The majority of today's mobile applications utilize some type of web services interface (primarily SOAP and REST) for connecting to back end servers and databases. Properly securing these services is often overlooked and makes them vulnerable to attacks that might not be possible via the traditional web application interface. This talk will focus on methods of testing the security of these services while utilizing commercial and open source tools. We will also highlight some web services of well-known sites that have been recently violated.