SlideShare a Scribd company logo

BDSE03-1121-API-PresentationTemplate.pptx

Download as PPTX, PDF
S
SudhanshuKachhotia

GUideline API

Education
1 of 18
Application Programming Interface Module Project Start Date : End Date : Submission Date : Module: Application Programming Interface Learner Name : Enrollment ID : Presentation Date :
Contents Contents S. No. Description 01 List of Tools used 02 What is API? 03 What is the role of API? 04 The range of APIs for a particular platform 05 Potential Security issues with API 06 The project requirements 07 Project Demo 08 The Strengths of Project API 09 The Weakness of Project API 10 Security Report 11 Review and reflect the application development
1. List of Tools used  React JS (Visual Studio Code)
1. List of Tools used  Spring Boot
1. List of Tools used
1. List of Tools used
2. What is API? Application Programming Interface (API) is a software interface that allows two applications to interact with each other without any user intervention. API is a collection of software functions and procedures. In simple terms, API means a software code that can be accessed or executed.
3. What is the role of API?  We use APIs in many cases like to get data for a web application or to connect to a remote server that has data like weather that keeps changing  To enable two applications to exchange data among each other. API not only provide reusability of code but also uses the concept of Abstraction
4. The range of APIs for a particular platform .
5. Potential Security Issues with APIs (a) Identify potential security issues with API 1. Injection Attacks - In an injection attack, a dangerous code is embedded into an unsecured software program to stage an attack, most notably SQLinjection and cross-site scripting. This exposure could, in fact, be manipulated by transferring untrusted data into the API as part of a query or command. The input is subsequently implemented by the interpreter which can result in an attacker obtaining unauthorized access to information or carry out other damages. 1. DoS Attacks - In a Denial of Service (DoS) attack, the attacker in most cases pushes enormous messages requesting the server or network toestablish requests consisting of invalid return addresses. The attack is capable of rendering a RESTful API into a non-functional situation if the appropriate security precautions are not adopted. In recent times, whether your API is exposed or not, it could possibly be accessible by other people (attackers inclusive). 1. Sensitive Data Exposure - Exposure of sensitive data caused by lack of encryption in transit or at rest may result in an attack. Sensitive Data Exposure happens whenever an application is unable to properly secure sensitive data. The information can differ from private health information to creditcard information, session tokens, passwords and a lot more tend to be venerable to attack. Sensitive data requires high security which includesencryption at rest or in transit, in addition to extraordinary safe practices when exchanged with the browser. 1. Broken Authentication - These particular problems can make an attacker to either bypass or take control of the authentication methods made use of bya web program. Missing or inadequate authentication can result in attack whereby JSON web tokens, API keys, passwords, etc. can be compromised. The aim of the attack is usually to take charge of several accounts, not to mention the attacker getting the equal privileges as the attacked user. Solely authenticated users should be given access to the APIs. 1. Broken Access Control - Access control, in some cases known as authorization, is how a web software allows access to functions and contents to certain people rather than everybody. Missing or inadequate access control can permit the attacker to gain control of other users accounts, alter accessprivileges, change data etc. 1. Man-In-The-Middle-Attack (MITM) - It’s when an attacker is secretly altering, intercepting, or relaying communications between two interacting systems and intercepts the private and confidential data passed between them. MITM attacks occur in two stages: interception and decryption.
6. The Project Requirements You have already developed a "Know-Your-Neighborhood" application. The goal of this application is to provide login/sign up using existing API. For this to happen, the application should have login button with available APIs. The Know-Your-Neighborhood website consists of the following Key pages 1. Home Page 2. Registration Page 3. Login Page with API link 4. Contact us Page 5. About us Page 6. Terms and Conditions Page Customers can login using the existing API and fetch basic information such as name, email from API.
7. The Project Demo
7. The Project Demo
7. The Project Demo
8. The Strengths of Project API
9. The Weaknesses of Project API
10. Security Report
11. Review and Reflect the application

Recommended

CEH Domain 5.pdf
CEH Domain 5.pdfCEH Domain 5.pdf
CEH Domain 5.pdfinfosec train
 
Domain 5 of the CEH: Web Application Hacking
Domain 5 of the CEH: Web Application HackingDomain 5 of the CEH: Web Application Hacking
Domain 5 of the CEH: Web Application HackingShivamSharma909
 
Top 10 Web App Security Risks
Top 10 Web App Security RisksTop 10 Web App Security Risks
Top 10 Web App Security RisksSperasoft
 
Security workshop - Lets get our hands dirty!!
Security workshop - Lets get our hands dirty!!Security workshop - Lets get our hands dirty!!
Security workshop - Lets get our hands dirty!!Manjyot Singh
 
Secure coding guidelines
Secure coding guidelinesSecure coding guidelines
Secure coding guidelinesZakaria SMAHI
 
Web and Mobile Application Security
Web and Mobile Application SecurityWeb and Mobile Application Security
Web and Mobile Application SecurityPrateek Jain
 
Alert logic anatomy owasp infographic
Alert logic anatomy owasp infographicAlert logic anatomy owasp infographic
Alert logic anatomy owasp infographicCMR WORLD TECH
 
Computer security system Unit1.pptx
Computer security system Unit1.pptxComputer security system Unit1.pptx
Computer security system Unit1.pptxVIRAJDEY1
 

Recommended

CEH Domain 5.pdf
CEH Domain 5.pdfCEH Domain 5.pdf
CEH Domain 5.pdfinfosec train
 
Domain 5 of the CEH: Web Application Hacking
Domain 5 of the CEH: Web Application HackingDomain 5 of the CEH: Web Application Hacking
Domain 5 of the CEH: Web Application HackingShivamSharma909
 
Top 10 Web App Security Risks
Top 10 Web App Security RisksTop 10 Web App Security Risks
Top 10 Web App Security RisksSperasoft
 
Security workshop - Lets get our hands dirty!!
Security workshop - Lets get our hands dirty!!Security workshop - Lets get our hands dirty!!
Security workshop - Lets get our hands dirty!!Manjyot Singh
 
Secure coding guidelines
Secure coding guidelinesSecure coding guidelines
Secure coding guidelinesZakaria SMAHI
 
Web and Mobile Application Security
Web and Mobile Application SecurityWeb and Mobile Application Security
Web and Mobile Application SecurityPrateek Jain
 
Alert logic anatomy owasp infographic
Alert logic anatomy owasp infographicAlert logic anatomy owasp infographic
Alert logic anatomy owasp infographicCMR WORLD TECH
 
Computer security system Unit1.pptx
Computer security system Unit1.pptxComputer security system Unit1.pptx
Computer security system Unit1.pptxVIRAJDEY1
 
Factors Affecting The Threat Agent Involved
Factors Affecting The Threat Agent InvolvedFactors Affecting The Threat Agent Involved
Factors Affecting The Threat Agent InvolvedJennifer Campbell
 
API Security Fundamentals
API Security FundamentalsAPI Security Fundamentals
API Security FundamentalsJosé Haro Peralta
 
Application Attacks & Application Layer Attacks
Application Attacks & Application Layer AttacksApplication Attacks & Application Layer Attacks
Application Attacks & Application Layer AttacksLearningwithRayYT
 
Domain 5 of the CEH Web Application Hacking.pptx
Domain 5 of the CEH Web Application Hacking.pptxDomain 5 of the CEH Web Application Hacking.pptx
Domain 5 of the CEH Web Application Hacking.pptxInfosectrain3
 
Security Awareness
Security AwarenessSecurity Awareness
Security AwarenessLucas Hendrich
 
OWASP
OWASPOWASP
OWASPgehad hamdy
 
C01461422
C01461422C01461422
C01461422IOSR Journals
 
Owasp Top 10-2013
Owasp Top 10-2013Owasp Top 10-2013
Owasp Top 10-2013n|u - The Open Security Community
 
Application security testing an integrated approach
Application security testing an integrated approachApplication security testing an integrated approach
Application security testing an integrated approachIdexcel Technologies
 
PROP - P ATRONAGE OF PHP W EB A PPLICATIONS
PROP - P ATRONAGE OF PHP W EB A PPLICATIONSPROP - P ATRONAGE OF PHP W EB A PPLICATIONS
PROP - P ATRONAGE OF PHP W EB A PPLICATIONSijcsit
 
Top Application Security Threats
Top Application Security Threats Top Application Security Threats
Top Application Security Threats ColumnInformationSecurity
 
TECHNIQUES FOR ATTACKING WEB APPLICATION SECURITY
TECHNIQUES FOR ATTACKING WEB APPLICATION SECURITYTECHNIQUES FOR ATTACKING WEB APPLICATION SECURITY
TECHNIQUES FOR ATTACKING WEB APPLICATION SECURITYijistjournal
 
1738 1742
1738 17421738 1742
1738 1742Editor IJARCET
 
1738 1742
1738 17421738 1742
1738 1742Editor IJARCET
 
Are you fighting_new_threats_with_old_weapons
Are you fighting_new_threats_with_old_weaponsAre you fighting_new_threats_with_old_weapons
Are you fighting_new_threats_with_old_weaponsBhargav Modi
 
OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)TzahiArabov
 
DataMindsConnect2018_SECDEVOPS
DataMindsConnect2018_SECDEVOPSDataMindsConnect2018_SECDEVOPS
DataMindsConnect2018_SECDEVOPSTobias Koprowski
 
T04505103106
T04505103106T04505103106
T04505103106IJERA Editor
 
WEB APPLICATION VULNERABILITIES: DAWN, DETECTION, EXPLOITATION AND DEFENSE
WEB APPLICATION VULNERABILITIES: DAWN, DETECTION, EXPLOITATION AND DEFENSEWEB APPLICATION VULNERABILITIES: DAWN, DETECTION, EXPLOITATION AND DEFENSE
WEB APPLICATION VULNERABILITIES: DAWN, DETECTION, EXPLOITATION AND DEFENSEAjith Kp
 
Application Security Vulnerabilities: OWASP Top 10 -2007
Application Security Vulnerabilities: OWASP Top 10 -2007Application Security Vulnerabilities: OWASP Top 10 -2007
Application Security Vulnerabilities: OWASP Top 10 -2007Vaibhav Gupta
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3JemimahLaneBuaron
 

More Related Content

Similar to BDSE03-1121-API-PresentationTemplate.pptx

Factors Affecting The Threat Agent Involved
Factors Affecting The Threat Agent InvolvedFactors Affecting The Threat Agent Involved
Factors Affecting The Threat Agent InvolvedJennifer Campbell
 
Application Attacks & Application Layer Attacks
Application Attacks & Application Layer AttacksApplication Attacks & Application Layer Attacks
Application Attacks & Application Layer AttacksLearningwithRayYT
 
Domain 5 of the CEH Web Application Hacking.pptx
Domain 5 of the CEH Web Application Hacking.pptxDomain 5 of the CEH Web Application Hacking.pptx
Domain 5 of the CEH Web Application Hacking.pptxInfosectrain3
 
Application security testing an integrated approach
Application security testing an integrated approachApplication security testing an integrated approach
Application security testing an integrated approachIdexcel Technologies
 
PROP - P ATRONAGE OF PHP W EB A PPLICATIONS
PROP - P ATRONAGE OF PHP W EB A PPLICATIONSPROP - P ATRONAGE OF PHP W EB A PPLICATIONS
PROP - P ATRONAGE OF PHP W EB A PPLICATIONSijcsit
 
TECHNIQUES FOR ATTACKING WEB APPLICATION SECURITY
TECHNIQUES FOR ATTACKING WEB APPLICATION SECURITYTECHNIQUES FOR ATTACKING WEB APPLICATION SECURITY
TECHNIQUES FOR ATTACKING WEB APPLICATION SECURITYijistjournal
 
Are you fighting_new_threats_with_old_weapons
Are you fighting_new_threats_with_old_weaponsAre you fighting_new_threats_with_old_weapons
Are you fighting_new_threats_with_old_weaponsBhargav Modi
 
OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)TzahiArabov
 
DataMindsConnect2018_SECDEVOPS
DataMindsConnect2018_SECDEVOPSDataMindsConnect2018_SECDEVOPS
DataMindsConnect2018_SECDEVOPSTobias Koprowski
 
WEB APPLICATION VULNERABILITIES: DAWN, DETECTION, EXPLOITATION AND DEFENSE
WEB APPLICATION VULNERABILITIES: DAWN, DETECTION, EXPLOITATION AND DEFENSEWEB APPLICATION VULNERABILITIES: DAWN, DETECTION, EXPLOITATION AND DEFENSE
WEB APPLICATION VULNERABILITIES: DAWN, DETECTION, EXPLOITATION AND DEFENSEAjith Kp
 
Application Security Vulnerabilities: OWASP Top 10 -2007
Application Security Vulnerabilities: OWASP Top 10 -2007Application Security Vulnerabilities: OWASP Top 10 -2007
Application Security Vulnerabilities: OWASP Top 10 -2007Vaibhav Gupta
 

Similar to BDSE03-1121-API-PresentationTemplate.pptx (20)

Factors Affecting The Threat Agent Involved
Factors Affecting The Threat Agent InvolvedFactors Affecting The Threat Agent Involved
Factors Affecting The Threat Agent Involved
 
API Security Fundamentals
API Security FundamentalsAPI Security Fundamentals
API Security Fundamentals
 
Application Attacks & Application Layer Attacks
Application Attacks & Application Layer AttacksApplication Attacks & Application Layer Attacks
Application Attacks & Application Layer Attacks
 
Domain 5 of the CEH Web Application Hacking.pptx
Domain 5 of the CEH Web Application Hacking.pptxDomain 5 of the CEH Web Application Hacking.pptx
Domain 5 of the CEH Web Application Hacking.pptx
 
Security Awareness
Security AwarenessSecurity Awareness
Security Awareness
 
OWASP
OWASPOWASP
OWASP
 
C01461422
C01461422C01461422
C01461422
 
Owasp Top 10-2013
Owasp Top 10-2013Owasp Top 10-2013
Owasp Top 10-2013
 
Application security testing an integrated approach
Application security testing an integrated approachApplication security testing an integrated approach
Application security testing an integrated approach
 
PROP - P ATRONAGE OF PHP W EB A PPLICATIONS
PROP - P ATRONAGE OF PHP W EB A PPLICATIONSPROP - P ATRONAGE OF PHP W EB A PPLICATIONS
PROP - P ATRONAGE OF PHP W EB A PPLICATIONS
 
Top Application Security Threats
Top Application Security Threats Top Application Security Threats
Top Application Security Threats
 
TECHNIQUES FOR ATTACKING WEB APPLICATION SECURITY
TECHNIQUES FOR ATTACKING WEB APPLICATION SECURITYTECHNIQUES FOR ATTACKING WEB APPLICATION SECURITY
TECHNIQUES FOR ATTACKING WEB APPLICATION SECURITY
 
1738 1742
1738 17421738 1742
1738 1742
 
1738 1742
1738 17421738 1742
1738 1742
 
Are you fighting_new_threats_with_old_weapons
Are you fighting_new_threats_with_old_weaponsAre you fighting_new_threats_with_old_weapons
Are you fighting_new_threats_with_old_weapons
 
OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)
 
DataMindsConnect2018_SECDEVOPS
DataMindsConnect2018_SECDEVOPSDataMindsConnect2018_SECDEVOPS
DataMindsConnect2018_SECDEVOPS
 
T04505103106
T04505103106T04505103106
T04505103106
 
WEB APPLICATION VULNERABILITIES: DAWN, DETECTION, EXPLOITATION AND DEFENSE
WEB APPLICATION VULNERABILITIES: DAWN, DETECTION, EXPLOITATION AND DEFENSEWEB APPLICATION VULNERABILITIES: DAWN, DETECTION, EXPLOITATION AND DEFENSE
WEB APPLICATION VULNERABILITIES: DAWN, DETECTION, EXPLOITATION AND DEFENSE
 
Application Security Vulnerabilities: OWASP Top 10 -2007
Application Security Vulnerabilities: OWASP Top 10 -2007Application Security Vulnerabilities: OWASP Top 10 -2007
Application Security Vulnerabilities: OWASP Top 10 -2007
 

Recently uploaded

Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3JemimahLaneBuaron
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...christianmathematics
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Krashi Coaching
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...fonyou31
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingTechSoup
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfAdmir Softic
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfagholdier
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxVishalSingh1417
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfciinovamais
 
social pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajansocial pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajanpragatimahajan3
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 
General AI for Medical Educators April 2024
General AI for Medical Educators April 2024General AI for Medical Educators April 2024
General AI for Medical Educators April 2024Janet Corral
 
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...Sapna Thakur
 

Recently uploaded (20)

Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptx
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
social pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajansocial pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajan
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
General AI for Medical Educators April 2024
General AI for Medical Educators April 2024General AI for Medical Educators April 2024
General AI for Medical Educators April 2024
 
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
 

BDSE03-1121-API-PresentationTemplate.pptx

  • 1. Application Programming Interface Module Project Start Date : End Date : Submission Date : Module: Application Programming Interface Learner Name : Enrollment ID : Presentation Date :
  • 2. Contents Contents S. No. Description 01 List of Tools used 02 What is API? 03 What is the role of API? 04 The range of APIs for a particular platform 05 Potential Security issues with API 06 The project requirements 07 Project Demo 08 The Strengths of Project API 09 The Weakness of Project API 10 Security Report 11 Review and reflect the application development
  • 3. 1. List of Tools used  React JS (Visual Studio Code)
  • 4. 1. List of Tools used  Spring Boot
  • 5. 1. List of Tools used
  • 6. 1. List of Tools used
  • 7. 2. What is API? Application Programming Interface (API) is a software interface that allows two applications to interact with each other without any user intervention. API is a collection of software functions and procedures. In simple terms, API means a software code that can be accessed or executed.
  • 8. 3. What is the role of API?  We use APIs in many cases like to get data for a web application or to connect to a remote server that has data like weather that keeps changing  To enable two applications to exchange data among each other. API not only provide reusability of code but also uses the concept of Abstraction
  • 9. 4. The range of APIs for a particular platform .
  • 10. 5. Potential Security Issues with APIs (a) Identify potential security issues with API 1. Injection Attacks - In an injection attack, a dangerous code is embedded into an unsecured software program to stage an attack, most notably SQLinjection and cross-site scripting. This exposure could, in fact, be manipulated by transferring untrusted data into the API as part of a query or command. The input is subsequently implemented by the interpreter which can result in an attacker obtaining unauthorized access to information or carry out other damages. 1. DoS Attacks - In a Denial of Service (DoS) attack, the attacker in most cases pushes enormous messages requesting the server or network toestablish requests consisting of invalid return addresses. The attack is capable of rendering a RESTful API into a non-functional situation if the appropriate security precautions are not adopted. In recent times, whether your API is exposed or not, it could possibly be accessible by other people (attackers inclusive). 1. Sensitive Data Exposure - Exposure of sensitive data caused by lack of encryption in transit or at rest may result in an attack. Sensitive Data Exposure happens whenever an application is unable to properly secure sensitive data. The information can differ from private health information to creditcard information, session tokens, passwords and a lot more tend to be venerable to attack. Sensitive data requires high security which includesencryption at rest or in transit, in addition to extraordinary safe practices when exchanged with the browser. 1. Broken Authentication - These particular problems can make an attacker to either bypass or take control of the authentication methods made use of bya web program. Missing or inadequate authentication can result in attack whereby JSON web tokens, API keys, passwords, etc. can be compromised. The aim of the attack is usually to take charge of several accounts, not to mention the attacker getting the equal privileges as the attacked user. Solely authenticated users should be given access to the APIs. 1. Broken Access Control - Access control, in some cases known as authorization, is how a web software allows access to functions and contents to certain people rather than everybody. Missing or inadequate access control can permit the attacker to gain control of other users accounts, alter accessprivileges, change data etc. 1. Man-In-The-Middle-Attack (MITM) - It’s when an attacker is secretly altering, intercepting, or relaying communications between two interacting systems and intercepts the private and confidential data passed between them. MITM attacks occur in two stages: interception and decryption.
  • 11. 6. The Project Requirements You have already developed a "Know-Your-Neighborhood" application. The goal of this application is to provide login/sign up using existing API. For this to happen, the application should have login button with available APIs. The Know-Your-Neighborhood website consists of the following Key pages 1. Home Page 2. Registration Page 3. Login Page with API link 4. Contact us Page 5. About us Page 6. Terms and Conditions Page Customers can login using the existing API and fetch basic information such as name, email from API.
  • 15. 8. The Strengths of Project API
  • 16. 9. The Weaknesses of Project API
  • 18. 11. Review and Reflect the application