The leading provider of security risk intelligence solutions, Rapid7 announced an industry collaboration between one of the company’s senior most consultants and industry experts from of SecureState and Secure Ideas.

In a press release, Rapid7 said that its senior security consultant and researcher, Joshua “Jabra (News - Alert)” Abraham, has teamed up with Tom Eston of SecureState and Kevin Johnson of Secure Ideas. In a joint session at Black Hat USA 2011 and DEF CON 19, these industry veterans are going to jointly present their ground breaking research on testing Web services. According to Rapid 7, the trio is going to disclose a new Web services testing methodology and portfolio of open source testing tools. This development answers a longstanding industry need for clarification on Web services testing and stronger testing solutions, and will provide immediate relief for penetration testers, the sources at the company revealed.

According to the industry experts, the security industry currently lacks the understanding of Web services testing. Testing methodologies lack technical details on how to properly test Web services, focus on old technology and vulnerabilities, and ignore a complete threat model for Web services. The teaming up of rapid 7, SecureState and Secure Ideas is expected to provide an answer to this problem.

Currently, penetration testers either use production systems or build their own system for Web services. Both leads to a complex, time-consuming process and this has led the industry leaders think about the development of a practice application, that will be publicly available. The collaboration will enable the development of a new methodology for Web services testing. This will help penetration testers to focus more on the process they are following and change the way that security professionals think about Web services testing.

The team has created a portfolio of open source solutions, including modules that work with the well-known Metasploit Framework that will be released immediately during the Black Hat presentation, the company officials noted in a statement.

 “Web services connect many back-end systems over the Internet and have therefore become an essential part of enterprise Web infrastructures. However, as Web service usage continues to rapidly increase, it has quickly become clear that the testing process is insufficient and confusing for penetration testers,” said Abraham. “In the past few years there have been several attacks against common Web services management interfaces, highlighting a need for enhancements for even the most versatile tools. This research aims to improve the Web service testing process; provide the ability to better scope Web service tests; and ensure penetration testers are testing all of the crucial elements of Web services.”

The security trio’s presentation will take place at Black Hat on Thursday, August 4, 2011 at 10:00 a.m. PT in the Roman Room at Caesar’s Palace and at DEF CON on Saturday, August 6, 2011 at 10:00 a.m. PT at Track Two in the Rio.

The tools will be released at Black Hat with links available immediately. The solutions are also open for further development from the community.