Resource links from July meeting (API security and Scotch Box)

[Chris Spruck]

Hi everyone!

Below are the resource links from our talks at the July meeting - Anthony Green on API Security and Garrett Rappaport on Scotch Box VMs.

Here are the API resource links from Anthony:

OWASP RESTful API
https://www.owasp.org/index.php/REST_Security_Cheat_Sheet

OWASP HTTP Headers
https://www.owasp.org/index.php/OWASP_Secure_Headers_Project#tab=Headers

OAuth
http://oauth.net/

OpenID Connect
http://openid.net/connect/

JWT
https://jwt.io/

Let’s Encrypt TLS Certificate Project
https://letsencrypt.org/

Anthony also offered a PDF of his slides with his speaker notes added, but we won't post it openly, as he's also giving the talk at http://connect.tech here in Atlanta in October (and submitted it elsewhere). Please email me *directly only* (ch...@atlantaphp.org) if you'd like a copy of this PDF.

And Garrett's links for Scotch Box resources:

https://github.com/syntacticNaCl/scotch-box-talk - Garret's presentation

https://gist.github.com/syntacticNaCl/32dd38ad9a19adebf546e06329ec9beb - reference links

Thanks!

Chris

[Chris Spruck]

One quick addition regarding a great tool for working with APIs. Tunc, a new group member, mentioned the following to me:

When it comes to working with APIs, there is a tool I use which has been a life (time) saver in many ways. I wish I had mentioned it during the meeting and shared it with the group. It's called Postman. https://www.getpostman.com/ It helps isolate the API commands with the rest of code. I usually approach my development in two steps and Postman helps me make sure I have the API part setup properly, before I proceed with my own code.

If anyone has any other good suggestions for tools, tutorials, etc. feel free to respond to this thread.

Chris

[Dave Mednick]

Have been using the Chrome ARC extension for a while. It's a great testing tool and very flexible.

https://chrome.google.com/webstore/detail/advanced-rest-client/hgmloofddffdnphfgcellkdfbfbjeloo?hl=en-US