Collaborate Disseminate
I’m building a hobby application, and I’d prefer it not end up on a cyber-security expert’s list of insecure sites.
My application can post to Twitter on behalf of a user. This required implementing the OAuth 1.0a specificat… Continue reading Does an OAuth1.0a HTTP GET endpoint in my API present a security vulnerability?
Can anyone provide direction on how to add a Rest API to an existing Azure .net website as an alternative to receive private information? Like many website, we already have good U&P authentication via .Net Identity Framew… Continue reading Securing Rest API content using .Net Identity Framework [migrated]
If my Restful Flask API doesn’t need user login, then are the following features enough for the API security:
There is only a get method in my API, no put/delete methods.
Queries are parametrized for MySQL.
User inputs are santized… Continue reading No put/delete in API, parametrized query, sanitized user input – enough for API security
I need to implement a web application for user to update personal information. It consists of a page listing masked personal information and then a button which allows user to edit & update them.
I think the list functio… Continue reading Secure Personal Information for Restful API
I need to implement a web application for user to exchange money. The application needs to invoke API #1 to retrieve exchange rate and show it on the screen for confirmation. And then invoke another API #2 (same API provider)… Continue reading Secure Exchange Rate for Restful API
I am building an internal admin panel for my team that will communicate to the backend server using a REST API.
One of the API calls that will be performed will be an “authorization check” where the frontend will ask for the… Continue reading How do I detect spoofed REST API responses in my webapp?
1) I am currently building a RESTful API which acts as a middleman between clients and an authentication server. A client gives me some account details and my server passes them to the auth server who then returns a csrftoken… Continue reading Node.js Cookies/Tokens (Access & Refresh) – OAUTH2 – How to store tokens and time/function refreshing
Love it or hate it, for many people embedded systems means Arduino. Now Arduino is leveraging its more powerful MKR boards and introducing a cloud service, the Arduino IoT Cloud. The goal is to make it simple for Arduino programs to record data and control actions from the cloud.
The program is in beta and features a variety of both human and machine interaction styles. At the simple end, you can assemble a dashboard of controls and have the IoT Cloud generate your code and download it to your Arduino itself with no user programming required. More advanced users can …read more
In order to test the security of my API, I want to act as sort of an attacker in order to try and gain access to my own API without an API key.
In order for me to send requests to this endpoint, I need to include a 32 long c… Continue reading Unauthorized API Access Without Key Header
We are discussing about making available through the internet one of our microservices deployed on a public cloud on Kubernetes. This ms offers some sensitive information to the clients.
This microservices will be protected … Continue reading Is IP whitelisting safe enough for a HTTP Basic protected service available on the internet?