[Owasp-leaders] REST Security - HELP!

Erlend Oftedal Erlend.Oftedal at BEKK.no
Mon Nov 26 13:12:39 UTC 2012


I'd like us to keep a section on using Authorization headers. REST services are used both browser-to-server and server-to-server. Twitter which is used as an example, supports OAuth which is not session/cookie-based, but is using the Authorization header together which signed values, nonces and timestamps to avoid forgery. Amazon S3 has similar ways of creating signed requests without involving sessions.

Best regards
Erlend


________________________________________
Fra: vanderaj vanderaj [vanderaj at owasp.org]
Sendt: 26. november 2012 13:03
To: Erlend Oftedal
Cc: Jim Manico; owasp-leaders at lists.owasp.org
Emne: Re: [Owasp-leaders] REST Security - HELP!

I've given it a jolly good update. Please check it out.

Improvements welcome.

thanks,
Andrew

On Mon, Nov 26, 2012 at 8:29 PM, Erlend Oftedal <Erlend.Oftedal at bekk.no> wrote:
> I've added quite a few bits to it now.
>
> Best regards,
> Erlend oftedal
>
>
> ________________________________________
> Fra: owasp-leaders-bounces at lists.owasp.org [owasp-leaders-bounces at lists.owasp.org] på vegne av Jim Manico [jim.manico at owasp.org]
> Sendt: 26. november 2012 00:19
> To: vanderaj vanderaj
> Cc: owasp-leaders at lists.owasp.org
> Emne: Re: [Owasp-leaders] REST Security - HELP!
>
>  >I will take this on, as it's relevant to my interests ... today :)
>
> So does that mean you will have it done today, Andrew?
>
> *wink*
>
> Thanks for your help. :)
>
> Aloha,
> Jim
>
>
>> I will take this on, as it's relevant to my interests ... today :)
>>
>> thanks
>> Andrew
>>
>> On Mon, Nov 26, 2012 at 10:05 AM, Jim Manico <jim.manico at owasp.org> wrote:
>>> Leaders,
>>>
>>> Go Google "REST Security" and the OWASP Cheat Sheet on REST security pops up
>>> first. Unfortunately this cheat sheet is very minimal and in DRAFT mode!
>>>
>>> https://www.owasp.org/index.php/REST_Security_Cheat_Sheet
>>>
>>> Help!
>>>
>>> Does anyone with a solid understanding of REST Security from a defense point
>>> of view care to jump in and help complete this cheat sheet on REST Security?
>>>
>>> This does NOT have to be a comprehensive guide, just a "cheat" that
>>> describes the most important defenses.
>>>
>>> Thanks all,
>>>
>>> Jim Manico
>>> @Manicode
>>> OWASP Volunteer
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders


More information about the OWASP-Leaders mailing list