Search This Blog

Fabian Magrini | Blog

Fabian is a Technology Leader working in Sydney, Australia. This Blog contains his personal opinions and observations on technology and software development.

API Security Best Practices

Get link
Facebook
X
Pinterest
Email
Other Apps

- November 12, 2022

Good kick off point

https://owasp.org/www-project-api-security/
https://cheatsheetseries.owasp.org/cheatsheets/REST_Security_Cheat_Sheet.html
https://github.com/OWASP/wstg
https://stackoverflow.blog/2021/10/06/best-practices-for-authentication-and-authorization-for-rest-apis/

Around the industry

https://www.f5.com/labs/learning-center/securing-apis-10-best-practices-for-keeping-your-data-and-infrastructure-safe
https://blog.axway.com/learning-center/digital-security/keys-oauth/api-security-best-practices
https://curity.io/resources/learn/api-security-best-practices/
https://medium.com/apis-and-digital-transformation/best-practices-for-building-secure-apis-2b4eb8071d41
https://learn.microsoft.com/en-us/azure/api-management/mitigate-owasp-api-threats
https://learn.microsoft.com/en-us/dotnet/architecture/microservices/secure-net-microservices-web-applications/

State of API Security

https://content.salt.security/gartner-2022-predicts
https://content.salt.security/state-api-report.html

Service-to-service authentication

https://hackernoon.com/service-to-service-authentication-for-microservice-apis-ccf4ab8073e6
https://cloud.google.com/docs/security/beyondprod
https://cloud.google.com/api-gateway/docs/authenticate-service-account
https://spiffe.io/docs/latest/spire-about/spire-concepts/
https://cerbos.dev/blog/service-to-service-authorization-non-user-principles
https://thenewstack.io/4-best-practices-for-microservices-authorization/

Get link
Facebook
X
Pinterest
Email
Other Apps

Comments

Setting up a global .gitignore on a Mac

- October 04, 2015

I work with multiple OSes, programming languages and frameworks so here is a tip on keeping your git repos clean. I create a global .gitignore file to exclude platform related files (OS and IDE) and then when I create a new project I create a project specific .gitignore for the project related files which is specific to the languages and frameworks I am using in the project. Creating a global gitignore on a Mac You may name the file and place it where you want. I typically just name it .gitignore and store at '~/.gitignore'. Set it by running the following in a terminal: git config --global core.excludesfile '~/.gitignore' Example global gitignore Here is my global which I place at '~/.gitignore' Project specific gitignore GitHub have created a repo as a guide for what to include in your .gitignore for specific languages and frameworks: https://github.com/github/gitignore .

Step-up authentication

- August 07, 2024

Standards based approach Step-up authentication with OAuth and OpenID Connect OAuth 2.0 Step Up Authentication Challenge Protocol How does Okta do it? Step-up authentication using ACR values Configure Direct Authentication grant types Developer Documentation How does Authlete do it? OAuth 2.0 Step-up Authentication Challenge Protocol OAuth OAuth 2.1 OAuth 2.0 Security Best Current Practice FAPI 2.0

API Security Best Practices

Comments

Popular posts from this blog

Setting up a global .gitignore on a Mac

Step-up authentication