As a Security Specialist I want to study what open source tools could be used for automating X-Road security testing so that I know which tools are best suited for X-Road

[raits]

An open-source security testing tool could be used for automating Security Server penetration testing. The Security Server has multiple interfaces: UI (port 4000), message transport (ports 5500, 5577) and a SOAP/REST interface for information systems (ports 80 / 443 and 8080 / 8443). Central Server and Configuration Proxy use different ports. It should be studied how different alternatives can be used for testing all the interfaces of different X-Road components. More information about different X-Road components and their interfaces is available here.

The JIRA ticket this issue was created from can be found here: https://nordic-institute.atlassian.net/browse/XRDDEV-129

Acceptance criteria:

• Different open source alternatives for implementing automated security tests for Security Server, Central Server and Configuration Proxy are evaluated, and results are documented
• Interfaces of different components that can be tested using different tools are documented in the results