Public REST APIs have become mainstream. It is not just startups such as Facebook and twitter at the fore front of the REST revolution. Now, almost every company that wants to expose services or an application programming interfaces does it using a publicly exposed REST API. Although, many people have given talks about attacking REST APIs from a pen-tester's point of view –little discussion has occurred related to application layer vulnerabilities in REST APIs.
This talk gives code reviewers the skills they need to identify and understand REST vulnerabilities at the application code level. The findings are a result of reviewing production REST applications as well as researching popular REST frameworks.