Collaborate Disseminate
I am developing a DOS attack recognition module for application layer requests.
The application has a backend consisting several APIs. They all are connected through an API gateway(developed in Node Js). Every request is recorded to a data… Continue reading Application layer DDOS attack detection – enough to analyse only GET/POST requests?
I am developing a DOS attack recognition module for application layer requests.
The application has a backend consisting several APIs. They all are connected through an API gateway(developed in Node Js). Every request is recorded to a data… Continue reading Application layer DDOS attack detection – enough to analyse only GET/POST requests?
I need some help to understand my problem.
I’m studying a way to provide authentication for my applications.
My scenario:
I have a set of APIs with restricted access and users that will be authenticated and authorized to consume these reso… Continue reading May I use OAuth2 for non third-party applications?
There is a public query form in my web app, and architecture team asking to authenticate the web app with OAuth2 like this, but I don’t believe it will be of any help.
I believe best way to protect is by reCAPTCHA.
Can we prevent DDoS or… Continue reading Can we prevent DDoS or spam form submission with client authentication?
We will be creating a brand new application soon that handles online payments for our firm. We now have several different web applications (in different technologies) running that will all be integrated into our online paymen… Continue reading Integrating web applications into our payment API. How to keep this as secure as possible?
I am currently planning security testing procedures within an API gateway. We want to define in advance what we expect to be covered on the security level.
Scanning REST APIs
(see http://docs.w3af.org/en/latest/scan-rest-api… Continue reading Security aspect in the API gateway area
In my current project I am also setting up the area of security testing. So far there was no way to use security within the REST API development. Beside the known approach, e.g. using static software solutions within a stagin… Continue reading Rest API Security Guideline. Developer Rules?
I have a website and i want to consume public API from third party services such as Zoopla, weather etc.
I want to ensure i do not consume malicious code/malware from the data retrieved from the 3rd party services.
What ar… Continue reading Security considerations of consuming public API
We have been investigating proper mechanism to secure microservises that we are going to provide as API endpoints via API manager application.
Fundamentally we need stateless security mechanism like JWT to secure each API en… Continue reading How to use Oauth2 and JWT to secure microservice architecture?
I work at a small consultancy and we often make web apps for our clients. One part of the web app that is often repetitive to write is the authentication system. In a lot of our web apps we would like to support OAuth login… Continue reading Would a reverse-proxy authentication server be a secure setup?