Seguridad en APIs

Since the middle of the last decade the development of web APIs has skyrocketed and their presence has multiplied, becoming essential. Regrettably, this boom has not been accompanied by the best practices in terms of security. In this document we intend to give a global vision from a security perspe...

Descripción completa

Detalles Bibliográficos
Autor: Fernández Casal, Eduardo
Tipo de recurso: tesis de maestría
Fecha de publicación:2019
País:España
Institución:Universitat Oberta de Catalunya (UOC)
Repositorio:O2, repositorio institucional de la UOC
OAI Identifier:oai:openaccess.uoc.edu:10609/95147
Acceso en línea:http://hdl.handle.net/10609/95147
Access Level:acceso abierto
Palabra clave:API
security testing
penetration testing
prova de seguretat
proves de penetració
prueba de seguridad
pruebas de penetración
Computer security -- TFM
Seguretat informàtica -- TFM
Seguridad informática -- TFM
Descripción
Sumario:Since the middle of the last decade the development of web APIs has skyrocketed and their presence has multiplied, becoming essential. Regrettably, this boom has not been accompanied by the best practices in terms of security. In this document we intend to give a global vision from a security perspective. We have traced the historical evolution of web APIs and analyzed the causes of their current boom and ubiquity. We have listed and detailed their most frequent vulnerabilities and the most common attacks of which they are victims. When possible, we have offered examples of real cases. We have also listed solutions to mitigate or prevent these vulnerabilities in the form of security testing.