As a light weight alternative to web services, RESTful services are fast becoming a leading technology for developing mobile applications and web 2.0 sites.

At first glance, RESTful web services seem very different than web services and suspiciously similar to regular web technology. The similarity of RESTful web services to regular web leads to the notion that RESTful web services can be tested and secured in the same way.

However, this is a misconception. RESTful services share many of the security challenges of other web services technologies, but lack a formal structure to compensate for that. Specifically, testing RESTful web services is challenging as common pen testing attack surface detection and fuzzing techniques do not work.

This presentation presents the challenges and possible solutions for assessing RESTful web services security. Topics include :

• RESTful web services and their use
• The complexities in protecting RESTful web services and common attack vectors specific to them.
• The challenges of security testing for RESTful services
• Innovative approaches for automated testing of RESTful services.

You can download the presentation here or watch the video recorded at Source Seattle in September 2012 here.