Securing a REST API Server

Nowadays, there are more sources of cyber-threats and more cyber-attacks that target all kind of victim profiles. From big companies with big architectures, to small businesses that only have a web site as a platform to sell or advertise themselves. Hence, the need of security awareness among users,...

Descripción completa

Detalles Bibliográficos
Autor: Mendoza Jiménez, Francisco
Tipo de recurso: tesis de maestría
Fecha de publicación:2022
País:España
Institución:Universitat Politècnica de Catalunya (UPC)
Repositorio:UPCommons. Portal del coneixement obert de la UPC
Idioma:inglés
OAI Identifier:oai:upcommons.upc.edu:2117/377463
Acceso en línea:https://hdl.handle.net/2117/377463
Access Level:acceso abierto
Palabra clave:Computer security
Security
API
Argon2
OWASP
Seguretat informàtica
Àrees temàtiques de la UPC::Informàtica::Seguretat informàtica
Descripción
Sumario:Nowadays, there are more sources of cyber-threats and more cyber-attacks that target all kind of victim profiles. From big companies with big architectures, to small businesses that only have a web site as a platform to sell or advertise themselves. Hence, the need of security awareness among users, developers and systems administrators, as well as the application of security measures and best practices is mandatory. There are a lots of organisations promoting security recommendations or standardisation of procedures, in order to build more robust applications or infrastructures. The purpose of this thesis is to provide a practical application of those recommendations, sets of best practices and standards, in order to achieve a proper level of security of a common type of application or service, as can be an e-commerce platform. This project can be an example of applying good security measures and basic infrastructure security to try to create more robust applications. Moreover, in this project will be used tools for testing the good application of the security measures, pentesting purposes and for possible vulnerability discovering, which will be documented as well.