The Principle of Least Privilege

Learn about protecting APIs from attacks, the principle of least privilege, root level vulnerability, containers and least privilege, and container images.

We'll cover the following

Protecting APIs
The principle of least privilege?
Root-level vulnerability

Containers and least privilege
Container image as perishable goods

Protecting APIs

The final entry in the Top 10 is also a newcomer to the list. The rise of REST and rich clients elevated APIs to a primary architectural concern. For some companies, the API is their entire product. It’s essential to make sure that APIs are not misused.

Security scanners have been slow to tackle APIs. In part, this is because there’s no standard metadata description about how an API should work. That makes it hard for a testing tool to glean any information about it. After all, if we can’t tell how it should work, how do we know when it’s broken?

To make things even harder, APIs are meant to be used by programs. Well, attack tools are also programs. If an attack tool presents the right credentials and access tokens, it’s indistinguishable from a legitimate user.

Create a free account to view this lesson.

By signing up, you agree to Educative's Terms of Service and Privacy Policy

Living in Production

The Exception That Grounded an Airline

Stabilize Your System

Stability Antipatterns

Failures And Blockages

Force Multiplier

Stability Patterns

Launching An Online Store

Foundations

Processes on Machines

Interconnect

Control Plane

Security

Design for Deployment

Handling Versions

Case Study: Trampled by Your Own Customers

Adaptation

System Architecture

Information Architecture

Chaos Engineering

Bibliography

The Principle of Least Privilege

Protecting APIs