Which are two best practices used to secure APIs? (Choose two.)

  • use reputable and standard libraries to create the APIs
  • make internal API documentation mandatory
  • keep API implementation and API security into one tier allowing the API developer to work on both facets simultaneously
  • secure API services to provide HTTP endpoints only
  • discussing company API development (or any other application development) on public forums
Explanation & Hints:

The following are several general best practices and recommendations for securing APIs:

  • Secure API services to provide HTTPS endpoints with only a strong version of TLS.
  • Validate parameters in the application and sanitize incoming data from API clients.
  • Explicitly scan for common attack signatures; injection attacks often betray themselves by following common patterns.
  • Use strong authentication and authorization standards.
  • Use reputable and standard libraries to create the APIs.
  • Segment API implementation and API security into distinct tiers; doing so frees up the API developer to focus completely on the application domain.
  • Identify what data should be publicly available and what information is sensitive.
  • If possible, have a security expert do the API code verification.
  • Make internal API documentation mandatory.
  • Avoid discussing company API development (or any other application development) on a public forum.

For more Questions and Answers:

Ethical Hacker Course Final Exam Answers Full 100%