Let's take a break from the usual discourse that pops up on Twitter to talk about security and privacy. We recently had several significant data breaches in Australia. One, in particular, allowed data from more than 11 million customers to be stolen. The culprit an unauthorized and public API endpoint. Seriously what were they thinking?
So why am I bringing this up? Security often gets missed, or your manager cares more about pushing a feature and thinks security is something you can add later. Security and privacy should be woven into the planning, design and development process. We should care about data breaches affecting our customers. It's much easier for people in tech to protect themselves when their data is stolen than for everyday people. Let's put our end users first.
Hopefully, the security-focused round-up helps.
Monthly API Round-Up
Our monthly round-up of articles, news and updates from the web.
Cloudflare gives us an overview of API security, some common security risks, and how these are exploited.
A top ten list of security threats for APIs, including example attack scenarios. The 2023 list by OWASP is still in draft, and a request for comments is open, meaning there is still time to give your feedback.
NGINX covers some best practices for protecting your APIs and a short intro into API security. I like how this article covers the differences in threats between SOAP, REST and GraphQL APIS.
Many APIs are built and deployed as containers, so securing them is essential. I try to avoid using blog posts from a company selling you a tool/service, but Snyk is a great tool, and this post covers the basics nicely.
APIs You Won't Hate
The latest content from the team at API's You Won't Hate.
On this episode of APIs You Won't Hate (the podcast), Or Weis from Permit.io talks to mike about permissions, authentication, authorization, and the challenges facing developers building out products for real people. There is a lot to learn, and getting permissions right is critical to building great products.
Our writeup on using Spectral to create rules to help prevent the top 10 biggest security threats as found by the OWASP API Security Project
💌 Updates coming twice a month! Mike and Phil have been extremely busy with work, and I have been holidaying in Norway. The good news is the newsletter is now coming at you twice a month on the 1st and 15th. Feedback is always welcome, so feel free to contact me in our Slack group.
From Our Community
Articles written and shared in our free Slack community.
Here is a killer of an article from our community member Joyce Stack about how she looked to improve the API design process with her team. Phil was so impressed he shared it himself with the Slack community.
Want to know why Phil is not on every episode of the podcast? Well, he is trying to save the world from climate change with an amazing team of volunteers. Phil recently got an electric van and decided to give you an insight into his life and a review of how the van has changed it.
Thanks so much for reading! If you found this helpful, consider sharing it with a friend. It helps us out a great deal. Until next time...!