Collaborate Disseminate
I’m searching for a tool (antimalware / antivirus) that exposes a REST API and accept me to pass a base64 encoded file in order to check if it’s a malicious one or not. I’ve tried the ClaimAV but it does not detect that a bat… Continue reading tool with rest api to scan base64 encoded files
I am creating a website which solely uses REST api for all the features and functionality, from signup and login to fetching data and populating the webpage using Mustache as template engine for objects.
Authentication is … Continue reading How to prevent self-XSS?
Oauth2 documentation got me a little confused.
I want to protect my api against unauthorized acesss with a prive/public key aproach.
The clients are embedded devices, which would get the keys from an nfc-tag at initializatio… Continue reading Hmac and oauth2
I do understand that a header is the “cleaner” solution to transport an auth-token from a trusted system to another in a REST call. But when you are in client-side JavaScript code, the world looks different to me.
Cookies can be marked as… Continue reading Store Auth-Token in Cookie or Header?
I’m securing API calls to a REST service I’m building using API Keys. The plan is to:
When we get a new client, generate an API Key (a UUID).
Email the API key to them.
They send the API key on every call to our service (ov… Continue reading Do I need to hash or encrypt API keys before storing them in a database?
I’ve been reading a lot about stateless authentication systems, and I want to implement something with JWT for the first time, but now I’m concerned about how to properly (and securely) consume a RESTful service with this aut… Continue reading Store splitted JWT for CSRF protection and refresh strategy
I am looking for ideas today.
The problem:
Sensitive files are sent via REST (over SSL, of course) to a third-party server. I cannot touch them programmatically until they arrive at the server. Those files are stored there u… Continue reading Secure way to send files to server, store, then retrieve
Currently I have a raspberry pi connected to my home security system. I have written a Python daemon running a HTTP server (very insecure I know, but this is still under construction) so I can send it POST requests to arm my … Continue reading Best way to secure local REST server?
I am creating an API and I am thinking of using an encrypted value of some random password as the value to store for the plain text representation of my signing key. Is this just a vain attempt to make things look secure or i… Continue reading Is there any reason to use an encrypted value for the plain text signing key?
I am using the VMWare-developed Burp API (https://github.com/vmware/burp-rest-api) in order to try to automate web application scanning for my application. For an example, if I was attempting to test port 85 of localhost, the… Continue reading Using burp-rest-api, how do I log into my web application in order to scan for vulnerabilities?