SOFTWARE ENGINEERING

SOFTWARE ENGINEERING TOOLS AND ENVIRONMENTS

AUTOMATED TESTING TOOLS

Please wait while the activity loads.
If this activity does not load, try refreshing your browser. Also, this page requires javascript. Please visit using a browser with javascript enabled.

If loading fails, click here to try again

Question [CLICK ON ANY CHOICE TO KNOW THE RIGHT ANSWER]

What is a best practice for securing an API?

A	Relying on the security of the underlying transport layer (e.g. HTTPS)
B	Storing sensitive data in plain text within the API
C	Using a combination of authentication, authorization, and encryption to secure the API
D	Disabling all security measures to improve performance

Explanation:

Detailed explanation-1: -At the very least you should use an API key (asymmetric key) or basic access authentication (user/password) to increase the difficulty of hacking your system. But you should consider using OAuth 2 as your protocol of choice for a robust security of your APIs.

Detailed explanation-2: -Always use TLS Every web API should use TLS (Transport Layer Security). TLS protects the information your API sends (and the information that users send to your API) by encrypting your messages while they’re in transit. You might know TLS by its predecessor’s name, SSL.

Detailed explanation-3: -Basic authentication is an HTTP-based authentication approach and is the simplest way to secure REST APIs. It uses a Base64 format to encode usernames and passwords, both of which are stored in the HTTP header.

There is 1 question to complete.