SOAP example project for API Fuzzing and DAST API
Problem
API Fuzzing supports testing SOAP endpoints, however, no example project exists showing a working configuration.
Proposal
Create an example project based on the existing SOAP target in the API Security repository. Verify the project has findings when fuzzed. Introduce a bug if needed.
Pipeline for project should include a build
, test
, and fuzz
stage. The build
and test
jobs can be empty.
Organize the example projects in a folder as such:
-
https://gitlab.com/gitlab-org/security-products/demos/api-fuzzing-examples
https://gitlab.com/gitlab-org/security-products/demos/api-fuzzing-examples/soap-example
Tasks:
-
API Fuzzing -
Create test project SOAP Example
https://gitlab.com/gitlab-org/security-products/demos/api-fuzzing/soap-api-fuzzing-example -
Verify target has finding -
Update documentation with example project MR!62931
-
-
DAST API -
Create test project SOAP Example
https://gitlab.com/gitlab-org/security-products/demos/api-dast/soap-example -
Verify target has finding -
Update documentation with example project MR!62931
-
Links
/cc @sethgitlab @stkerr
Edited by Herber Madrigal