[Owasp-leaders] REST Security - HELP!

vanderaj vanderaj vanderaj at owasp.org
Mon Nov 26 13:42:03 UTC 2012


Go for it, valid point. :)

On Tue, Nov 27, 2012 at 12:12 AM, Erlend Oftedal <Erlend.Oftedal at bekk.no> wrote:
> I'd like us to keep a section on using Authorization headers. REST services are used both browser-to-server and server-to-server. Twitter which is used as an example, supports OAuth which is not session/cookie-based, but is using the Authorization header together which signed values, nonces and timestamps to avoid forgery. Amazon S3 has similar ways of creating signed requests without involving sessions.
>
> Best regards
> Erlend
>
>
> ________________________________________
> Fra: vanderaj vanderaj [vanderaj at owasp.org]
> Sendt: 26. november 2012 13:03
> To: Erlend Oftedal
> Cc: Jim Manico; owasp-leaders at lists.owasp.org
> Emne: Re: [Owasp-leaders] REST Security - HELP!
>
> I've given it a jolly good update. Please check it out.
>
> Improvements welcome.
>
> thanks,
> Andrew
>
> On Mon, Nov 26, 2012 at 8:29 PM, Erlend Oftedal <Erlend.Oftedal at bekk.no> wrote:
>> I've added quite a few bits to it now.
>>
>> Best regards,
>> Erlend oftedal
>>
>>
>> ________________________________________
>> Fra: owasp-leaders-bounces at lists.owasp.org [owasp-leaders-bounces at lists.owasp.org] på vegne av Jim Manico [jim.manico at owasp.org]
>> Sendt: 26. november 2012 00:19
>> To: vanderaj vanderaj
>> Cc: owasp-leaders at lists.owasp.org
>> Emne: Re: [Owasp-leaders] REST Security - HELP!
>>
>>  >I will take this on, as it's relevant to my interests ... today :)
>>
>> So does that mean you will have it done today, Andrew?
>>
>> *wink*
>>
>> Thanks for your help. :)
>>
>> Aloha,
>> Jim
>>
>>
>>> I will take this on, as it's relevant to my interests ... today :)
>>>
>>> thanks
>>> Andrew
>>>
>>> On Mon, Nov 26, 2012 at 10:05 AM, Jim Manico <jim.manico at owasp.org> wrote:
>>>> Leaders,
>>>>
>>>> Go Google "REST Security" and the OWASP Cheat Sheet on REST security pops up
>>>> first. Unfortunately this cheat sheet is very minimal and in DRAFT mode!
>>>>
>>>> https://www.owasp.org/index.php/REST_Security_Cheat_Sheet
>>>>
>>>> Help!
>>>>
>>>> Does anyone with a solid understanding of REST Security from a defense point
>>>> of view care to jump in and help complete this cheat sheet on REST Security?
>>>>
>>>> This does NOT have to be a comprehensive guide, just a "cheat" that
>>>> describes the most important defenses.
>>>>
>>>> Thanks all,
>>>>
>>>> Jim Manico
>>>> @Manicode
>>>> OWASP Volunteer
>>>> _______________________________________________
>>>> OWASP-Leaders mailing list
>>>> OWASP-Leaders at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders


More information about the OWASP-Leaders mailing list