cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Musthaq
Viewer

API Security Standards

Hi,

 

Is there any one who can help me with a standard on creating secured API's. is there any such standard in the industry which can be followed as a benchmark?

5 Replies
1tamil1
Viewer

Badfilemagic
Contributor II

There appears to be a start to it on OWASP: https://www.owasp.org/index.php/OWASP_SaaS_Rest_API_Secure_Guide

 

Not a lot there yet, though, but you may want to reach out to the project lead.

-- wdf//CISSP, CSSLP
Early_Adopter
Community Champion

OWASP is our friend here:

 

https://www.owasp.org/index.php/REST_Security_Cheat_Sheet

 

They are a non-profit with pedigree, don't push commercial agendas and an open resource.

Early_Adopter
Community Champion

Literally pipped me to the post... 😉
scmunk
Newcomer II

Do you have a security model for access control? Or do you know how you will be performing access control enforcement or policy enforcement? Are you the identity provider or service provider? What API protocols will you support? Will you use a gateway?

 

I hate to ask so many questions but in order to really provide secure APIs you have to consider the full access control model (most of the time).

 

 

Ron Parker CISSP, CCSP

@scmunk