9

Defending against Common Vulnerabilities

In this chapter, we take our first steps into learning how to defend APIs against common vulnerabilities in the design and development stage of the Software Development Lifecycle (SDLC). We have previously explored ways in which attackers can exploit weaknesses in API design and implementation and have reviewed past breaches for examples and fallout from insecure APIs; our focus now shifts to learning a defensive mindset to build secure APIs. This chapter will deal with each of the major classes of vulnerability types and, for each type, will provide best practices, common pitfalls, recommendations for tools and libraries, and code samples illustrating key defensive methods. If you are a developer, ...

Get Defending APIs now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.