The Login is one of the most common web service requests. The user identification is a usual step for working with any web service, so it is consistent to use the login test step as a starting point for all web service tests.
A typical test case looks like this:
-
Log in.
-
Get a session ID and use that ID in all subsequent requests.
-
Use the session ID to log out.
It is a regular practice to create security tests to ensure the login functionality of regular pages works properly. Still, this practice often remains left out of the web service testing.
| Tip: | The large part of possible attacks is not about actually gaining access to a system, but rather exposing sensitive information in order to get access to the system later. |