DEMO ENVIRONMENT FOR ANALYZING THE MOST COMMON WEAKNESSES OF APPLICATION PROGRAMMING INTERFACES (API)
DOI:
https://doi.org/10.24867/29OI02SimeunovicKeywords:
Information security, application programming interface (API), OWASP, security riskAbstract
The non-profit organization OWASP regularly publishes a list of the ten most common application programming interface (API) weaknesses. The goal of this work is the development of a demo environment for the practical presentation of those weaknesses, that is, the presentation of optimal security measures to eliminate them. The demo environment consists of a weak and protected version of the API developed using the NodeJS framework. This paper presents the first five weaknesses and describes the optimal security measures for solving them.
References
[1] OWASP. (2023). OWASP Top 10 API Security Risks - 2023. Preuzeto iz https://owasp.org/API-Security/editions/2023/en/0x00-header/ (pristupljeno u februaru 2024.)
[2] NestJS. (2024). Dokumentacija. Preuzeto iz https://docs.nestjs.com/ (pristupljeno u februaru 2024.)
[3] PostreSQL. (2024, Februar 8). About. Preuzeto iz https://www.postgresql.org/about/ (pristupljeno u februaru 2024.)
[4] Postman. (2024). What is Postman? Preuzeto iz https://www.postman.com/product/what-is-postman/ (pristupljeno u februaru 2024.)
[5] NestJS. (2024). Dokumentacija. Preuzeto iz https://docs.nestjs.com/guards (pristupljeno u
[2] NestJS. (2024). Dokumentacija. Preuzeto iz https://docs.nestjs.com/ (pristupljeno u februaru 2024.)
[3] PostreSQL. (2024, Februar 8). About. Preuzeto iz https://www.postgresql.org/about/ (pristupljeno u februaru 2024.)
[4] Postman. (2024). What is Postman? Preuzeto iz https://www.postman.com/product/what-is-postman/ (pristupljeno u februaru 2024.)
[5] NestJS. (2024). Dokumentacija. Preuzeto iz https://docs.nestjs.com/guards (pristupljeno u
Downloads
Published
2024-12-25
Issue
Section
Information Systems Engineering
