DEV Community

loading...

Discussion on: I am a Developer Advocate for Security in Mobile Apps and APIs, Ask Me Anything

Collapse
bmitch profile image
Bill Mitchell

What are some good resources (besides your posts :) ) for those interested to learn more about mobile API security?

Collapse
exadra37 profile image
Paulo Renato Ask Me Anything

Hi Bill,

Thanks for asking ;)

With no order of preference, and with focus on security:

apisecurity.io/

APISecurity.io is a community website for all things related to API security. Our daily news and weekly API Security newsletter cover the latest breaches, vulnerabilities, standards, best practices, regulations, and technology.

apisecurity.io/encyclopedia/conten...

API Security Encylopedia collects together information on the risks, guidelines, and recommendations relating to API security.

For developers with focus on API security for mobile apps I recommend to read this series about Mobile API Security Techniques and to follow the api tag in the blog of my workplace, where I and some of my colleagues write about API security with focus on mobile clients.

OWASP API Security Top 10

owasp.org/index.php/OWASP_API_Secu...

A foundational element of innovation in today’s app-driven world is the API. From banks, retail and transportation to IoT, autonomous vehicles and smart cities, APIs are a critical part of modern mobile, SaaS and web applications and can be found in customer-facing, partner-facing and internal applications. By nature, APIs expose application logic and sensitive data such as Personally Identifiable Information (PII) and because of this have increasingly become a target for attackers. Without secure APIs, rapid innovation would be impossible.

github.com/OWASP/API-Security

This project is designed to address the ever-increasing number of organizations that are deploying potentially sensitive APIs as part of their software offerings. These APIs are used for internal tasks and to interface with third parties. Unfortunately, many APIs do not undergo the rigorous security testing that would render them secure from attack.

The OWASP API Security Project seeks to provide value to software developers and security assessors by underscoring the potential risks in insecure APIs and illustrating how these risks may be mitigated. In order to facilitate this goal, the OWASP API Security Project will create and maintain a Top 10 API Security Risks document, as well as a documentation portal for best practices when creating or assessing APIs.

Keep up to date with the latest API trends

nordicapis.com/blog/

Learn how to make smarter tech decision using APIs. The resource for API practitioners.