SOAP 1.1 API Support
Aptori now supports SOAP 1.1 APIs, enabling comprehensive security analysis of legacy and standards-based XML services. This enhancement extends Aptori’s application and API security coverage to environments that continue to rely on SOAP for mission-critical integrations, including telecom, financial services, and enterprise platforms.
SOAP 1.1 API Support
Overview
Aptori now supports validation of SOAP 1.1 APIs, enabling comprehensive security analysis of legacy and standards-based XML services. This enhancement extends Aptori’s application and API security coverage to environments that continue to rely on SOAP for mission-critical integrations, including telecom, financial services, and enterprise platforms.
With this release, Aptori can model, test, and analyze SOAP-based services alongside REST and GraphQL APIs within a single, unified security platform.
What’s New
SOAP 1.1 Protocol Support
Aptori can now ingest and analyze SOAP 1.1 endpoints, including XML-based request and response structures. This allows organizations to apply modern, automated security testing to legacy services without modifying existing implementations.
XML-Aware Security Analysis
The platform understands SOAP envelopes, headers, and body elements, enabling precise inspection of XML payloads and service operations. This ensures accurate vulnerability detection without relying on generic pattern matching.
XXE Injection Detection
This release introduces native detection for XML External Entity (XXE) Injection vulnerabilities in SOAP APIs. Aptori identifies insecure XML parsing behaviors that could allow attackers to:
- Read sensitive files from the server
- Perform server-side request forgery (SSRF)
- Trigger denial-of-service conditions via entity expansion
Aptori analyzes how XML parsers are invoked and validates whether external entities are processed unsafely, providing deterministic findings rather than speculative alerts.
Why This Matters
Many regulated and large-scale environments still depend on SOAP for internal and partner-facing services. These APIs often fall outside modern security testing workflows, creating blind spots that attackers actively exploit.
By adding SOAP 1.1 support and XXE Injection detection, Aptori enables teams to:
- Secure legacy APIs with the same rigor as modern services
- Reduce exposure to XML-based attack vectors
- Meet compliance and audit requirements for older protocols
- Eliminate security blind spots across mixed API environments
Availability
SOAP 1.1 API support and XXE Injection detection are available immediately as part of the Aptori Platform. No additional configuration is required beyond enabling SOAP endpoints for analysis.
.svg){kind=small}
.svg){kind=small}
