API Security Architect source: https://apiacademy.co/category/api-tutorials/api-security/ 1. Introduction to API security 1.1 API Audience Private, Public, Partner 1.2 API Security Domain EndUser, Administrators, Developers - several interconnection endpoints APIs increase the attack surface 1.3 Common Web Attacks Cross-Site Scripting Denial of Service Man in the Middle Cross-Site Request Forgery SQL Injection Overflow Security organization: OWASP Open Web Application Security Project 1.4 Mitigating API Threats Rate Limiting Message Validation Encryption and Signing TLS Trust Attacks Certificate Authority Vulnerabilities Human Vulnerabilities Man in the Middle Access Control HTTP Access Control Basic Authentication Digest Authentication 1.5 Best Practices for API Security Security - Authentication and Authorization Protection - OWASP API vulnerabilities Throttling - quota on requests and retries Continuous API Monitoring Resquest/Response Payload Validation Error Han...
software engineering