rest – WindowsTechs.com

standard to identify security checklist for web application/apis

Posted on March 5, 2025 by Anonymous

I am looking for a standard to refer to in order to write a security checklist that could be followed to proactively implement security at design level.
I went through the OWASP ASVS, it mentions some recommendations, but they are generic…. Continue reading standard to identify security checklist for web application/apis→

How to protect web app against login CSRF while also allowing mobile app/curl to access REST API?

Posted on February 24, 2025 by Slav

I am using Django REST framework.
I want a single API for all of my clients (web, mobile, curl).
I understand that I need to include a CSRF token in requests originating from the web client, to protect against CSRF. However, this is not ne… Continue reading How to protect web app against login CSRF while also allowing mobile app/curl to access REST API?→

Microsoft Identity vs ASP.NET Core Identity

Posted on December 7, 2024 by David Thielen

I’ve been using the Microsoft ASP.NET Identity Library. It’s a basic authentication and authorization system that is a DLL that stores everything in my app’s DB. It has screens for forgotten password, verify email, etc. It supports roles &… Continue reading Microsoft Identity vs ASP.NET Core Identity→

Microsoft Identity vs ASP.NET Core Identity

Posted on December 7, 2024 by David Thielen

Log REST API calls in the most auditable way

Posted on June 21, 2024 by gale44

I am working on a data processing task in an enterprise environment with Python3 installed on a client-side Windows Jump server.
I need to download data regularly from a third-party provider, and it is accessed via a REST API.
The business… Continue reading Log REST API calls in the most auditable way→

What is overhead of websocket? [closed]

Posted on October 26, 2023 by SUNITA GUPTA

I read that book websockets are slower than api request if rate of request is Slow. This got me thinking about difference in their overhead, I couldn’t find the actual overhead for websocket, so I am asking question.

Continue reading What is overhead of websocket? [closed]→

API – exposing implementation names, and other details

Posted on August 21, 2023 by Julie

In my new team, we use the API of our internal clients, whose request calls and responses contain names of our accounts with the client – for example: dingobiscuits.vodafone.com/data/fetch-something
And some error messages read detailed co… Continue reading API – exposing implementation names, and other details→

PATCH request on a login attempt

Posted on August 8, 2023 by Jan Safronov

I have a problem deciding what is the most secure method to send a login request with a username and password strings, I understood that PATCH is less secure than PUT while both are less secure than POST, would it be more sensible then to … Continue reading PATCH request on a login attempt→

Can Burp detect new REST APIs exposed on a server

Posted on July 27, 2023 by ethicalhacker

I am trying to write an automated test that runs on all exposed APIs on a server and checks each endpoint for vulnerabilities.
The problem is the server I am testing always has new APIs exposed, so I want my test to automatically detect ne… Continue reading Can Burp detect new REST APIs exposed on a server→

What security issues could occur when generating ids on the client?

Posted on July 13, 2023 by Emmanuel Meric de Bellefon

It’s sometimes convenient to generate ids client-side in a typical CRUD app.
The main benefit is for optimistic updates: you can update your client state with the right id without waiting for the response.
Examples:

The id is used in some… Continue reading What security issues could occur when generating ids on the client?→