#api security

Subscribe
API security is a set of security measures to protect an application programming interface (API) from malicious attacks. It involves authentication, authorization, input validation, encryption and logging. Authentication is the process of verifying the identity of users before they can access the API. Authorization ensures that only authorized users are allowed to access the API. Input validation prevents malicious data from entering the system. Encryption ensures that data is securely transmitted between the client and the server. Logging helps to detect and investigate any suspicious activity.
No More Mocking! Write Better Tests For Your Nuxt Application With Contract Tests
Vue.js Live 2024Vue.js Live 2024
21 min
No More Mocking! Write Better Tests For Your Nuxt Application With Contract Tests
A single-page application utilized a server-side BFF layer to simplify authentication and data customization. Testing a BFF-based architecture involves contract testing and tool usage. Challenges arise when mocking server-to-server requests in a client-side and server-side architecture. Separate tests should be written for client-side and server-side components, with contract testing to ensure compatibility. Integration testing for the front-end and server-side can be done by replacing microservices with a sub-server.
Mock Service Worker 2.0
TestJS Summit 2023TestJS Summit 2023
27 min
Mock Service Worker 2.0
MSW is an API mocking library that simplifies the process of intercepting requests and mocking responses. It leverages standard JavaScript APIs like the ServiceWorker API and the Fetch API. MSW has seen significant adoption, with over 90,000 projects on GitHub and 2.5 million weekly downloads on npm. The recent release of Node.js 18 has allowed for refactoring and simplification in MSW. MSW supports TypeScript and can be used for contract testing with tools like PACT I-O.
Modern GraphQL API Security Testing
GraphQL Galaxy 2022GraphQL Galaxy 2022
8 min
Modern GraphQL API Security Testing
DAST helps prioritize fixing application security issues by identifying discoverable and exploitable vulnerabilities. StackHawk runs active security tests against APIs to ensure safe handling of user input and output. It also implements OWASP top 10 API best practices. The tool can be used locally and in CI/CD pipelines.
Automated Application Security Testing
React Summit 2022React Summit 2022
9 min
Automated Application Security Testing
StackHawk is a dynamic application security testing tool that helps developers find and fix security issues. The scan identified a SQL injection issue and a cross site scripting issue. The StackHawk YAML is used to configure the scanner with important information such as the application's location, environment, and ID. The scanner can also be pointed at open API spec or GraphQL definitions. Try StackHawk for free at stackhawk.com and integrate it into your development process to improve software quality.
Automated Application Security Testing
TestJS Summit 2021TestJS Summit 2021
9 min
Automated Application Security Testing
StackHawk is a dynamic application security testing tool that helps you find, understand, and fix security bugs in your running HTTP applications and API endpoints. It runs active security tests using OWASP top 10 best practices and can be integrated into CI/CD workflows. The scanner provides detailed scan results, including findings like SQL injection and cross-site scripting issues, and can be configured using YAML. StackHawk can be used to triage and prioritize security issues, and it can be seamlessly integrated into the development workflow.
Safely Handling Dynamic Data with TypeScript
Node Congress 2021Node Congress 2021
29 min
Safely Handling Dynamic Data with TypeScript
Top Content
This Talk discusses the safe handling of dynamic data with TypeScript using JSON Schema and TypeBox. Fastify, a web framework, allows developers to validate incoming data using JSON schema, providing type safety and error handling. TypeBox is a powerful library that allows developers to define JSON schemas and derive static types in TypeScript. The combination of JSON schema, TypeBox, and Fastify provides powerful tools for type safety and validation of dynamic data.
Securing Node.js APIs with Decentralised Identity Tokens
JSNation Live 2021JSNation Live 2021
9 min
Securing Node.js APIs with Decentralised Identity Tokens
This talk introduces the concept of securing a Node.js API using a decentralized identity token. The token is encoded as a Base64 string and consists of a proof and claim. The API is built using Express and protected using Magic. The application has multiple routes, with the secret route being protected by middleware. The authorization header is checked and the DID token is validated for access to protected routes.