Secure API depends entirely on the developer or platform? [closed]

-1

What challenges does the programmer find to make their API fully secure? When I speak of security I mean directly whether the application exposes the client's information or even leaves its application easy to penetrate.

Depends entirely on the programmer or platform? (Android or Iphone).

    
asked by anonymous 29.01.2014 / 15:20

4 answers

3

If I understand correctly, it depends on both.

The API is often the differential of each language: I, for example, find C ++ superior to Java as a language. But the Java API is extensively more practical than the C ++ Standard Library. So if I had to choose between the two for a commercial project, I would probably choose Java.

Similar to system APIs: It depends on who developed the API and who consumes it. But it depends mainly on who developed it.

If the API was developed very securely but the client uses it poorly, this problem is unique to the client. The client may misrepresent your data, but this will not affect the server in any way.

Whether the API has been developed with security breaches, even the most careful of customers can have their security affected. It can not make security changes on the server; it depends on that bad API. The most he can do is be careful in his application and hope that no one tries to use the malformed server to harm him.

Summarizing : It depends on both, but mainly on who developed the API - not who consumes it.

    
29.01.2014 / 15:31
1

Totally secure does not exist. The first question you should ask is: What type of attacks are safe?

When I hear the word API, I understand that the person is doing some library to do something. To improve the Android API, we have to codify for the Android API. Now, if you want to improve a certain software, it depends on what you want to do. My system will make financial transactions. Well, then, you have to take several steps. Use a keyboard of your own so there is no keylogger. Make sure your phone is rooted. Make https requests. To be safe, you have to think like an attacker

    
29.01.2014 / 17:04
0

Information security on systems depends almost entirely on the developer. No matter how many settings and how many security defaults an application uses, you will not have security if:

  • Concatenate values in queries.
  • List sensitive data on a screen or report for some misunderstanding.
  • Allow the admin user to manage Access Control and this gives unneeded permission to users
  • Do not secure the network properly
  • Do not secure the database server properly
  • Finally, regardless of the API, if the implementation gives legitimate access to data that someone could not access, it's no use putting multiple layers of security.

    What could differentiate one API from another might be the ease and flexibility to declare the necessary permissions.

    Obviously, I did not consider possible bugs in the APIs, so the suggestion is to use those that are already consolidated and are widely used, so that possible gaps are identified by the development community. >     

    29.01.2014 / 15:56
    0

    Security aspects reside on your server, not on Android or iOS, both platforms are robust and mature in terms of security.

    I suggest doing on top of a good firewall and application server consolidation because they have already gone through a large security screen in the past, if you choose to make a server environment on nodejs will be subject to many problems of vunerabilities. p>     

    29.01.2014 / 17:30