Testing for WS HTTP GET parameters/REST attacks (OWASP-WS-005)

HTTP GET parameters. Many XML applications are invoked by passing them parameters using HTTP GET queries Example: The HTTP request with query string /viewDetail=detail-10293, the HTTP GET parameter is detail-10293). These are sometimes known as “REST-style" Web Services. These Web Services can be attacked by passing malicious content on the HTTP GET string (e.g. Extra long parameters (2048 chars), SQL statements/injection or OS Injection parameters).