This and the followings texts will be part of my personal study about security for Web Applications. It represents a big challenge for me. For two reasons: First, because english is not my first language and I couldn't imagine to write a text in english at my life. And second, because security is a gap that I have at this exactly moment. And with this and others texts I want to win this two challenges and get enter in a beautiful and new world!
Just kidding lol, let's move on!
The importance of security and my shame
Security is an important them when we are building an information system, because in this kind of application we have private data going from a side to another. Then, it is not without importance (I know that must exists a better term for this) because in case of have our data stolen our users could be prejudiced and all the system would fall.
But unfortunately when we are building a product not always we are prioritizing build it considering that the best security practices is applied.
Last days I get interviewed and one of the questions was about security. In that time I see a lack of knowledge that I had in this topic. The question was very simple: "How you will store the password in database with security". And the only response that I gave was: "I could use md5 hash for store" HAHAHAHAHAHAHAHAHAHAHAH Jesus! What a shame!
This because in all projects that I've contributed the mechanism for security was granted by framework or by other then came before me and built it.
Then, when I got recovered from my shame feeling and put my self in the path of improving my security skills understanding from zero everything related to how to create secure RESTful APIs. I want to share my study path, bringing examples, sharing code and moving between theory and practice.
My initial point of study is a good text that I found at restfulapi.net. In this text the author explore an overview about the topic, sharing Security Design Principles and Best Practices in a very broad vision.
I would like based on this text, understand better each principle and how to apply as well as show in the practice how to implement the best practices using my preferred languages (I need to decide what first 😰).
Then for now, I'm just introducing the method. If you need to have faster more info about the theme. Start reading the restfulapi.net, it seems a very useful introduction! But If you are interested in follow my path, read the text and come back here to follow with me, I will try to start writing the next asap, I swear!
UPDATE: Continue to the next part here
Top comments (3)
nice i'm studying Web security too..
Cool @kirzin What about security you've been studied? I'm preparing the next article.
i'm studying how burp suite works