API-Security
Security_Engineer_Interview_Questions
Our great sponsors
API-Security | Security_Engineer_Interview_Questions | |
---|---|---|
15 | 4 | |
1,933 | 1,110 | |
1.8% | - | |
6.2 | 4.1 | |
11 days ago | about 2 months ago | |
Dockerfile | ||
GNU General Public License v3.0 or later | - |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
API-Security
-
What's the problem with my API?
Check the top 10 API security by OWASP
-
Quick Privacy Question
In the end this is a security oversight known as excessive data exposure (OWASP - API3:2019) of Riot and as long as they keep sending this info people will be able to see it.
-
Implementing decent security
Check out ----, https://github.com/OWASP/API-Security
-
API without authentication severity?
If incorrect API authentication mechanisms implementation considered as Broken User Authentication, how severe the one without authentication at all? Critical? or high?
-
Feedbak for an article on API Security Maturity Model+
The OWASP top 10 API security risks are posted on their GitHub here. As OWASP shows, because APIs are open to the network:
-
API10:2019 - Insufficient Logging & Monitoring
More cases and prevention methods can be found on the OWASP API Security Top 10 official repository
- API9:2019 - Improper Assets Management
- API8:2019 - Injection
-
API7:2019 - Security Misconfiguration
OWASP API-Security repo
- API6:2019 - Mass Assignment
Security_Engineer_Interview_Questions
- I'm preparing for the interview and I've curated a list of resources that might be helpful for you also.
- Basics/Fundamentals - Security Engineer
-
Amazon Security Engineer Intern interview next week
I also found this list of common interview questions - https://github.com/tadwhitaker/Security_Engineer_Interview_Questions/blob/master/security-interview-questions
What are some alternatives?
API-Security-Checklist - Checklist of the most important security countermeasures when designing, testing, and releasing your API
Application-Security-Engineer-Interview-Questions - Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer
wstg - The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
awesome-appsec - A curated list of resources for learning about application security
bugbounty-cheatsheet - A list of interesting payloads, tips and tricks for bug bounty hunters.
offensiveinterview - Interview questions to screen offensive (red team/pentest) candidates
see awesome-security - A collection of awesome software, libraries, documents, books, resources and cools stuffs about security.
Interview_Tips - Summary of Cyber Security interview questions I have been through, hope this helps
rift-explorer - 🛠Explore the API of the League of Legends client