Professional Documents
Culture Documents
Marditech Younes
Marditech Younes
Présentation
API Security: REST
Table of contents
1 Introduction
5 Conclusion
Introduction
Common Threats :
Broken Function Level Authorization (BFLA)
Common Threats :
Broken Object Level Authorization (BOLA)
Common Threats :
Injection attacks: SQL Injection
Best Practices for Securing APIs
Broken Function Level Authorization (BFLA)
Use JSON Web Tokens (JWTs): JWTs are a secure method of transmitting
authentication data between two parties. By using JWTs, organizations can
ensure that only authenticated users are able to access specific functions and
resources.
Best Practices for Securing APIs
Broken Object Level Authorization (BOLA)
Use Access Tokens: Access tokens are a type of security token that is issued by
an application to an authenticated user. These tokens can be used to verify
the user's identity and access privileges without the need for re-
authentication. By using access tokens, organizations can prevent
unauthorized access to resources or functionality.
Use Authorization Policies: Authorization policies are rules that specify which
users or groups are authorized to perform specific actions on resources. By
implementing authorization policies, organizations can ensure that only
authorized users have access to specific resources or functionality.
Best Practices for Securing APIs
Injection attacks: SQL Injection
Use Database Firewalls: Database firewalls can help prevent SQL injection
attacks by monitoring database traffic and blocking any suspicious queries.
These firewalls can also enforce SQL syntax rules and restrict user privileges to
reduce the risk of SQL injection.