RESTful services, web security blind spot

As a light weight alternative to web services, RESTful services are fast becoming a leading technology for developing mobile applications and web 2.0 sites.

At first glance, RESTful web services seem very different than web services and suspiciously similar to regular web technology. The similarity of RESTful web services to regular web leads to the notion that RESTful web services can be tested and secured in the same way.

However, this is a misconception. RESTful services share many of the security challenges of other web services technologies, but lack a formal structure to compensate for that. Specifically, testing RESTful web services is challenging as common pen testing attack surface detection and fuzzing techniques do not work.

This presentation presents the challenges and possible solutions for assessing RESTful web services security. Topics include :

  • RESTful web services and their use
  • The complexities in protecting RESTful web services and common attack vectors specific to them.
  • The challenges of security testing for RESTful services
  • Innovative approaches for automated testing of RESTful services.

You can download the presentation here or watch the video recorded at Source Seattle in September 2012 here.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s