Secure SOAP APIs using Akto

Introduction

You can use Akto to help you secure your SOAP APIs in the CI/CD pipeline:

Automate SOAP API Inventory
Identify Sensitive data exposure
Run test for OWASP API top 10 vulnerabilities
Write your own custom tests for SOAP APIs
Run tests in CI/CD

API Inventory

Akto can automatically prepare an API Inventory for SOAP APIs. Use one of our traffic connectors or upload WSDL files directly. Akto will populate the dashboard with all detected SOAP operations and their request/response structures.

You will see a separate entry for each SOAP action (operation) along with its endpoint. Click on an API to view its detailed request and response XML schema.

Sensitive data exposure

Go to Sensitive Data to check if your APIs are sending sensitive or PII data in the API response. You can also configure Slack/Webhook alerts to get notified in real-time when sensitive data is detected.

Run OWASP Top 10 tests

Click on the Run Test button to start testing your SOAP APIs for OWASP Top 10 and HackerOne Top 10 vulnerabilities.

Akto will automatically generate security tests tailored to SOAP, including testing for XML injection, weak authentication, and insecure deserialization vulnerabilities.

Custom SOAP security tests

Using Akto’s test editor, you can write your own security tests for SOAP APIs. See instructions for custom tests here.

Here are a few SOAP-specific test instructions you can use:

add/modify SOAP headers
inject payloads into XML body
tamper SOAPAction value
remove/alter XML nodes

Run tests in CI/CD

You can automate SOAP API Security Testing by using our GitHub action or pre-deployment hook to trigger tests in your CI/CD pipeline.

Feel free to write us at support@akto.io for any help.

PreviousSecure REST APIs using Akto NextCreate and Edit Auth Types

Last updated 20 days ago

Was this helpful?