Secure SOAP APIs using Akto

Introduction

You can use Akto to help you secure your SOAP APIs in the CI/CD pipeline:

API Inventory

Akto can automatically prepare an API Inventory for SOAP APIs. Use one of our traffic connectors or upload WSDL files directly. Akto will populate the dashboard with all detected SOAP operations and their request/response structures.

You will see a separate entry for each SOAP action (operation) along with its endpoint. Click on an API to view its detailed request and response XML schema.

Sensitive data exposure

Go to Sensitive Data to check if your APIs are sending sensitive or PII data in the API response. You can also configure Slack/Webhook alerts to get notified in real-time when sensitive data is detected.

Run OWASP Top 10 tests

Click on the Run Test button to start testing your SOAP APIs for OWASP Top 10 and HackerOne Top 10 vulnerabilities.

Akto will automatically generate security tests tailored to SOAP, including testing for XML injection, weak authentication, and insecure deserialization vulnerabilities.

Custom SOAP security tests

Using Akto’s test editor, you can write your own security tests for SOAP APIs. See instructions for custom tests here.

Here are a few SOAP-specific test instructions you can use:

  • add/modify SOAP headers

  • inject payloads into XML body

  • tamper SOAPAction value

  • remove/alter XML nodes

Run tests in CI/CD

You can automate SOAP API Security Testing by using our GitHub action or pre-deployment hook to trigger tests in your CI/CD pipeline.

Feel free to write us at support@akto.io for any help.

Last updated

Was this helpful?