Pen-testing RESTful Web Services

Submitted by Ofer Shezaf on 20 November 2011 - 1:40am
Share/Save

Last week I gave a presentation at Source Barcelona about security testing of RESTful Web Services. While the security aspects of RESTful Web Services are rather similar to normal web applications, testing them poses different challenges discussed in the presentation.

The presentation includes:

  • Definition so RESTful Web Services and how they are different than SOAP based Web Services on the one hand and RESTful as a design pattern on the other hand.
  • Discussion of where RESTful WS are found in the Wild.
  • Brief notes about the security of RESTful Web Services.
  • Deep dive into the challenges of pen-testing RESTful Web Services and how to overcome them.
  • Considerations for automated security testing of RESTful Web Services.

You can download the presentation here or watch the video recording here.

Post new comment

More information about text formats

Full HTML

  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.

Filtered HTML

  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <blockquote> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.