api security testing checklist

When designing, testing, or releasing a new web API, you build a new system on an original complex system. At least, you should also build on HTTP, while HTTP is based on TCP/IP, and TCP/IP is built on a series of pipelines. Of course, you also need to consider web servers and ApplicationsProgramFramework or API framework. It takes a long process to design, tes

it's better for geo-information support.DatabaseBonsai– Use the powerful RESTful search engine elasticsearch.Heroku Postgres– the best PostgreSQL hosting service.MONGOHQ– a personal favorite MongoDB database provider.Openredis– I will always use a Redis service provider that never loses data and has a strong ability to scale.Deployment/HostingHeroku– a good hosting company.Flynn– built on top of Docker, Heroku's strong competitor.MailSendgrid– sending mail through the

#1. ObjectiveiOS platform app security risk-related general checklist to ensure the quality and efficiency of the iOS Client Security assessment.#2. Data security# #2.1 Transport SecurityA review scenario for this type of vulnerability: The app sends or receives sensitive information, such as user passwords, user priva

become performance and bad. These are called Demonic Evil regexes: To group repeating text Duplicate content within a repeating group([a-zA-Z]+)*, (a+)+ or (a|a?)+ in the aaaaaaaaaaaaaaaaaaaaaaaa! face of such input, are fragile. This can cause a lot of computation. For more details, refer to Redos. You can use the Node.js tool Safe-regex this to detect your regular:‘(beep|boop)*‘true $ node safe.js ‘(a+){10}‘false Error handling error code, stack informationSome error scena

This article was intended to be written since very early last year and has never been available. It was just a short time when a salon talked about such things.In the past, security enthusiasts often studied local app security, such as remote control, application cracking, and information theft,Most people have not noticed the security issues on the app server, s

IOS Application Security testing Cheat Sheet[Hide] 1 DRAFT CHEAT sheet-work in PROGRESS 2 Introduction 3 information gathering 4 Application Traffic analysis 5 Runtime Analysis 6 Insecure Data storage 7 Tools 8 related articles 9 Authors and Primary Editors Ten other cheatsheets DRAFT CHEAT sheet-work in PROGRESSIntroductionThis cheat sheet provides a

Are you still looking for a tool to complete your daily activities, or are you just looking for new tools that you can try to play? No need to worry, because today is your lucky day! Today, I will mention a variety of links, resources and editing tools that can be used for penetration testing, computer forensics, security, and hacking techniques.toolswatch.orgToolswatch.org is maintained by NJ Ouchn (@tools

Considerations and testing methods for DDOS Security Products in the Internet cloud ecosystem (I)The three elements of DDOS attack security are "confidentiality", "integrity", and "availability". DOS (Denial of Service) targets "availability" of services ". This attack method exploits the network service functional defects of the target system or directly consume

important, especially for external interfaces, and it takes time to carefully test and analyze the code carefully.Safety is a very important thing, take time to ponder.Python learning is also very easy to learn, one hours to learn the grammar.A concise tutorial for Python:http://woodpecker.org.cn/abyteofpython_cn/chinese/At the same time penetration testing, a lot of security scanning tools are written in

) this.width=650; "Src=" http://dl2.iteye.com/upload/attachment/0104/4930/ 42dba9b5-37e7-3a08-b4f8-b66bd8fbea77.jpg "width=" "height=" "style=" border:0px;/>Summarize:the whole idea has been very clear, then actually to do is to let this process automation, anti-compilation after a problem, the URL is not necessarily complete, many URLs are stitching up, I try to write a set of analysis engine, automated anti-compilation, and then through the analysis of the source code, stitching the full

0x01 scenario Hypothesis0x02 Chrome0x03 Firefox0x04 IE0x05 Conclusion-0x01 scenario HypothesisThree browser developer tool use and page debugging skills, this article does not describe, only said in the security test encountered the situation.Consider the following scenario: To do a security test for a Web application now, the client/server uses HTTPS bidirectional authentication, and the client uses a tool

rules of encryption, the server received the data after the same rules of security encryption, verify that the data has not been tampered with, then the data modification processing. Therefore, we can specify different encryption keys for different access methods, such as Web/app/winfrom, but the secret key is agreed by both parties, and is not transmitted on the network connection, the connection transmission is generally the appid of this access, T

, RES resource file, assets configuration file, Lib library file, We can search directly for Smali files and resource files to find links and so on.Use the app to find your website real IPIn addition to the app service side of the vulnerability, there is a more fun way to use, through the collection of sub-domain IP in the app to find the real IP of the target site, according to experience, most of the app's interface is not using services such as CDN.Embarrassing Encyclopedia Real IPSecond, Htt

An open-source mobile security testing framework-MobSF The Mobile Security Framework (MobSF) is an intelligent and integrated automatic testing framework for open-source mobile apps (Android/iOS, able to perform static and dynamic analysis on the above two mobile apps (currently, only Android is supported for dynamic

Learning Android Application Security Testing from scratch (Part3)In this section, we will look at how to conduct attack tests on components in Android applications. Read the first two sections ( http://www.bkjia.com/Article/201504/388673.html , http://www.bkjia.com/Article/201504/388674.html ) Before that, you understand where the components in Android apps are sacred. Android components constitute the bas