Does the secure API depend entirely on the developer or platform?

Asked

Viewed 271 times

-1

What challenges does the programmer face to make his API completely secure? When I talk about security I mean directly if the application exposes customer information or even makes your application easy to penetrate.

Depends entirely on the programmer or the platform? (Android or Iphone).

  • 1

    Faro. Could you define what is "safe"? Note that nothing is totally safe, however, if you specify some minimum requirements you can arrive at a concept reasonable.

  • When I talk about security I mean directly if the application exposes customer information or even makes your application easy to penetrate.

4 answers

3


If I understand correctly, it depends on both.

The API is often the differential of each language: I, for example, find C++ superior to Java as a language. But the Java API is extensively more practical than the C++ Standard Library. So if I had to choose between the two for a commercial project, I would probably choose Java.

Similar to systems Apis: It depends on who developed the API and who consumes it. But it depends chiefly who developed it.

If the API has been developed very safely but the client uses it poorly, this problem is unique to the client. The client may misexpose your data, but this will in no way affect the server.

Already if the API was developed with security loopholes, even the most careful of customers may have their security affected. It cannot make security changes to the server; it depends on that bad API. The most it can do is be careful in its application and hope that no one tries to use the poorly developed server to harm it.

In short: Depends on both, but mainly on who developed the API -- and not who consumes it.

1

Totally safe does not exist. The first question you should ask is: Safe to what type of attacks?

When I hear the word API, I understand that the person is making some library to do something. To improve the Android API, we have to code for the Android API. Now, if you want to improve a particular software, it depends on what you want to do. My system will do financial transactions. Fine, then you have to take several measures. Use your own keyboard so there is no keylogger. Check if your phone is rooted. https requests. To have security, you need to think like attacker

0

The security of information in systems depends almost entirely on the developer. No matter how many settings and how many security standards an application uses, you won’t have security if:

  1. Concatenate values into queries.
  2. List confidential data on a screen or report for some misconception.
  3. Allow admin user to manage Access Control and this gives unnecessary permission to users
  4. Not protecting the network properly
  5. Do not protect the database server properly

Anyway, regardless of the API, if the implementation gives legitimate access to data that someone could not access, it is useless to put several layers of security.

What could differentiate one API from the other can be the ease and flexibility to declare required permissions.

Obviously, I didn’t consider it possible bugs in Apis, so the suggestion is to use those that are already consolidated and are widely used, so that possible gaps are identified by the development community.

0

The security aspects reside on your server and not on Android or iOS, both platforms are robust and mature in terms of security.

I suggest to do on top of a good firewall and consolidated application server because they have already passed through a large security sieve in the past, if you choose to make a server environment in nodejs will be subject to many problems of vunerabilidades.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.