The Principle of Least Privilege

Learn about protecting APIs from attacks, the principle of least privilege, root level vulnerability, containers and least privilege, and container images.

Protecting APIs

The final entry in the Top 10 is also a newcomer to the list. The rise of REST and rich clients elevated APIs to a primary architectural concern. For some companies, the API is their entire product. It’s essential to make sure that APIs are not misused.

Security scanners have been slow to tackle APIs. In part, this is because there’s no standard metadata description about how an API should work. That makes it hard for a testing tool to glean any information about it. After all, if we can’t tell how it should work, how do we know when it’s broken?

To make things even harder, APIs are meant to be used by programs. Well, attack tools are also programs. If an attack tool presents the right credentials and access tokens, it’s indistinguishable from a legitimate user.

Create a free account to view this lesson.

By signing up, you agree to Educative's Terms of Service and Privacy Policy