diff --git a/restws.entity.inc b/restws.entity.inc
index c351b1a..aed13c8 100644
--- a/restws.entity.inc
+++ b/restws.entity.inc
@@ -118,6 +118,15 @@ class RestWSEntityResourceController implements RestWSResourceControllerInterfac
     catch (EntityMetadataWrapperException $e) {
       throw new RestWSException($e->getMessage(), 406);
     }
+
+    $entity_info = entity_get_info($this->entityType);
+    if (isset($entity_info['bundle keys'])) {
+      foreach ($entity_info['bundle keys'] as $bundle_key) {
+        if (!array_key_exists($bundle_key, $values))
+          throw new RestWSException('Missing bundle: ' . $bundle_key, 406);
+      }
+    }
+
     $properties = $wrapper->getPropertyInfo();
     $diff = array_diff_key($values, $properties);
     if (!empty($diff)) {
diff --git a/restws.module b/restws.module
index d2da29e..812be41 100644
--- a/restws.module
+++ b/restws.module
@@ -177,7 +177,7 @@ function restws_menu_alter(&$items) {
     $menu_path = isset($info['menu_path']) ? $info['menu_path'] . '/%' : $resource . '/%';
     // Replace existing page callbacks with our own (e.g. node/%)
     if (isset($items[$menu_path])) {
-      // Preprend the page callback and the resource to the page arguments.
+      // Prepend the page callback and the resource to the page arguments.
       // So we can re-use it on standard HTML page requests.
       array_unshift($items[$menu_path]['page arguments'], $resource, $items[$menu_path]['page callback']);
       $items[$menu_path]['page callback'] = 'restws_page_callback';
@@ -200,7 +200,7 @@ function restws_menu_alter(&$items) {
     // @todo fix 'menu path'
     if (!isset($info['menu_path'])) {
       if (isset($items[$resource])) {
-        // Preprend the page callback and the resource to the page arguments.
+        // Prepend the page callback and the resource to the page arguments.
         if (!isset($items[$resource]['page arguments'])) {
           $items[$resource]['page arguments'] = array();
         }
diff --git a/restws.test b/restws.test
index 61dced7..d2c23de 100644
--- a/restws.test
+++ b/restws.test
@@ -80,6 +80,22 @@ class RestWSTestCase extends DrupalWebTestCase {
   }
 
   /**
+   * Tests malicious requests.
+   */
+  function testMaliciousRequests() {
+    // Assure that nodes without types won't be created.
+    $account = $this->drupalCreateUser(array('access content', 'bypass node access', 'access resource node', 'administer users'));
+    $title = $this->randomName(8);
+    $new_node = array(
+      'body'  => array(LANGUAGE_NONE => array(array())),
+      'title' => $title,
+    );
+    $json = drupal_json_encode($new_node);
+    $result = $this->httpRequest('node', 'PUT', $account, $json);
+    $this->assertResponse('406', 'Missing bundle: type');
+  }
+
+  /**
    * Tests using the xml formatter.
    */
   function testXmlFormatter() {