Rest will breakdown the request to smaller units which can be edited and customized individually. This helps immensely as we don't need to waste time on the various encodings that the HTTP protocol is made of and concentrate on the actual task. Various convoluted data-transport schemes such as multipart forms (i.e. upload forms) are handled automatically. Adding and removing and temporary turning off information is also trivial via the "request builder", which also supports "variables".

Once we make the required request customization to fit our test, we can send the actual request. Press on the Play button located at the top left. The response will appear in the response viewer located on the right of the request builder.

Although manual security testing requires a bit of experience and familiarity with common vulnerabilities, we have introduced a number of features to make the process as easy as possible so that you can easily test, drill further or move on to the next request. We are talking about the "Passive Analyzer", "Diff View" and "HTML Preview" features.

Just like the HTTPView, Rest also has a passive analyzer which can help us identify vulnerabilities automatically. For example, if we test for some SQL Injection condition which results in an error hidden deep inside the resulting HTML source code, we don't need to manually look for it because the passive analyzer will pick this information automatically and display the information in the "Issues" tab. This is a huge time-saver as we combine manual efforts with fully automated vulnerability detection features of our web security testing engine. We have your back! We can't leave you on your own.

One of the most powerful features when doing manual web security assessments is to use the "Diff View". With diff you we can compare the current response with any of the previous responses. This method helps you quickly identify the things that changed in the response and as a result increase your focus on the given task. For example, if we looking for a Cross-site Scripting vulnerability, we can easily identify how our efforts to bypass the validation routines affect the end result. We don't need to scroll into a particular area. We can simply execute the change and see in the diff view the actual change, stripping away the boilerplate that comes with the rest of the response that is irrelevant to the current task.

Last but not least, the HTML View help us render the result in an actual browser so that we can see exactly how our manipulated request affected the application. This can give us further visual clues that can help us discover vulnerabilities.

Once we are done with the request, we may want to save it in our project. Click on the projects button from the toolbar, select your project folder if not selected and click save or save as. Now you can go back to your work at later stage. You can also fork your current work so that you can continue manipulating it without loosing the current changes or affecting your save. Saving is optional, so save what you think is relevant to your project.