cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 
Viewer

API Security Standards

Hi,

 

Is there any one who can help me with a standard on creating secured API's. is there any such standard in the industry which can be followed as a benchmark?

5 Replies
Viewer

Re: API Security Standards

Contributor II

Re: API Security Standards

There appears to be a start to it on OWASP: https://www.owasp.org/index.php/OWASP_SaaS_Rest_API_Secure_Guide

 

Not a lot there yet, though, but you may want to reach out to the project lead.

-- wdf//CISSP, CSSLP
Community Champion

Re: API Security Standards

OWASP is our friend here:

 

https://www.owasp.org/index.php/REST_Security_Cheat_Sheet

 

They are a non-profit with pedigree, don't push commercial agendas and an open resource.

Community Champion

Re: API Security Standards

Literally pipped me to the post... Smiley Wink
Highlighted
Newcomer II

Re: API Security Standards

Do you have a security model for access control? Or do you know how you will be performing access control enforcement or policy enforcement? Are you the identity provider or service provider? What API protocols will you support? Will you use a gateway?

 

I hate to ask so many questions but in order to really provide secure APIs you have to consider the full access control model (most of the time).

 

 

Ron Parker CISSP, CCSP

@scmunk