Embedded Files
Introduction
Laymen explanatiion
Technical explanation
An Application Programming Interface (API) is a specification used by software components that defines how they communicate with each other. An API is a library that may include specification for routines, data structures, object classes, and variables.
Application Programming Interfaces (APIs) from cloud service providers may not be secure. When these code modules are included in your application, significant vulnerabilities may be introduced, including:
Easily exploited API keys used by web and cloud services to identify third-party applications
Anonymous access or reusable tokens or passwords
Clear-text authentication or transmission of content
Rigid access controls that can’t be easily customized
To protect against API attacks:
Consider implementing managed API’s
Audit managed API log files on a regular basis
Enforce strict access control (based on least privilege and need to know)
Implement segregation of duties and responsibilities
Implement lockouts for repeated incorrect password entry
Reference
https://en.wikipedia.org/wiki/Web_API
Page updated
Google Sites
Report abuse