Security Roundup: Rest Assured, Your REST Is Secured

DZone 's Guide to

Security Roundup: Rest Assured, Your REST Is Secured

In this month's edition of the roundup, we take a look at some great articles from DZone community members about securing REST APIs and services.

· Security Zone ·
Free Resource

Welcome back to the Security Zone Roundup! Last time, we took a look at some amazing articles, and a pretty sweet Refcard, about blockchain technology. Today, we look at what developers in the DZone community are doing to secure REST APIs and services using various security frameworks like OAuth2 and Spring Security. While these articles will help you learn how to secure your REST services, unfortunately, they won't help keep you safe from the bad puns to come. Enjoy! 

And, as a quick side note, if you're interested in writing for DZone, but don't have a topic in mind, come check out our Bounty Board, where you can win prizes for providing great content, and our Writer's Zone which has plenty of prompts, tips, and tricks! 

Sleep Easy (or, Should I Say, REST Secure?)   

  1. An OAuth2 Grant Selection Decision Tree for Securing REST APIs by Imesh Gunaratne. An explanation of how to use decision trees to select one of the four types of grants/guidelines that OAuth2 provides for REST APIs.

  2. Top 5 REST API Security Guidelines by Guy Levin. An annotated list of security guidelines for your REST APIs when you are developing and testing them, including proper authorization, input validation, and output encoding.

  3. Secure REST Services and Web Services With Spring Boot Security Starter by Ranga Karanam. Learn how to use the Spring Boot Security framework to make sure the REST services and web applications you design in Java are safe and sound.

  4. Securing Spring Data REST With PreAuthorize by Martin Farrell. A quick tutorial on how to use two different Spring frameworks (Spring Data REST and Spring Security) to secure the HTTP methods and URLs of your REST APIs.

  5. Secure Spring REST With Spring Security and OAuth2 by Adam Zareba. A discusison of how to secure the endpoints of your REST API using Spring Security and OAuth2, as well as a tutorial on how to implement this in a Spring Boot-based project.

DZone Publications

  1. DZone's Guide to Proactive Security: Apps, Environments, and Messaging featuring articles by Boaz Shunami, Jeff Williams, Katie Strzempka, Chris Lamb, James Wickett, Ivan Dwyer, and Tom Smith. With the rise of high-profile ransomware and DDoS attacks comes a greater need than ever for powerful application security. The 2017 Guide to Proactive Security discusses the actions that experts are taking to combat the growing list of threats, and what developers can do to be proactive in securing their apps and processes.

  2. DZone's Guide to Integration: API Design and Management featuring articles by John Vester, Guy Levin, Piotr Minkowski, Kin Lane, Ross Garrett, and Tom Smith. Though the field of Integration has been present for ages, the industry is still ripe for some major changes. Significant developments in tools like Kafka, microservice architectures, and container technologies require the latest knowledge of integrating systems. The 2017 Guide to Integration provides this and more by exploring APIs, design and documentation, tooling, and Integration best practices.

    1. For the article on RESTful API Security by John Vester, see here or flip to page 12 of the guide!

Find Your Next Great Gig

Blockchain Engineer
Location: Remote

Experience: The ideal candidate will have 6+ years of full-stack development, or in a similar role, the ability to learn and use a wide array of open-source technologies and tools, a strong knowledge of fundamental blockchain technology, and experience working with blockchain in an enterprise (non-mining) setting

Application Security Engineer
Wikimedia Foundation
Location: San Francisco, CA or Remote

Experience: The ideal candidate will have two or more years of application security experience, including a thorough understanding of issues documented in the OWASP Top Ten and CWE Top 25. Additionally, you'll have a strong understanding of modern, object-oriented PHP development, experience conducting software security reviews using a combination of source code inspection, manual testing, and automated scanning, and a strong understanding of cryptography as applied to web application security (encryption, hashing, PKI management), including analysis and implementation.

api security ,rest ,rest api security ,security

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}