It’s that time of the year again folks when security experts release the most...
by Vindhya Nagaraj
1. REST Introduction
The usage of Twitter, Amazon, Google Maps, e-bay and many other applications has become extensive. The ease of development and access of such applications is due to the implementation of a web service which is simple yet supports complex functionalities; called Representational State Transfer (REST).
Before starting with REST lets understand what a Web service is. A Web service is a software system designed to support interoperable machine-to-machine interaction over a network. In layman terms they are the calls made by the application to a service present on the web to perform the specified actions.
REST was introduced and defined in 2000 by Roy Fielding. Rest is a stateless architecture which uses a client-server, cacheable communication protocol HTTP. It is an Application Programming Interface (API) which performs all the functions using HTTP methods.
Features of RESTful Web Services:
1. Client-server module:
REST has uniform interface with different separates clients from servers. Servers and clients may be replaced and developed independently, as long as the interface between them is not altered.
The RESTful Web Service does not maintain state; the client–server communication is further constrained by no client context being stored on the server between requests. The server does not store any client specific data. Each request from the client contains all of the information necessary to service the request, and any session state is held in the client.
REST web services allow the clients to cache the responses. However, responses must be implicitly or explicitly defined themselves as cacheable, or not. Well-managed caching partially or completely eliminates some client–server interactions, further improving scalability and performance.
4. Layered System:
A client cannot ordinarily tell whether it is connected directly to the end server, or to an intermediary along the way. Intermediary servers may improve system scalability by enabling load-balancing and by providing shared caches. However, proper security policies have to be enforced in order to prevent information leakage.
RESTful web services are the API calls which work like any other HTTP requests. In HTTP to access any page, a request is made to the corresponding URL. Similarly in REST, each resource will be assigned with a distinct URI(Uniform Resource Identifier). REST performs the following actions using the HTTP methods give below:
Action -> HTTP method
Create -> PUT
Read -> GET
Update -> POST
Delete -> DELETE
Advantages of RESTful Web services:
REST is stateless, simple, lightweight and fast and works on the standard HTTP protocol.
It uses a standardized XML messaging system.
It is time-conserving.
It supports custom coding.
It works on any operating system and programming language.
The resources are not restricted to a specific extension and it can be accessed in a various formats such as HTML, XML, plain text, PDF, JPEG, JSON, and others.
Difference between Simple Object access Protocol (SOAP) and REST
|1.||REST is an architectural style that is defined for web service communication||SOAP is protocol used in web services communication|
|2.||Every REST resource has a specific URI||SOAP uses interfaces and named operations to expose resources|
|3.||REST is stateless||SOAP maintains the state of the user|
|4.||REST is a client-server module and not suited for distributed computing environment.||SOAP has a standardized mechanism where the data is managed at a Service registry. The service provider and consumer binds with each other using the service registry and Uniform Description, discovery and Integration (UDDI)|
|5.||Message communication protocol can be either XML,JSON or other valid mime types.||Message communication protocol is XML.|
|6.||No WSDL (Web Services Description Language) interface definition||SOAP has a well-defined mechanism for describing the interface.|
|7.||The Transport protocol is HTTP.||SOAP works with HTTP, SMTP, JMS|
|8.||REST is lightweight and easy to design.||SOAP is bulky and complex|
|9.||REST provides caching of resources.||SOAP does not support caching.|
|10.||Best suited for mobile applications and other simple modules.||Supports complex applications like online banking.|
2. Deploying a simple RESTful web service
RESTful web service can be deployed using any language and it does not require a WSDL. I have used the Recess Framework to build the Restful web service.
The full article would be published soon in Hakin9 Magazine. Follow our website to not miss it!
About the author:
Vindhya Nagaraj is an Ethical Hacker working in the field of Information Security. She holds Engineering degree from VTU in Telecommunication. Detecting new challenges, approaches to break into the system and finding solutions to patch them and ensuring the data is secure is what keeps she on her toes and gives her the edge to explore and learn about various aspects of security. Pentesting web applications is her area of interest in the field of Information Security.