WebAPI - Gavin Johnson-Lynn

Z-DaRT (Zero Data and Resource Trust)

TL;DR: "An application should assume zero trust in ALL data and resources that it consumes, no matter who created them, including internal staff" Software, in particular web-based applications suffer from a problem with trusting data and resources. Trusting Data Data coming from users

WebAPI

The API Security Problem

(Note: If you'd like more on the OWASP API Top 10 then take a look at my Pluralsight course on OWASP Top 10: API Security Playbook [https://pluralsight.pxf.io/o2z3o]) There are many things on the internet that don’t get the security

Security

API Throttling

API request throttling limits the number of requests that can use your API. “Madness” you say, “intentionally stop requests from reaching my API?”

Security

The Intricacies of IP Whitelisting

What is an IP Whitelist? An IP whitelist restricts incoming traffic so that it may only arrive from an IP address or list of IP addresses. Traffic from any other address is ignored before any further processing. This is useful because you can immediately

ShouldKnow

A glance at HTTP codes and methods

More and more lately I have to speak in HTTP status codes and I'm not fluent. So I thought a round-up of the more common codes would be good. Firstly you need to know that each code is three digits and the first digit

Subscribe to Gavin Johnson-Lynn