What is an API
A software bridge that enables communication between apps is called an Application Programming Interface (API). In addition to facilitating the accessible extraction and sharing of data, it offers developers routines, protocols, and tools for creating software applications.
Applications can be connected to other platforms or services, including social networks, games, databases, and devices, via web APIs.
There are two common methods for establishing APIs: SOAP and REST.
SOAP (Simple Object Access Protocol)
REST (Representational State Transfer)
API Security Threats:
An attacker can modify an API's functions, data, or processes for malicious purposes through business logic assaults, which are the most prevalent sort of security issue connected to APIs. The top security risks to APIs are listed below.
Broken Object-Level Authorization
This vulnerability in authorization system, API doesn't check the Authorization of the requested user and allowed them at access the resources.
It can be prevented by a secure AAPM(Authentication, Authorization and permission Management System).
Broken User Authentication
This vulnerability occurs in system, when API doesn't verify the users before granting them access.
it can be prevented by secure authentication method, proper password policy, Monitored failed login attempts.
Excessive Data Exposure
Excessive data responses more data than the requeste.it can be security risk because reveals the more data to unauthorized users. it will also compromise with the performance of API.
For this, review and limit the data that is exposed through an API, use selective data exposure, Maintain an API inventory and labeled the as per sensitivity and criticality.
Broken Function-Level Authorization
Mass Assignment
Security Misconfiguration
Injection Flaws
Improper Asset Management
Inadequate Logging and Monitoring
No comments:
Post a Comment