Penetration/Vulnerability testing for REST web services

Question

Is there any tool to perform penetration/vulnerability testing on REST web services ?

Questions seeking product recommendations are off-topic as they become obsolete quickly. Instead, describe your situation and the specific problem you're trying to solve. — e-sushi, Jul 24 '13 at 17:15

score 3 · Answer 1 · answered Jul 24 '13 at 17:03

To test REST web service I intercept the traffic from a legitimate client and then fuzz the intercepted requests using BURP's intruder module. OWAP's ZAP is free and will also do the trick.

When you fuzz any interface you need to have custom data set and you need to understand what can go wrong and how to identify vulnerabilities. This is not something for a novice to undertake.

Penetration/Vulnerability testing for REST web services

1 Answers1