is there any SCIM2 compliance test utility available?
Basically I want to test SCIM2 server functionality whether it satisfy the standards of SCIM2 protocol and schema as defined at
https://www.rfc-editor.org/rfc/rfc7643
https://www.rfc-editor.org/rfc/rfc7644
I could not find a working (without bugs) utility in github.
so I wrote one here.
https://github.com/suvera/scim2-compliance-test-utility
Related
I have some repos for which I want to enable the OpenAPI(Previously known as Swagger) spec file check. There are tools(i.e. Stoplite's Spectral) available for the validation of file which provides lint support for the Yaml file.
However, what I want to achieve is that if I write an API in the code (i.e. GO or Java or Python) and if I do not specify that API in the OpenAPI Spec file, then it should throw an error in the CI tool.
If we can check the sync between Protocol buffer and OpenAPI spec file then also it would be useful so please do mention if any tool is available.
I believe that we may require different tools for different languages which are okay, but do we have that in any of the languages or not that I am not sure of.
I am looking for a nice way to write tests to make sure that enpoints in Spring Boot Rest (ver. 2.1.9) application follows the contract in openapi contract.
In the project I moved recently there is following workflow: architects write contract openapi.yml and developers have to implement endpoint to compliance the contract. Unfortunately a lot of differences happen and this test have to catch such situation and it is not possible to change this :(
I was thinking about the solution to generate openapi.yml from current ednpoints and compares it somehow but wonder if there is some out of the box solution.
I was thinking about the solution to generate openapi.yml from current ednpoints and compares it somehow but wonder if there is some out of the box solution.
In a general case, even the generated spec may not match the actual app behavior because some things can't be expressed with Open API. However, it still could be helpful as a starting point.
Open API provides a way to specify examples, that could be used to verify the contract. But the actual schemas might be a better source of expectations.
I want to note two tools that can generate and execute test cases based only on the input Open API spec:
Schemathesis uses both examples and schemas and doesn't require configuration by default. It utilizes property-based testing and verifies properties defined in the tested schema - response codes, schemas, and headers. It supports Open API 2 & 3.
Dredd focuses more on examples and provides several automatic expectations. It supports only Open API 2, and the third version is experimental.
Both provide a CLI and could be extended with various hooks to fit the desired workflow.
I'd suggest passing the contracts (as a spec you mentioned) to Schemathesis and it will verify if all schemas and examples are handled correctly by your app.
I was implementing a project with spring-data-jdbc and I found the Statement Builder API. I could this API be used for building native sql repositories?
At this point the StatementBuilder API is considered internal and use outside Spring Data is not encouraged, because it might undergo breaking changes without the normal cycle of deprecation.
That said it is a pretty isolated piece of code with a friendly OSS license so in many cases it might be an acceptable risk to use it with the fallback plan to clone it into an own package should it change in a way that is not useable for you.
After pentesting and checking the check-list, how can I reassure my client that these checks are done and vulnerabilities patched? (of course for something like sqli, showing is obvious)
But I mean somewhere to verify or something like this?
Thanks
For test checks that are done you can provide different reports generated by tools or manual testing (depending on vulnerability type) for those specific checks.
While for patched vulnerabilities, you will need to re-test the platform again and provide the changed reports either generated from tools or manual testing that will show different output by indicating the vulnerability is no longer present.
For further re-assurance you can also add the vulnerability exploitation reproducing steps on the report. So if the client wants to test it themselves they can do it (and get assured that it was fixed).
You need to describe all methodologies used like OSSTMM, OWASP, NIST. Is very important too talk about the perimeter tested (web like forms, api, frameworks, network protocols,etc).
However, you can create a topic every step tested using Top10Owasp:
Broken Authentication
Sensitive data exposure
XML External Entities (XXE)
Broken Access control
Security misconfigurations
Cross Site Scripting (XSS)
Insecure Deserialization
Using Components with known vulnerabilities
Insufficient logging and monitoring
This way you ensure that your test was compliance.
Just curious, if you were to build an instant message client for the Mac what existing API or service would you use to handle the transfer of messages from one user to another? I am looking for something that can be used in conjunction with objective-c and is compatible with other popular messaging services such as MSN, Yahoo, Aim, gtalk, etc. I don't want to host the service, but rather connect to existing services and use their "pipes".
Thanks
There are many Instant messenger protocols out there.
There is a good bet you could find a Java API for which protocol you would like to use like the XMPP Java API.
Or
for C or C++ you could use the libpurple library.
Your question lacks a lot of informations, so it's rather hard to answer. Please add some details on your requirements. What protocols do you need, what functionality, what development language do you use?
As a start:
Adium has been released under the GPL, thus you can use the code in your own projects as long as the license fits your needs.
http://trac.adium.im/
Another option, if you don't want to implement multiple networks but prefer to use a single protocol where the server provides gateways to other networks you can also check out Jabber/XMPP libraries that are available for the mac.
http://www.google.de/search?q=jabber+library+mac&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:de:official&client=firefox-a