api security
api security triad
- confidentiality - the assets only can be accessed by the authorized people.
- integrity - prevent the unauthorized creating, modifying, deleting of the information
- availability - make sure the legal users can access the resource when they need.
Threat modeling – the process of checking the theat
The process of thinking and checking the threat and weakness of the system will increas the security of apis.
STRIDE - threat category
- spoofling
- tampering
- repudiation
- information disclosure
- denial of service
- elevation of privilege
Security Mechanisms
- encryption
- authentication
- access control & authoriztion
- audit logging
- rate-limiting