REST Web Services API Vulnerability Testing (VAPT)

What are the different versions of HTTP?

HTTP has four versions: HTTP/0.9, HTTP/1.0, HTTP/1.1, and HTTP/2.0. Today the version in common use is HTTP/1.1 and the future will be HTTP/2.0

What is API push?

The Push API enables sending of a push message to a web application via a push service. An application server can send a push message at any time, even when a web application or user agent is inactive. The push service ensures reliable and efficient delivery to the user agent.

Is REST API push or pull?

a. REST APIs together with JSON are commonly used by modern web applications to export their services. However, these services are usually reachable in a pull mode which is not suitable for accessing changing data.

b. If you're taking information out of a database, out of a system, that's pulling. If you're putting information into a database, you're pushing.

Are RESTful services stateless?

REST APIs are stateless because, rather than relying on the server remembering previous requests, REST applications require each request to contain all of the information necessary for the server to understand it. Storing session state on the server violates the REST architecture’s stateless requirement. As a result, the client must handle the complete session state.

What are the benefits of Statelessness in RESTful web services?

The benefits of statelessness in RESTful Web Services −

  1. Web services can treat each method request independently.
  2. Web services need not maintain the client's previous interactions. It simplifies the application design.
  3. As HTTP is itself a statelessness protocol, RESTful Web Services work seamlessly with the HTTP protocols.

Is OAuth more secure than SAML?

OAuth is more tailored towards access scoping than SAML. Access scoping is the practice of allowing only the bare minimum of access within the resource/app an identity requires once verified. For instance, OAuth is often used when a web app requests access to your system's microphone and camera.

Is microservice same as API?

Microservices is an approach to building an application that breaks its functionality into modular components. APIs are part of an application that communicates with other applications.

How to automate REST API?


  1. Send API commands to the server and validate responses.
  2. Use values from responses as parameters in test steps.
  3. Combine REST API and recorded UI steps within the same automated test to achieve end-to-end testing.
  4. Analyse reports.

Which tool is best for API automation?

Top 10 automation testing tools :

  1. Selenium
  2. Appium
  3. Katalon Studio
  4. Cucumber
  5. HPE Unified Functional Testing (UFT)
  6. SoapUI
  7. TestComplete
  8. Worksoft
  9. IBM Rational Functional Tester (RFT)
  10. Telerik Test Studio

What is a REST endpoint?

A REST Service Endpoint is an endpoint which services a set of REST resources.

Is REST platform dependent?

REST services are Platform and Language independent. Since it is based on HTTP standards, it can easily work in the presence of firewalls. Like WebServices, REST doesn't offer any inbuilt security, session management, QoS guarantee but these can be added by building on top of HTTP.

What are disadvantages of REST API?


  1. The biggest problem with REST APIs is the nature of multiple endpoints.
  2. These require clients to do multiple round-trips to get their data.
  3. REST is lightweight architecture but it is not suitable to handle a complex environment.
  4. REST requests (especially GET) are not suitable for large amounts of data.
  5. In a REST API, there is no client request language.clients do not have control over what data server will return.
  6. Over-fetching of information is a waste of network and memory resources for both the client and server.

Can REST be used with firewall?

a. Firewalls blocking HTTP PUT/DELETE are typically blocking incoming connections (to servers behind the firewall). Assuming you have controls over the firewall protecting your application, you shouldn't need to worry about it.

b. Also, firewalls can only block PUT/DELETE if they are performing deep inspection on the network traffic. Encryption will prevent firewalls from analyzing the URL, so if you're using HTTPS clients accessing your web service will be able to use any of the standard four HTTP verbs.

Can a firewall block POST requests?

Yes. Conceptually, a firewall appliance (or a firewall application) will be able to distinguish between HTTP and HTTPS requests and, in the case of HTTP requests, will be able to view all the data being transmitted (not just the domain and IP). It can then block or modify any data going through.


For APIs, the most widely used and well-known data formats are JSON and XML

What is a REST API design?

REST API. Is designed to take advantage of existing protocols. While REST can be used over nearly any protocol, it usually takes advantage of HTTP when used for Web APIs. This means that developers do not need to install libraries or additional software in order to take advantage of a RESTAPI design. REST API design was defined by Dr. Roy Fielding in his 2000 doctorate dissertation. It is notable for its incredible layer of flexibility.

How do you call REST API from browser?

To access a REST call with a browser, complete the following steps: Enter the appropriate URL using either HTTP or HTTPS. The first time you access the TADDM REST API using a browser, a login page prompts you for a valid TADDM user ID and password.

What port does REST API use?

The search REST API is available on search servers and listens on the search application port, which by default is port 8393 if you use the embedded web application server.

What is difference between API and URL?

URL is a just a link to any website from where you can scrap data , or crawl or do anything the way you want manually. API are special URLs / links , which provide data in json format so that we can parse them and use them in the way we need to use them. They are not like a website , but kind of some data providers.

What is the difference between URL and endpoint?

The endpoint is focused on the URL that is used to make a request. The term resource is focused on the data set that is returned by a request. Whereas, URL is an acronym for Uniform Resource Locator and is a reference (an address) to a resource on the Internet.

Our Culture

Valency Networks is a very agile, friendly and fun loving atmosphere and yet we maintain a cutting edge technical vibrant work environment.