Note for self api 4 (api protected attack)



Download 15.69 Kb.
Date29.01.2021
Size15.69 Kb.
#55715
PRESENTATION NOTE API 4 - API 8
Miller Jentz ch04, Miller Jentz ch04

Note for self

API 4 (API PROTECTED ATTACK)



  • Cookies designed to remember record of history, but some people stole the cookies because in the cookies itself have confidential data especially when using public wifi.

  • To avoid the non-authenticated identity such as Nigerian scammer

  • Fuzzing is black box software testing technique

API 5 (AUTHORIZATION)

  • In a system, there are many types of user which each of the user has different role, so a system needs to have user role assignment based on the authorization

  • Buyer access and merchant access need to validated first using authorization code before for example OTP making any transaction

API 6 (FLOW CONTROL)

  • Encryption is important in a system to protected data and sensitive information for example home address

  • Tokenization is a process removing sensitive data by replacing weak token to reduce the exposure of data breach.

  • Throttling limit is used to control usage in API by consumer during a given period.

  • Transaction rate limit is a process limit of API. If the transaction limit becomes increase, the API will stop working

API 7 (SSDLC) which is secure software development lifecycle

  • SSDLC is SSDLC (Secure Software Development lifecycle) is a process model used by organizations to build secure applications. for example,

  • code needs to be scanned and reviewed to make sure the vulnerabilities in the coding is found.

  • vulnerability protection is activities for scanning the system vulnerabilities and on the system

  • Traffic behavior and code behavior is determined during the software lifecycle including understand the code before it releases to production.

API 8 (DDoS)

  • where the attacker generates the massive amount of request targeted at the host server and make the system overload and not responding

  • So, for the DDoS attacks can be protected by implementing the security measures can such as Web Application Firewall (WAF) which also can filter and protect e-commerce websites or other websites from frequent attacks, such as SQL Injection.

Download 15.69 Kb.

Share with your friends:




The database is protected by copyright ©ininet.org 2024
send message

    Main page