Web Services Security

Gliimly - Oct 29 - - Dev Community

The security of web services is a broad subject, but there are a few common topics that one should be well aware. They affect if your web application, or an API service, will be a success or not.

Many web services provide an interface to a database. SQL injection is a very old, but nonetheless important issue. A naive implementation of SQL execution inside your code could open the door for a malicious actor to drop your tables, insert/update/delete records etc. Be sure that your back-end software is SQL injection proof.

No matter how careful you are about writing your web service code, memory safety is an important feature to have. It avoids exploitations such as buffer overwrites or underwrites, which can cause unexpected behavior. In addition, proper memory leak detection and prevention is important, especially because back-end services typically run as long-running processes, often times weeks and months without down-time. A leak could crash such a process simply because it would run out of memory, or could no longer open a new file.

A common issue is one of the security design. Some services are internal (or private), and some are external (or public). This means some are not meant to be called by an end-user from a web browser, or via an API from an outside caller. In fact, calling such service could be a huge security hole. Imagine if you had a service that updates your internal application data. Such a service clearly must never be called by an outside actor, rather it should only be accessible to your own services acting on behalf of such outside actors. Be sure that the back-end software you use has simple and clearly-defined ability to handle such scenarios. Even if so, sometimes overly complicated security schemes can be hard to implement correctly and can be just as detrimental.

Virtually all web services authenticate their users. It usually means using email address and password for login, as well as cookies for browser users, or tokens otherwise. Never keep passwords in plain text or even obscured, only as a one-way hash. This way even if your user database is stolen, passwords cannot be (easily) recovered.

Image
How Does Go Handle Multithreading and Concurrency Vis-A-Vis Other Languages

go, python, java, cpp
Image
Where Do You Think Car Key Repair Shop Near Me Be 1 Year From Right Now?
Image
5 Reasons Asbestos Lawyer Is Actually A Great Thing
Image
MOST DEPENDABLE BITCOIN RECOVERY ESTABLISHMENT-CODER CYBER SERVICES
Image
How to Validate a SaaS Idea Before Building an MVP

idea
Image
Solving the Common Problems of Worklogs in Jira

productivity, tooling, webdev, management
Image
Groovy for Jenkins Pipelines: The Complete Guide

jenkins, docker, 100daysofcode, devops
Image
Clove Processing Plant Project Report 2024: Industry Trends and Unit Setup
Image
Software Engineering Metrics: Demystifying the Numbers That Matter
Image
契約を Aleph Zero Testnet に展開する (開発者ガイド)
Image
Mastering the Ansible Fetch Module: Effortless File Retrieval

labex, ansible, coding, programming
Image
Situs Judi Online Yang Memberi Winrate 65% Serta Games Komplet
Image
5 Trending AI Tools

ai, aitools, productivity
Image
Tips For Explaining Key Fob Repair To Your Boss
Image
What Is StrongDM, and How dbForge Studio for PostgreSQL Supports It

postgres, postgressql, strongdm, database
Image
Bypassing CAPTCHA with Python: What’s the Challenge? Certain Nuances Exist
Image
Axios error/network error /Err connection Refuse/ mern proj
Image
Maximizing AWS Free Tier Benefits and Minimizing Costs

aws, beginners, cloud, cloudcomputing
Image
Ferrum Doesn’t Work on Heroku?

ferrum, pdf, rails, heroku
. . . . . . . . . . . .
Terabox Video Player