Publicação
Technical guide to support the development of secure restful apis
| Resumo: | This study investigates five critical vulnerabilities from the OWASP Top 10 API Security Risks - 2023 (OWASP, 2023) - API2:2023 (Broken Authentication), API4:2023 (Unrestricted Resource Consumption), API5:2023 (Broken Function Level Authorization), API8:2023 (Security Misconfiguration), and API10:2023 (Unsafe Consumption of APIs). The investigative methodology adopted includes an experimental study, utilizing mixed methods (quantitative and qualitative) for data collection and analysis processes. It presents a practical approach to mitigating these issues through the development of a technical guide and an experimental API. The research emphasizes actionable solutions validated through industry feedback and vulnerability testing, providing a valuable resource for secure RESTful API development. |
|---|---|
| Autores principais: | Pita, Pedro |
| Outros Autores: | Bruno, Luís |
| Assunto: | RESTful API Security OWASP API security top 10 API development Vulnerability mitigation |
| Ano: | 2025 |
| País: | Portugal |
| Tipo de documento: | comunicação em conferência |
| Tipo de acesso: | acesso restrito |
| Instituição associada: | Instituto Politécnico de Beja |
| Idioma: | inglês |
| Origem: | Repositório Institucional do IPBeja |
| Resumo: | This study investigates five critical vulnerabilities from the OWASP Top 10 API Security Risks - 2023 (OWASP, 2023) - API2:2023 (Broken Authentication), API4:2023 (Unrestricted Resource Consumption), API5:2023 (Broken Function Level Authorization), API8:2023 (Security Misconfiguration), and API10:2023 (Unsafe Consumption of APIs). The investigative methodology adopted includes an experimental study, utilizing mixed methods (quantitative and qualitative) for data collection and analysis processes. It presents a practical approach to mitigating these issues through the development of a technical guide and an experimental API. The research emphasizes actionable solutions validated through industry feedback and vulnerability testing, providing a valuable resource for secure RESTful API development. |
|---|