SOAPSonar provides the features to accomplish testing the requirements set forth in the SAS 70 ( Statement on Auditing Standards (SAS) No. 70) per Service Organization Controls (SOC) level reporting.
Specifically, the following information can be obtained and validated
SOC 2 Report— Report on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy
SOC 3 Report— Trust Services Report for Service Organizations
Trust Services Principles
-- SOAPSonar provides an integrated WSDL scoring engine which performs detailed analysis of WSDL and schema to assess compliance with regard to message patterns and potential exposure to processing integrity risks.
-- SOAPSonar provides security testing across the following different types of security validation: Threat Vector Vulnerability Assessment, Identify and Access Control testing, Security Standards such as WS-Security Encryption, Decryption, Signatures, and Signature Verification,
-- SOAPSonar provides performance testing assessment with latency and throughput analysis with profile management for concurrent users.
-- SOAPSonar provides several testing features to validate the enforcement (or lack thereof) of document integrity with regard to RFC protocol compliance, well-formed XML, and valid schema data types and structure
Confidentiality, and Privacy
-- SOAPSonar provides one-way and 2-way SSL/TLS validation, WS-Encryption, WS-Decryption, WS-Signatures, and WS-Signatures Validation to validate privacy and confidentiality enforcement of service transactions.