This content originally appeared on DEV Community and was authored by Bishwas Bhandari
One of the member in webmatrices forum asked "How do I make sure that the API I built is secure from Injection, Cross-site scripting, Distributed denial-of-service (DDoS), Man-in-the-middle (MitM) and Credential stuffing?"
And he got answered with:
How do you can make sure API is secure?
Encrypt traffic using TLS.
Don’t expose more data than necessary.
Use Rate limiting.
use a web Application firewall..
Remove information that’s not meant to be shared. Because APIs are essentially a developer’s tool, they often contain keys, passwords, and other information that should be removed before they’re made publicly available. But sometimes this step is overlooked. Organizations should incorporate scanning tools into their DevSecOps processes to limit accidental exposure of secret information.
Validate input. Never pass input from an API through to the endpoint without validating it first.
Practice the principle of least privilege. This foundational security principle holds that subjects (users, processes, programs, systems, devices) be granted only the minimum necessary access to complete a stated function. It should be applied equally to APIs.
Use a strong authentication and authorization solution. Poor or non-existent authentication and authorization are major issues with many publicly available APIs. Broken authentication occurs when APIs do not enforce authentication (as is often the case with private APIs, which are meant for internal use only) or when an authentication factor (something the client knows, has, or is) can be broken into ...
This content originally appeared on DEV Community and was authored by Bishwas Bhandari
Bishwas Bhandari | Sciencx (2021-11-14T01:18:40+00:00) How do I make sure API is secure?. Retrieved from https://www.scien.cx/2021/11/14/how-do-i-make-sure-api-is-secure/
Please log in to upload a file.
There are no updates yet.
Click the Upload button above to add an update.