DEV Community

Intesar Mohammed
Intesar Mohammed

Posted on

4 2

Best Practices for Securing Your Vulnerable REST APIs

Why API security is a common problem. Most web and mobile apps are security tested at some point but APIs hardly get any attention. This means you may have vulnerabilities in your production APIs.

For example, let’s say you have a fintech application. It does things like accounts, transfers, etc. It has mobile/web UIs for performing these operations. You might have tested all the UI paths are only accessible to an authenticated user. Sometimes API endpoint like the one below is left unsecured because without realization and any hacker/bot can pick it up and continuously get a feed of recent transactions out of your system. The only way to fix these kinds of flaws is to detect them before they’re exploited.

Example endpoint with the flaw:
GET: /transactions - Any bot can access it without authentication because it has a broken authentication flaw.

One easy way to detect an OWASP API2 vulnerability or security flaw in your APIs is to use open-source tools like Burp and EthicalCheck. Using these tools is very simple. All you need is your OpenAPI Specification/Swagger URL and get an instant report.

Billboard image

The Next Generation Developer Platform

Coherence is the first Platform-as-a-Service you can control. Unlike "black-box" platforms that are opinionated about the infra you can deploy, Coherence is powered by CNC, the open-source IaC framework, which offers limitless customization.

Learn more

Top comments (0)

Billboard image

The Next Generation Developer Platform

Coherence is the first Platform-as-a-Service you can control. Unlike "black-box" platforms that are opinionated about the infra you can deploy, Coherence is powered by CNC, the open-source IaC framework, which offers limitless customization.

Learn more

👋 Kindness is contagious

Explore a sea of insights with this enlightening post, highly esteemed within the nurturing DEV Community. Coders of all stripes are invited to participate and contribute to our shared knowledge.

Expressing gratitude with a simple "thank you" can make a big impact. Leave your thanks in the comments!

On DEV, exchanging ideas smooths our way and strengthens our community bonds. Found this useful? A quick note of thanks to the author can mean a lot.

Okay