Underprotected APIs

pattern: bulkheading to limit the size of hacks

pattern: communicate with most secure possbile

• public-facing API: TLS

• • pattern: configure to reject protocol downgrades

  • pattern: keep root Certificate Authority (CA) files up to date

• business-to-business: bi-directional certificates

pattern: verify with generative testing library that your parser (JSON / XML / ...) is hardened against malicious input

pattern: fuzz-testing APIs & check failure responses rejects safely

(src:

• Model: OWASP top 10

• Book: release it! - Michael Nygard)