BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BDSE03-1121-API-PresentationTemplate.pptx
1. Application Programming Interface
Module Project
Start Date :
End Date :
Submission Date :
Module: Application Programming Interface
Learner Name :
Enrollment ID :
Presentation Date :
2. Contents
Contents
S. No. Description
01 List of Tools used
02 What is API?
03 What is the role of API?
04 The range of APIs for a particular platform
05 Potential Security issues with API
06 The project requirements
07 Project Demo
08 The Strengths of Project API
09 The Weakness of Project API
10 Security Report
11 Review and reflect the application development
3. 1. List of Tools used
React JS (Visual Studio Code)
7. 2. What is API?
Application Programming Interface (API) is a
software interface that allows two applications to
interact with each other without any user
intervention. API is a collection of software
functions and procedures. In simple terms, API
means a software code that can be accessed or
executed.
8. 3. What is the role of API?
We use APIs in many cases like to get data for a web application or
to connect to a remote server that has data like weather that keeps
changing
To enable two applications to exchange data among each other.
API not only provide reusability of code but also uses the concept
of Abstraction
10. 5. Potential Security Issues with APIs
(a) Identify potential security issues with API
1. Injection Attacks
- In an injection attack, a dangerous code is embedded into an unsecured software program to stage an attack, most notably SQLinjection and
cross-site scripting. This exposure could, in fact, be manipulated by transferring untrusted data into the API as part of a query or command. The
input is subsequently implemented by the interpreter which can result in an attacker obtaining unauthorized access to information or carry out
other damages.
1. DoS Attacks
- In a Denial of Service (DoS) attack, the attacker in most cases pushes enormous messages requesting the server or network toestablish requests
consisting of invalid return addresses. The attack is capable of rendering a RESTful API into a non-functional situation if the appropriate security
precautions are not adopted. In recent times, whether your API is exposed or not, it could possibly be accessible by other people (attackers
inclusive).
1. Sensitive Data Exposure
- Exposure of sensitive data caused by lack of encryption in transit or at rest may result in an attack. Sensitive Data Exposure happens whenever an
application is unable to properly secure sensitive data. The information can differ from private health information to creditcard information,
session tokens, passwords and a lot more tend to be venerable to attack. Sensitive data requires high security which includesencryption at rest or
in transit, in addition to extraordinary safe practices when exchanged with the browser.
1. Broken Authentication
- These particular problems can make an attacker to either bypass or take control of the authentication methods made use of bya web program.
Missing or inadequate authentication can result in attack whereby JSON web tokens, API keys, passwords, etc. can be compromised. The aim of
the attack is usually to take charge of several accounts, not to mention the attacker getting the equal privileges as the attacked user. Solely
authenticated users should be given access to the APIs.
1. Broken Access Control
- Access control, in some cases known as authorization, is how a web software allows access to functions and contents to certain people rather than
everybody. Missing or inadequate access control can permit the attacker to gain control of other users accounts, alter accessprivileges, change
data etc.
1. Man-In-The-Middle-Attack (MITM)
- It’s when an attacker is secretly altering, intercepting, or relaying communications between two interacting systems and intercepts the private and
confidential data passed between them. MITM attacks occur in two stages: interception and decryption.
11. 6. The Project Requirements
You have already developed a "Know-Your-Neighborhood"
application.
The goal of this application is to provide login/sign up using
existing API.
For this to happen, the application should have login button with
available APIs.
The Know-Your-Neighborhood website consists of the following
Key pages
1. Home Page
2. Registration Page
3. Login Page with API link
4. Contact us Page
5. About us Page
6. Terms and Conditions Page Customers can login using the
existing API and fetch basic information such as name, email from
API.