What are APIs? Why are they important in our life? What can go wrong if they were mishandled? How can we make them more secure?
Our Speaker Asim Jaweesh answers these questions in his presentation on API Insecurity.
13. MESSAGE INTEGRITY
⢠In addition to HTTPS, JSON Web Token (JWT)
⢠JWT guarantee message integrity and authenticate both
sender/ receiver
14. CONFIDENTIALITY
⢠RESTful web services can leak credentials, tokens and API keys
⢠https://example.com/resourceCollection/<id>/action
⢠https://Twitter.com/Jaweesh/lists
⢠https://example.com/controller/<id>/action?apikey=12345678
⢠http://example.com/controller/<id>/action?apikey=987654321
15. RESOURCES
⢠OWASP cheat sheet
⢠History of API
⢠Internet of things definition
⢠SmartBear Practical tips for API
security
16. RECAP
⢠API new business technology.
⢠Gaining popularity and trending.
⢠Can easily wreck your business.
⢠Good API helps your business.
⢠Integrate security in development.
⢠Do periodic security tests.
⢠Spread awareness.