Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
RESTful Java Web Services

You're reading from   RESTful Java Web Services A pragmatic guide to designing and building RESTful APIs using Java

Arrow left icon
Product type Paperback
Published in Nov 2017
Publisher
ISBN-13 9781788294041
Length 420 pages
Edition 3rd Edition
Languages
Tools
Arrow right icon
Author (1):
Arrow left icon
Balachandar Bogunuva Mohanram Balachandar Bogunuva Mohanram
Author Profile Icon Balachandar Bogunuva Mohanram
Balachandar Bogunuva Mohanram
Arrow right icon
View More author details
Toc

Table of Contents (11) Chapters Close

Preface 1. Introducing the REST Architectural Style FREE CHAPTER 2. Java APIs for JSON Processing 3. Introducing the JAX-RS API 4. Advanced Features in the JAX-RS APIs 5. Introducing JAX-RS Implementation Framework Extensions 6. Securing RESTful Web Services 7. Description and Discovery of RESTful Web Services 8. RESTful API Design Guidelines 9. The Role of RESTful APIs in Emerging Technologies 10. Useful Features and Techniques

Key considerations for securing RESTful services

In the previous sections, we covered in detail the various techniques for securing the RESTful services. Some of the best practices, apart from authentication and authorization, that are worth considering for securing RESTful services are listed as follows:

  • A whitelist is a list of allowable actions on an entity; it is the reverse of blacklisting. It is important for a RESTful service to mention only the allowable action verbs such as GET/POST, so the other actions, even if triggered by the client, are denied.
  • Validation of the URL is a must for RESTful services, as attackers tamper with the URL to perform injection attacks. Avoid encoding sensitive information in the URL.
  • Ensure that the RESTful service definition includes the allowed content type.
  • Ensure that the perimeter-level security is enabled using firewalls for enterprise...
lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image