API Security: Offensive and Defensive Strategies
Author(s): Sandeep Phanireddy
Publication #: 2502066
Date of Publication: 10.07.2024
Country: USA
Pages: 1-5
Published In: Volume 10 Issue 4 July-2024
DOI: https://doi.org/10.5281/zenodo.14883156
Abstract
Having realized that APIs are the core of web and mobile apps, securing APIs has become inevitable. This paper aims to discuss the attack and defense techniques for APIs including injection attacks, broken authentication and information leakage problems. The paper addresses reliable measures including authentication methodologies, rate limiting, and encryption for API protection. Considering the above findings of the main forms of offensives and their countermeasures, this paper seeks to offer developers and cybersecurity professionals in the industry insights on improving the API security. This paper also uses detailed examples of attack payloads like SQL injections and token theft and their respective mitigations using frameworks like DOMPurify, rate-limiting tools, and secure protocols like TLS.
Keywords: API Security, Injection Attacks, Authentication, Encryption, Rate Limiting, Cybersecurity
Download/View Count: 116
Share this Article