Collaborate Disseminate
I have a REST API and I want to handle all HTTP requests via POST.
Is there any security issue in using just POST to perform all CRUD operations requested by a user, which sends JSON specifying the operation to be performed (and other inf… Continue reading Does PUT or DELETE offer any security advantage over GET or POST?
We are trying to bulletproof our server from DDoS / MIM etc.
Use case:
Clients (<5 in number) want to get some data from remote server
Client open SSH connection to server, they can now access GET REST
APIs on server.
Is this a saf… Continue reading Private REST API accessible only via SSH?
We are trying to bulletproof our server from DDoS / MIM etc.
Use case:
Clients (<5 in number) want to get some data from remote server
Client open SSH connection to server, they can now access GET REST
APIs on server.
Is this a saf… Continue reading Private REST API accessible only via SSH?
In theory, crooks could mess up your site so vistors can’t see your content, then lock you out so you can’t jump in and fix it. Continue reading Don’t get locked out of your own website – update this WordPress plugin now!
I have a personal service which is deployed on one VPS. The service works based on http requests, and it is due specific goal and handling three types of requests.
The order matters in the requests. Client send requests, it usually takes s… Continue reading It seems someone or something is replicating my requets
What I am building is service that can be consumed by third-party. Something like Omdb API for example.
For my service to be functional I needed to disable CSRF on some endpoints.
How can I secure them? To make CORS rules? To whitelist … Continue reading How to secure API used by third-parties?
What I am building is service that can be consumed by third-party. Something like Omdb API for example.
For my service to be functional I needed to disable CSRF on some endpoints.
How can I secure them? To make CORS rules? To whitelist … Continue reading How to secure API used by third-parties?
I am developing secure payment APIs, i want to avoid manipulation of API parameters and fired same API again. For example, following is the API call
https://api.payment.com/wallet/transfer?from_account=123&to_account=456&amount=10… Continue reading How to secure REST API for parameter manipulation?
I have implemented a backend as a REST API. To maintain the statelessness in REST, I intend to use JWT to verify that that a user has logged in or not.
(A user is logged in if a valid token is present in headers. Not logged in if a token i… Continue reading How to ensure JWT security in authentication?
I have implemented a backend as a REST API. To maintain the statelessness in REST, I intend to use JWT to verify that that a user has logged in or not.
(A user is logged in if a valid token is present in headers. Not logged in if a token i… Continue reading How to ensure JWT security in authentication?