DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Refcards Trend Reports Events Over 2 million developers have joined DZone. Join Today! Thanks for visiting DZone today,
Edit Profile Manage Email Subscriptions Moderation Admin Console How to Post to DZone Article Submission Guidelines
View Profile
Sign Out
Refcards
Trend Reports
Events
Zones
Culture and Methodologies Agile Career Development Methodologies Team Management
Data Engineering AI/ML Big Data Data Databases IoT
Software Design and Architecture Cloud Architecture Containers Integration Microservices Performance Security
Coding Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Partner Zones AWS Cloud
by AWS Developer Relations
Culture and Methodologies
Agile Career Development Methodologies Team Management
Data Engineering
AI/ML Big Data Data Databases IoT
Software Design and Architecture
Cloud Architecture Containers Integration Microservices Performance Security
Coding
Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance
Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Partner Zones
AWS Cloud
by AWS Developer Relations
The Latest "Software Integration: The Intersection of APIs, Microservices, and Cloud-Based Systems" Trend Report
Get the report
  1. DZone
  2. Data Engineering
  3. Databases
  4. Security Roundup: API Security

Security Roundup: API Security

Who doesn't love a good API? Learn how to show your API some love and insert security protocols into the APIs your design, or securely use your favorite APIs.

Jordan Baker user avatar by
Jordan Baker
·
Nov. 06, 17 · Opinion
Like (4)
Save
Tweet
Share
3.53K Views

Join the DZone community and get the full member experience.

Join For Free

Welcome to this month's edition of the Security Roundup! Today, we're going to look at all the best content on DZone and across the web relating to the security of APIs. As APIs become a more and more important aspect of development, their security is garnering increased attention. So read on to see what experts from various fields, including security, web development, and microservices, have to say about securing your API! 

And, as a quick side note, if you're interested in writing for DZone, but don't have a topic in mind, come check out our Bounty Board, where you can win prizes for providing great content! 

Security, the AP of My I  

  1. Secure Your APIs by Josh Begleiter. This article draws on the principles of network security, systems security, and application security to explain how API security is no different than these other subfields and draws quite a bit from them. 

  2. API Throttling Made Easy by Nishanth Kadiyala. This article provides an introductory look at the technique of API throttling ("whether certain API calls are valid or not"), explains how throttling adds an extra layer of security to your backend and the resources stored there, and the various types of throttling.  

  3. Top 5 REST API Security Guidelines by Guy Levin. A blast from the past! This article, originally posted to DZone in 2016, is still one of the most viewed articles in our Security Zone, which goes to show how many problems have gone unsolved. This article gives a great overview of authentication, output encoding, cryptography, HTTP status codes, and input validation. 

  4. Implementing JWT Authentication on Spring Boot APIs by Bruno Krebs. A web developer shows how you can add an extra layer of security to your web application and the APIs it draws upon by using JSON Web Token-based authentication. 

  5. Advanced Microservices Security With Spring and OAuth2 by Piotr Minkowski. A great overview of securing your API gateway, setting up authorization for access to your API, and securing the services your API offers. 

The Best From the Rest  

  1. Google's Recaptcha Cracked Again by Tom Spring. A look at how University of Maryland researchers used one of Google's own APIs to breaking its Recaptcha tool, which is supposed to offer increased security to users. 
  2. Best Practices for Securely Storing API Keys by Bruno Pedro. An overview of some great tools to use to keep your API keys safe and sound from prying eyes. 

  3. DOSarrest Releases New API via Globe Newswire. A brief article explaining the detail behind this new API that allows developers to use this Security as a Service in their applications, and what vulnerabilities this API was meant to help guard against. 

DZone Publications on API Security

  1. RESTful API Lifecycle Management Refcard by John Vester. In this Refcard, familiarize yourself with the benefits of a managed API lifecycle and walk through specific examples of using RAML to design your API. Section 5 covers API security! 

  2. DZone's Guide to Integration: API Design and Management featuring articles by John Vester, Guy Levin, Piotr Minkowski, Kin Lane, Ross Garrett, and Tom Smith. Though the field of Integration has been present for ages, the industry is still ripe for some major changes. Significant developments in tools like Kafka, microservice architectures, and container technologies require the latest knowledge of integrating systems. The 2017 Guide to Integration provides this and more by exploring APIs, design and documentation, tooling, and Integration best practices (including RESTful API Security!).

Find Your Next Great Security Gig!

Java Engineer - Security
Elastic
Location: Remote

In this role, you'll design and implement internal security mechanisms to secure individual Elasticsearch clusters as well as provide security for cross-cluster operations, implement access control for Elasticsearch APIs, documents, and fields within documents, improve existing APIs to make them address more use-cases while keeping their surface area contained, and more! Experience working with distributed systems, systems integration, and debugging is a plus.

Application Security Researcher
Applied Visions
Location: Northport, NY, United States

The ideal candidate will have prior experience in conducting vulnerability assessments and penetration tests, an understanding of the OWASP testing methodology and knowledge of penetration testing tools, and a comfort in working on various platforms and operating systems (e.g. Windows, Linux, Kali). In this role, you'll perform application (web and mobile) and penetration tests on different platforms and technologies, conduct source code review to identify software program vulnerabilities and malicious embedded code, simulate real-time cyber-attacks using red team/blue team exercises, and a lot more! 

API security

Opinions expressed by DZone contributors are their own.

Popular on DZone

  • 10 Things to Know When Using SHACL With GraphDB
  • 4 Best dApp Frameworks for First-Time Ethereum Developers
  • Best Practices for Setting up Monitoring Operations for Your AI Team
  • Building a REST API With AWS Gateway and Python
Comments

Partner Resources

X

ABOUT US

  • About DZone
  • Send feedback
  • Careers
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 600 Park Offices Drive
  • Suite 300
  • Durham, NC 27709
  • support@dzone.com
  • +1 (919) 678-0300

Let's be friends: