Securing APIs, IT PRO Meetup part2

IT Pro Meetup (part 2) – Securing APIs

The second topic covered in the Burgas IT Pro Meetup is Securing RESTful APIs by Zlatomir Haralambov. He is a senior software engineer in Codific mainly involved in projects focussing on security. He said that – some people may try to convince you that you can create a secure API within 10 minutes, but you shouldn’t get fouled. There is a lot of stuff that you have to keep in mind when you work on the security part of your project. You won’t let your car unlocked, why would you do so with your data. Implementing and deploying APIs in a secure manner is essential and Zlati showed us a few tips and tricks.

Mandatory use of the HTTPS.
Implementation of Rate limits.
Proper Authorization
Security Tokens in the Header and the Cookies
CSRF attacks protection
Enforcement of strict CORS policies
Cookies vs JWT vs Authorization headers

Check the video to see if your are missing something on Securing APIs. Stay protected, stay secure!

You can also check part 1- Temple OS

Hungry for more of this?


Subscribe to our blog! Get the latest news and the hottest tips and tricks.
We won't spam you - we promise.


Related Posts

software-security

28

Jun
Security

Security is free. It’s not a gift, but it is free.

In 2017 someone submitted a bug report to Mozilla Firefox bug-reporting service complaining about the HTTPS warning. “Your notice of insecure password and/or log-in automatically appearing on the log-in for my website, Oil and Gas International, is not wanted and was put there without our permission,” a person wrote here. “Please remove it immediately. We have our […]

25

Jun
Inteview

Interview with Zlatomir Haralambov

Hey, have you meet our team already? We have made a series of short interviews with our crew so you can have an insight view of Codific. In this video, you will meet Zlati, one of our senior developers, who works for Codific for more than 2 years. Like many young people, Zlati is looking for challenges[…]