As a light weight alternative to web services, RESTful services are fast becoming a leading technology for developing mobile applications and web 2.0 sites. At first glance, RESTful services seem very different than web services and suspiciously similar to regular web technology. The similarity of RESTful services to regular web leads to the mis-conception that RESTful services are secured in the same way. However, RESTful services share many of the security risks of web services without the compensating Web Services security controls. The presentation will describe RESTful services and their use, the complexities in protecting them and common attack vectors that specific to REST services such as ULR embedded attacks. The presentation concludes with a discussion of the challenges of security testing for RESTful services and present novel approaches for automated testing of RESTful services using grey-box testing, a method combining a client attack tool and a server based monitor.