/ Integration Zone
Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Are REST APIs Inherently Insecure?

DZone's Guide to

Are REST APIs Inherently Insecure?

by
·
Aug. 15, 14 · Integration Zone ·
Free Resource

Comment (1)

Save
Tweet
{{ articles[0].views | formatCount}} Views

The Future of Enterprise Integration: Learn how organizations are re-architecting their integration strategy with data-driven app integration for true digital transformation.

REST security is a hot topic. One of the reasons for this is the continued blowback from the over-complexity of the WS-* specifications. These specifications,  including WS-Security, WS-Trust, and WS-ReliableMessaging, and were notorious for being difficult to comprehend. In fact, people wrote whole books about Web Services Security :-) . One of the benefits of REST is simplicity. But, on the flipside, the lack of standards for security has led to the proliferation of ad-hoc security approaches such as the use of API Keys. API Keys are frequently used for API "authentication" often without much regard for potential attacks such as replay attacks.

But, by using an API Gateway approach, is it possible to layer on security for REST APIs? Could they (shock, horror) co-exist with heavyweight WS-* style SOAP web services? I'll be talking about this topic in my talk on "Are REST APIs Inherently Insecure" at the ISC2 Security Congress in October in Atlanta . Hope to see you there?


Read the original blog entry...

 

Make your mark on the industry’s leading annual report. Fill out the State of API Integration 2019 Survey and receive $25 to the Cloud Elements store.

Like This Article? Read More From DZone

Choosing a REST Framework for Microservices
How to Test SOAP Services With JMeter
Performance Monitoring for AWS Lambda

Free DZone Refcard

Foundations of RESTful Architecture
DOWNLOAD
Topics:

Comment (1)

Save
Tweet
{{ articles[0].views | formatCount}} Views

Published at DZone with permission of

Opinions expressed by DZone contributors are their own.

Integration Partner Resources

The Future of Enterprise Integration [eBook]
White paper: Will the Data Lake Drown the Data Warehouse?
Buyer's Guide to Application and Data Integration
The State of API Integration 2018 [Report]
Building a Modern Enterprise Data Architecture
The Definitive Guide to API Integrations: Explore API Integrations Below the Surface [eBook]

Integration Partner Resources

The Future of Enterprise Integration [eBook]
White paper: Will the Data Lake Drown the Data Warehouse?
Buyer's Guide to Application and Data Integration
The State of API Integration 2018 [Report]

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.linkDescription }}

{{ parent.urlSource.name }}
by {{ parent.authors[0].realName || parent.author}}
· {{ parent.articleDate | date:'MMM. dd, yyyy' }} {{ parent.linkDate | date:'MMM. dd, yyyy' }}
· {{ parent.portal.name }} Zone