best practices for detecting and mitigating against insecure APIs in cloud environments:

0.0(0)
studied byStudied by 0 people
GameKnowt Play
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/13

encourage image

There's no tags or description

Looks like no tags are added yet.

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

14 Terms

1
New cards

Use a _: Embed this as part of your development

process

secure development life cycle

2
New cards

Authentication and authorization:

Enforce who can access the API.

3
New cards

Input validation:

Check and validate what strings and/or data can be inserted

into the API.

4
New cards

Application layer attacks:

Detect and mitigate attacks such as injection attacks,

cross-site scripting, and so on.

5
New cards

code reviews

Conduct _ for all your APIs.

6
New cards

data in transit

Encrypt _ by default for all APIs.

7
New cards

Sign, cryptographic key

_ each message through the API using a _ to avoid data tampering or changes to data integrity.

8
New cards

web application firewall (WAF)

Use a _ to protect against well-known application-layer attacks.

9
New cards

Use _services to protect the API service from denial-of-service attacks.

distributed denial of service (DDoS) protection

10
New cards

Use an _ to protect the service against SOAP or REST API-based attacks.

XML gateway

11
New cards

rate limit

Enforce a _ on the API to decrease the chance of automated attacks.

12
New cards

HTTP methods

Limit the type of _ to the minimum required (for example, GET

without POST or DELETE).

13
New cards

Audit

_ the use of exposed APIs and the backend systems to detect anomalous

behavior (such as brute force attacks or data exfiltration).

14
New cards

schema validation

Perform _ at the server side to make sure only well-known field sizes, characters, or regular expressions can pass through the API.