rest – WindowsTechs.com

Microsoft Identity vs ASP.NET Core Identity

Posted on December 7, 2024 by David Thielen

I’ve been using the Microsoft ASP.NET Identity Library. It’s a basic authentication and authorization system that is a DLL that stores everything in my app’s DB. It has screens for forgotten password, verify email, etc. It supports roles &… Continue reading Microsoft Identity vs ASP.NET Core Identity→

Microsoft Identity vs ASP.NET Core Identity

Posted on December 7, 2024 by David Thielen

Log REST API calls in the most auditable way

Posted on June 21, 2024 by gale44

I am working on a data processing task in an enterprise environment with Python3 installed on a client-side Windows Jump server.
I need to download data regularly from a third-party provider, and it is accessed via a REST API.
The business… Continue reading Log REST API calls in the most auditable way→

What is overhead of websocket? [closed]

Posted on October 26, 2023 by SUNITA GUPTA

I read that book websockets are slower than api request if rate of request is Slow. This got me thinking about difference in their overhead, I couldn’t find the actual overhead for websocket, so I am asking question.

Continue reading What is overhead of websocket? [closed]→

API – exposing implementation names, and other details

Posted on August 21, 2023 by Julie

In my new team, we use the API of our internal clients, whose request calls and responses contain names of our accounts with the client – for example: dingobiscuits.vodafone.com/data/fetch-something
And some error messages read detailed co… Continue reading API – exposing implementation names, and other details→

PATCH request on a login attempt

Posted on August 8, 2023 by Jan Safronov

I have a problem deciding what is the most secure method to send a login request with a username and password strings, I understood that PATCH is less secure than PUT while both are less secure than POST, would it be more sensible then to … Continue reading PATCH request on a login attempt→

Can Burp detect new REST APIs exposed on a server

Posted on July 27, 2023 by ethicalhacker

I am trying to write an automated test that runs on all exposed APIs on a server and checks each endpoint for vulnerabilities.
The problem is the server I am testing always has new APIs exposed, so I want my test to automatically detect ne… Continue reading Can Burp detect new REST APIs exposed on a server→

What security issues could occur when generating ids on the client?

Posted on July 13, 2023 by Emmanuel Meric de Bellefon

It’s sometimes convenient to generate ids client-side in a typical CRUD app.
The main benefit is for optimistic updates: you can update your client state with the right id without waiting for the response.
Examples:

The id is used in some… Continue reading What security issues could occur when generating ids on the client?→

Can I send confidential information in plain text via an HTTPS POST method?

Posted on June 16, 2023 by BurgerBurglar

I have a web app that collects user SSN and driver license number. A POST API via HTTPS send the data to the server. Can I use plain text to transfer the data? Is it safe enough? Is it in accordance with the laws in the US?

Continue reading Can I send confidential information in plain text via an HTTPS POST method?→

What is the difference between OWASP Top 10 and OWASP Top 10 API

Posted on June 12, 2023 by ethicalhacker

There is the OWASP Top 10 which is the most known one: https://owasp.org/www-project-top-ten/
And there is the OWASP Top 10 API: https://owasp.org/www-project-api-security/
Both lists are very similar, so I am confused why there are 2 list… Continue reading What is the difference between OWASP Top 10 and OWASP Top 10 API→