Protección de APIs REST

Hernando Calleja, Daniel

Please use this identifier to cite or link to this item: http://hdl.handle.net/10609/132467

Title:	Protección de APIs REST
Author:	Hernando Calleja, Daniel
Tutor:	Canto Rodrigo, Pau del
Others:	Garcia-Font, Victor
Abstract:	The purpose of this work is to analyze the security context in REST APIs, identify the main vulnerabilitys faced by this type of architecture and list some of the possible solutions to them. This analysis has been carried out through a proof of concept in which a REST API created for this purpose has been defined, codified and protected. For its protection, an API Management product, WSO2 API Manager, has been used, positioning itself as an intermediary for the accesses that the API provides. This product allows adding a security layer between the consumer and the producer of the API independent to them, so that it has been installed and configured to protect the API against practical examples of the main attacks of which this type of REST architecture is objective. For the construction of the REST API, technological standards such as OpenAPI 3.0 or Spring Boot have been used, while for the protection of the API, security mechanisms such as HTTPS and JWS have been used. For the authentication and authorization of access to the API, the OAuth standard has been used, applying all these options in a transversal way through the configuration of the API Manager. The conclusions obtained have been satisfactory, since it has been possible to undertake protection actions against the vulnerabilities identified as most important through the proposed solution.
Keywords:	API REST OAuth
Document type:	info:eu-repo/semantics/masterThesis
Issue Date:	1-Jun-2021
Publication license:	http://creativecommons.org/licenses/by-nc-nd/3.0/es/
Appears in Collections:	Trabajos finales de carrera, trabajos de investigación, etc.