REST API WebService Security resources

[cyber research]

Could you please help me with checklist/resources for protecting Web Service REST API's calls which is exposed to internet.

It will be really good if you share any generic checklist that you're tracking for day 2 day activities while validating WebServices security

• When to go for JSON or When to go XML content over REST API's ?
• What ext for secure REST calls?

Note : This is for building Secure REST API based Webservice calls faced to internet.

Thanks & Regards,

$@!001

[Akash Mahajan]

A good place to start is the OWASP REST Security Cheat Sheet - https://www.owasp.org/index.php/REST_Security_Cheat_Sheet

Another popular checklist is by Shieldfy https://github.com/shieldfy/API-Security-Checklist 

As to your question about JSON or XML I am not sure that is a security requirement either ways. That choice should depend on the API requirement and design. 

I am not sure I understand the following question.

What ext for secure REST calls?

--
______________________________________________________________________________
null - Spreading the right Information
null Mailing list charter: http://null.co.in/section/about/null_list_charter/
---
You received this message because you are subscribed to the Google Groups "null" group.
To unsubscribe from this group and stop receiving emails from it, send an email to null-co-in+unsubscribe@googlegroups.com.
Visit this group at https://groups.google.com/group/null-co-in.
For more options, visit https://groups.google.com/d/optout.

--

Warm regards,
Akash Mahajan

That Web Application Security Guy | +91 99 805 271 82
akashm.com | @makash on twitter | linkd.in/webappsecguy
OWASP Bangalore Chapter Lead | null Community Manager