The Login is one of the most common web service requests. The user identification is a usual step for working with any web service, so it is consistent to use the login test step as a starting point for all web service tests.
A typical test case looks like this:
Log in.
Get a session ID and use that ID in all subsequent requests.
Use the session ID to log out.
It is a regular practice to create security tests to ensure the login functionality of regular pages works properly. Still, this practice often remains left out of the web service testing.
Tip
The large part of possible attacks is not about actually gaining access to a system, but rather exposing sensitive information in order to get access to the system later.