustness in context of consuming and handling messages patterns which fall outside the expected structures. It provides resources to assess the design time characteristics of WSDL and schema and run time analysis reporting to message patterns. While it do not provide the ability to generate messages that fall outside these expected patterns which is actually the key to measure the actual position of the run time service.
Security testing: assesses the risk bearing and robustness of the service with respect to vulnerability, data leakage, data privacy and data integrity. Security tests can be built to create boundary condition tests for the service which can test the robustness of the service handling inputs outside the range of expectation. For this it uses WDSL schema as the source of testing. Main areas of security testing are wide. It involves integrity and structure of messages having injection attacks at parameter and data structure levels to assess the actual behavior and flexibility of the service endpoint when it is faced with data values and message structures outside of the expected format. Security testing job involves PKI with encryption, signatures and identity tokens which require testing frameworks to understand various standards to support wide range of security message formats.