Testing web services for security issues may seam challenging at first but it doesn't have to be. I want to show you a quick way to test your web services with our online testing Suite, which is readily available without the need for you install additional software on your computer.
The first step in this web service security testing tutorial is to open the Fuzz tool as seen on the screenshot.
Next we will have to compose the web service request we want to test. A simple copy and paste will get the job done. On the next screenshot we have the POST request pasted in the editor pane on the left.
The next step is to define which points in this request we want to test. In this example I will use a simple character generator which will generate all possible combinations of 3 letter words. Keep in mind that some of these characters will be outside the normal printable ASCII ranges but it is all good because this is more likely to produce interesting results.
We are almost done with this web service security testing tutorial. We just have to click on the Start button and take a few moments until the test is done.
Your web services can now be fully tested without much effort. The Websecurify Fuzz tool will use its powerful analytical engine to figure out when certain combinations trigger security vulnerabilities such as SQL Injection, Cross-site Scripting (XSS), etc.
Job done! Now the process is completely simplified and easy to understand. As I said at the beginning, web service security testing does not have to be challenging at all.