Skip to main content
Information Security

Questions tagged [rest]

Ask Question

An abreviation for REpresentational State Transfer. A design pattern for stateless client-server systems. Popular in the implementation of web services.

388 questions
Newest Active Bountied Unanswered
0 votes
1 answer
113 views

At the end of Insecure_Direct_Object_Reference_Prevention_Cheat_Sheet it says Avoid encrypting identifiers as it can be challenging to do so securely. On login I store a cryptographically generated ...
fundagain's user avatar
  • 103
2 votes
1 answer
743 views

I am using Django REST framework. I want a single API for all of my clients (web, mobile, curl). I understand that I need to include a CSRF token in requests originating from the web client, to ...
Slav's user avatar
  • 125
1 vote
0 answers
142 views

I am working on a data processing task in an enterprise environment with Python3 installed on a client-side Windows Jump server. I need to download data regularly from a third-party provider, and it ...
gale44's user avatar
  • 11
0 votes
1 answer
271 views

I have a problem deciding what is the most secure method to send a login request with a username and password strings, I understood that PATCH is less secure than PUT while both are less secure than ...
Jan Safronov's user avatar
  • 11
0 votes
1 answer
528 views

It's sometimes convenient to generate ids client-side in a typical CRUD app. The main benefit is for optimistic updates: you can update your client state with the right id without waiting for the ...
Exifers's user avatar
  • 101
1 vote
2 answers
2k views

There is the OWASP Top 10 which is the most known one: https://owasp.org/www-project-top-ten/ And there is the OWASP Top 10 API: https://owasp.org/www-project-api-security/ Both lists are very similar,...
ethicalhacker's user avatar
  • 105
1 vote
0 answers
136 views

As the title says, I want to create a RESTful API (stateless) that will access Google API endpoints. First I want to authenticate the user and then use that token provided by Google to access Google ...
ktop's user avatar
  • 11
3 votes
1 answer
6k views

Q: Is it 'safe' to include a secret API Key in a HEADER (for a request) which prevents bad actors from creating their own evil-requests by using your API Key ? We need to send data to a 3rd party from ...
Pure.Krome's user avatar
  • 133

15 30 50 per page
1
2 3 4 5
26