Seguridad en APIs

Since the middle of the last decade the development of web APIs has skyrocketed and their presence has multiplied, becoming essential. Regrettably, this boom has not been accompanied by the best practices in terms of security. In this document we intend to give a global vision from a security perspe...

ver descrição completa

Detalhes bibliográficos
Autor: Fernández Casal, Eduardo
Formato: tesis de maestría
Fecha de publicación:2019
País:España
Recursos:Universitat Oberta de Catalunya (UOC)
Repositorio:O2, repositorio institucional de la UOC
OAI Identifier:oai:openaccess.uoc.edu:10609/95147
Acesso em linha:http://hdl.handle.net/10609/95147
Access Level:acceso abierto
Palavra-chave:API
security testing
penetration testing
prova de seguretat
proves de penetració
prueba de seguridad
pruebas de penetración
Computer security -- TFM
Seguretat informàtica -- TFM
Seguridad informática -- TFM
Descrição
Resumo:Since the middle of the last decade the development of web APIs has skyrocketed and their presence has multiplied, becoming essential. Regrettably, this boom has not been accompanied by the best practices in terms of security. In this document we intend to give a global vision from a security perspective. We have traced the historical evolution of web APIs and analyzed the causes of their current boom and ubiquity. We have listed and detailed their most frequent vulnerabilities and the most common attacks of which they are victims. When possible, we have offered examples of real cases. We have also listed solutions to mitigate or prevent these vulnerabilities in the form of security testing.