Introduction to API Security
Learn about the security principles and the process of implementing security in API design.
We'll cover the following...
Introduction
With the popularity and usage of APIs growing exponentially each year, API exploitations have become a key attack
We need application security (both client and server side) and data security (both at rest and in transit). Therefore, API security becomes a combination of all these security methods plus network security:
Let's suppose we have an API like Spotify, which uses our Google account to log in. What are the protocols and procedures we should follow to make sure our sign-in information isn't intercepted or tampered with by a third party? Why do we use Google to sign in to our Spotify account? What level of information should be shared between the application to authenticate the user? To answer these questions, we'll focus on the security aspects of API design through elements, such as authentication, authorization, encryption, access control, etc., to protect not only the data in our APIs but also the data it's accessing and transferring.
As time goes on, the number of digital
Distributed denial of service: This is when multiple machines target a specific entity in our system by overloading it with requests to disrupt its regular functioning. The attack traffic in this method is usually in the form of a
.botnet A botnet is a group of exploited machines altered due to malware. Such machines combine to create a network of bots to work on an attacker’s agenda. Insufficient ...