Master the Secure REST API Before Your Next Interview.png

Digital threats emerge every day around the world. This course will help you build REST APIs with minimal vulnerabilities.

This course diligently crafts the security design around the REST API and gears you up to a Secure Software Development Life Cycle (SSDLC). You’ll learn REST security from start to finish. This includes client and server rendering, the architectural constraints of REST, SSL/TLS/X.509 certificates, choosing the right TLS protocol, version, ciphers, forward secrecy, and the seven tenets of Zero Trust. You’ll also learn how and where to position access control in monolithic and microservices. You’ll also learn to make your application stateless using JWT, and learn the nuances of JWT security, how to put input validation to good use, choosing the right HTTP method to use, and the best practices for various content types.

By the end of this course, you’ll be able to build your next REST API and be confident in its security as measured by the common vulnerability scoring system (CVSS3.1).

Will be provided later

Securing REST API for Web Applications and Services

## Additional controls to ensure that HTTPS is fully secured

**Choosing the right protocol and the right version**


SSL is not considered secure and it is instead recommended that we use only TLS 1.2 or 1.3.  The [CVE website](https://cve.mitre.org/) hosts the list of all publicly exposed vulnerabilities for protocols. It allows us to search for the given component, research if are any open vulnerabilities, and see if a fix is present for that vulnerability.


**Choosing the right ciphers**

A **cipher suite** is a set of algorithms that help secure a network connection. Think of cipher as a means of encrypting the data. Let’s take the most simplistic example of encoding “HELLO.”

To help understand ciphers, let’s talk about the **Caesar cipher**. This cipher is named after Julius Caesar of ancient Rome. It is a type of substitution cipher where each letter of the original (plaintext) message is substituted with another letter. Typically, it is 3 letters shifted to the right.

# Additional controls to ensure that HTTPS is fully secured

**Choosing the right protocol and the right version**


SSL is not considered secure and it is instead recommended that we use only TLS 1.2 or 1.3.  The [CVE website](https://cve.mitre.org/) hosts the list of all publicly exposed vulnerabilities for protocols. It allows us to search for the given component, research if are any open vulnerabilities, and see if a fix is present for that vulnerability.


**Choosing the right ciphers**

A **cipher suite** is a set of algorithms that help secure a network connection. Think of cipher as a means of encrypting the data. Let’s take the most simplistic example of encoding “HELLO.”

To help understand ciphers, let’s talk about the **Caesar cipher**. This cipher is named after Julius Caesar of ancient Rome. It is a type of substitution cipher where each letter of the original (plaintext) message is substituted with another letter. Typically, it is 3 letters shifted to the right.

In this lesson, we’ll learn additional controls for HTTPS Security including the right protocol, version, and cipher.

Securing REST API

Additional Controls for HTTPS Security

Additional controls to ensure that HTTPS is fully secured