/ Integration Zone
Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Are REST APIs Inherently Insecure?

DZone's Guide to

Are REST APIs Inherently Insecure?

by
Mark O'Neill
·
Aug. 15, 14 · Integration Zone
Free Resource

Comment (1)

Save
Tweet
{{ articles[0].views | formatCount}} Views

Share, secure, distribute, control, and monetize your APIs with the platform built with performance, time-to-value, and growth in mind. Free 90-day trial of 3Scale by Red Hat

REST security is a hot topic. One of the reasons for this is the continued blowback from the over-complexity of the WS-* specifications. These specifications,  including WS-Security, WS-Trust, and WS-ReliableMessaging, and were notorious for being difficult to comprehend. In fact, people wrote whole books about Web Services Security :-) . One of the benefits of REST is simplicity. But, on the flipside, the lack of standards for security has led to the proliferation of ad-hoc security approaches such as the use of API Keys. API Keys are frequently used for API "authentication" often without much regard for potential attacks such as replay attacks.

But, by using an API Gateway approach, is it possible to layer on security for REST APIs? Could they (shock, horror) co-exist with heavyweight WS-* style SOAP web services? I'll be talking about this topic in my talk on "Are REST APIs Inherently Insecure" at the ISC2 Security Congress in October in Atlanta . Hope to see you there?


Read the original blog entry...

 

Explore the core elements of owning an API strategy and best practices for effective API programs. Download the API Owner's Manual, brought to you by 3Scale by Red Hat

Like This Article? Read More From DZone

Thoughts on Opening Up Java EE
Azure Managed VM Images: Using Premium Data Disks
Are Your Containers Secure? An Interview With Aqua Security

Free DZone Refcard

RESTful API Lifecycle Management
DOWNLOAD
Topics:

Comment (1)

Save
Tweet
{{ articles[0].views | formatCount}} Views

Published at DZone with permission of Mark O'Neill, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

Integration Partner Resources

The Finance Integration Guide: 5 Things Experts Consider in Their API Strategy [eBook]
The State of API Integration, 2017 and Beyond [Report]
Discover how you can achieve enterprise agility with microservices and API management
O'Reilly Microservice Architecture Book: Aligning Principles, Practices and Culture
Digital transformation (DX) is continuous way for enterprises to adapt to, or cause, disruptive change using digital competencies.
APIs provide a new avenue for businesses to collaborate with their partners, customers, and teams in new and powerful ways.
API Strategy and Architecture eBook
Modernizing Application Architectures with Microservices and APIs

Integration Partner Resources

The Finance Integration Guide: 5 Things Experts Consider in Their API Strategy [eBook]
The State of API Integration, 2017 and Beyond [Report]
Discover how you can achieve enterprise agility with microservices and API management
O'Reilly Microservice Architecture Book: Aligning Principles, Practices and Culture
THE DZONE NEWSLETTER

Dev Resources & Solutions Straight to Your Inbox

Thanks for subscribing!

Awesome! Check your inbox to verify your email so you can start receiving the latest in tech news and resources.

X

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.linkDescription }}

{{ parent.urlSource.name }}
by {{ parent.authors[0].realName || parent.author}}
· {{ parent.articleDate | date:'MMM. dd, yyyy' }} {{ parent.linkDate | date:'MMM. dd, yyyy' }}
· {{ parent.portal.name }} Zone