Testing REST APIs Web Services

Testing REST APIs Web Services

The difference between REST and SOAP is that SOAP usually produces a WSDL. REST could have a WSDL (with WSDL 2.0) or a similarly described WADL. However, this is unlikely, and without a list of entry points, it is difficult to test RESTful services. One would need either the source code, the documentation, or an existing test harness. SOAPSonaris a commercial option, while WS-Attacker remains one of the best current open-source options for testing.

John Wilander (@johnwilander) has a great post on REST called REST and Stateless Session IDs. It is a bit old (April 9, 2011), but still a really great blog posting

Links:
https://securityreliks.wordpress.com/2010/07/28/testing-restful-services-with-appscan/
https://www.owasp.org/index.php/REST_Assessment_Cheat_Sheet
https://securityledger.com/2015/08/the-challenge-of-securing-rest-apis/
http://www.slideshare.net/SOURCEConference/security-testing-for-rest-applications-ofer-shezaf-source-barcelona-nov-2011
http://www.petermorin.com/2013/11/pentesting-rest-apis/
https://www.appsecconsulting.com/security-testing/penetration-testing/web-services-penetration-testing
http://www.acunetix.com/blog/releases/scan-rest-apis-using-acunetix-wvs-version-10/
http://resources.infosecinstitute.com/web-services-penetration-testing-part-2-automated-approach-soapui-pro/
https://www.udemy.com/webservices-testing-with-soap-ui/ or http://www.coursedoor.com/downloads/94-off-webservicesrest-api-testing-with-soapui-udemy-coupon/
https://www.quora.com/What-are-the-best-practices-to-secure-an-internal-REST-API-in-the-cloud
https://addons.mozilla.org/de/firefox/addon/restclient/
http://qualifiedourspecialoffer.com/t/red/?utm_source=www.xiom.com&utm_medium=redirect&utm_campaign=general&utm_content=general&utm_term=RESTful%252Bservices%25252C%252Bweb%252Bsecurity%252Bblind%252Bspot%252B%25257C%252BInfoSec%252BaXioms