Note for self api 4 (api protected attack)

API 4 (API PROTECTED ATTACK)

• 
  Cookies designed to remember record of history, but some people stole the cookies because in the cookies itself have confidential data especially when using public wifi.
  
• 
  To avoid the non-authenticated identity such as Nigerian scammer
  
• 
  Fuzzing is black box software testing technique
  

• 
  In a system, there are many types of user which each of the user has different role, so a system needs to have user role assignment based on the authorization
  
• 
  Buyer access and merchant access need to validated first using authorization code before for example OTP making any transaction
  

• 
  Encryption is important in a system to protected data and sensitive information for example home address
  
• 
  Tokenization is a process removing sensitive data by replacing weak token to reduce the exposure of data breach.
  
• 
  Throttling limit is used to control usage in API by consumer during a given period.
  
• 
  Transaction rate limit is a process limit of API. If the transaction limit becomes increase, the API will stop working
  

• 
  SSDLC is SSDLC (Secure Software Development lifecycle) is a process model used by organizations to build secure applications. for example,
  
• 
  code needs to be scanned and reviewed to make sure the vulnerabilities in the coding is found.
  
• 
  vulnerability protection is activities for scanning the system vulnerabilities and on the system
  
• 
  Traffic behavior and code behavior is determined during the software lifecycle including understand the code before it releases to production.
  

• 
  where the attacker generates the massive amount of request targeted at the host server and make the system overload and not responding
  
• 
  So, for the DDoS attacks can be protected by implementing the security measures can such as Web Application Firewall (WAF) which also can filter and protect e-commerce websites or other websites from frequent attacks, such as SQL Injection.