The focus for soapUI 4 has been adding common security attacks against SOAP, REST, JMS, and AMF as well as Web Sites.
In soapUI you can now do the following Security Scans;

  •     Boundary Scan
  •     Invalid Type
  •     Malformed XML
  •     SQL Injection
  •     XPath Injection
  •     XML Bomb
  •     Malicious Attachment
  •     Custom script
  •     Cross Site Scripting
  •     Fuzzing

Each scan will send a number of different requests looking for common weaknesses in target environments. The Scans are extensible and configurable.
 soapUI 4 also consists of a number of smaller updates and bug fixes