The need of supporting REST Services on top of OWASP O2 Platform
I have been talking to Dinis Cruz about the importance of supporting REST Services on top of OWASP O2 Platform. Web Services, now a days, are a strong platform in software engineering and looking at the future, it is going to be even stronger than now.
But, what is REST and why should we embrace it?
REST stands for Representational State Transfer, a term coined by Roy Thomas Fielding in 2000 as a part of his dissertation. So as you can see this is not a new topic, but I would say it has been broadly embraced during the last years by the industry. REST is not an architecture, but it is an architectural style to build services on top of the Web, it is basically a set of constraints based on the core principles of the WEB. REST uses all the strengths of the WEB that have made it the most distributable and interoperable system.
Web Services are not a new topic, people (even those outside of the computing world) have been using this word to refer themselves to interoperability and accessibility, specifically in business, where this topic as been adopted as a platform to provide information around the world.
But we are always looking for a better approach, a best way to provide solutions, with low-cost and with reasonable responses times to the end-user and of course we are also concerned about security
Interoperatibility, Scalability , Performance and Security :A combination of topics that we would like to achieve.
REST Services take advantage of the WEB , using the principles defined to make it the most distributed system, rather than focus on actions (like SOAP), it uses all the HTTP verbs to interact with resources and it does not relay only in HTTP POST. The need of creating more scalable services is a challenge everyday, specifically because we are moving to the mobile world and we have some limitations that force us to use a better approach to improve the user experience.
But we are not just concern about performance, we are also concerned about security. If you are thinking why a person would attack a web services, then I would say that due to the interoperability and the data exchange performed in Web Services, the attacker would expect to find any way to get into the back-end system or steal any kind of information. Having said that, we would like a mechanism add value with O2 Platform into the REST world.
How could we integrate REST Services on top of O2 Platform?
I’m happy to say that we are currently supporting OData Services in O2 Platform . OData is short for The Open Data Protocol and is consistent with the way the Web works. Dinis added support for OData in O2. This is an important step because we are able to work not only with SOAP based Web Services but also with REST Services which increase all our coverage in the Web Services world.
The next steps would be to write use cases and probably some automation work and Unit Testings that increases the support of REST in O2 Platform.
About
The O2 platform represents a new paradigm for how to perform, document and distribute Web Application security reviews. O2 is designed to Automate Security Consultants Knowledge and Workflows and to Allow non-security experts to access and consume Security Knowledge.
O2 can also be a very powerful prototyping and fast-development tool for .NET. Most O2 APIs are written using a Fluent API design, and its core has been published as a separate project called FluentSharp (hosted at CodePlex)
Download
Windows ClickOnce Installer:
Mailing List
The best place to keep updated with the lastest news and developers it to subscribe to the OWASP O2 Platform Mailing list (you can read its archives here)
