Please use this identifier to cite or link to this item:

http://hdl.handle.net/10609/132467
Title: Protección de APIs REST
Author: Hernando Calleja, Daniel
Director: Garcia Font, Victor  
Tutor: Canto Rodrigo, Pau del
Keywords: API
REST
OAuth
Issue Date: 1-Jun-2021
Publisher: Universitat Oberta de Catalunya (UOC)
Abstract: The purpose of this work is to analyze the security context in REST APIs, identify the main vulnerabilitys faced by this type of architecture and list some of the possible solutions to them. This analysis has been carried out through a proof of concept in which a REST API created for this purpose has been defined, codified and protected. For its protection, an API Management product, WSO2 API Manager, has been used, positioning itself as an intermediary for the accesses that the API provides. This product allows adding a security layer between the consumer and the producer of the API independent to them, so that it has been installed and configured to protect the API against practical examples of the main attacks of which this type of REST architecture is objective. For the construction of the REST API, technological standards such as OpenAPI 3.0 or Spring Boot have been used, while for the protection of the API, security mechanisms such as HTTPS and JWS have been used. For the authentication and authorization of access to the API, the OAuth standard has been used, applying all these options in a transversal way through the configuration of the API Manager. The conclusions obtained have been satisfactory, since it has been possible to undertake protection actions against the vulnerabilities identified as most important through the proposed solution.
Language: Spanish
URI: http://hdl.handle.net/10609/132467
Appears in Collections:Bachelor thesis, research projects, etc.

Share:
Export:
Files in This Item:
File Description SizeFormat 
dhernandocTFM0621memoria.pdfMemoria del TFM5.75 MBAdobe PDFView/Open

This item is licensed under a Creative Commons License Creative Commons