Study your flashcards anywhere!

Download the official Cram app for free >

  • Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off

How to study your flashcards.

Right/Left arrow keys: Navigate between flashcards.right arrow keyleft arrow key

Up/Down arrow keys: Flip the card between the front and back.down keyup key

H key: Show hint (3rd side).h key

A key: Read text to speech.a key


Play button


Play button




Click to flip

17 Cards in this Set

  • Front
  • Back

What is REST?

REpresentational State Transfer. A software architecture style consisting of guidelines and best practices for creating scalable web services.

4 Principles of REST

- Server returns representation of data

- resources maintained by the server are separate from the representations returned to the client

- server will return any format - not limited to the internal data structure

- Data is maintained through representation

- resources on the server are manipulated via the representations issued to the clients

- When a client holds a representation of a resource, including any metadata attached, it has enough information to modify or delete the resource

- Self-descriptive messages

- Each message describes how it should be processed

- E.g. content type (HTML, XML, JSON)

- Hypermedia as application state

- REST is stateless - no client state stored on server

- Application state is transferred using hypermedia (Hypermedia is an extension upon hypertext including audio, video and text)

- Representation should contain information to allow access to related resources (e.g. a URI to related items)

Features of REST

- Separation of concerns between UI and core business data

- Makes use of generic HTTP methods

- Stateless data representation

- Platform/language independence

- Transmission protocol independence

- Security is transmission protocol dependent

- Cachable (assuming idempotent calls)

What is SOAP?

- Simple Object Access Protocol. An XML representation of data, most often HTTP. SOAP is a successor of XML RPC.

3 SOAP characteristics

- Extensibility

- Neutrality (any transport protocol)

- Independence (any programming model)

Features of SOAP (other than 3 characteristics)

- Envelopes data (HTTP also envelopes SOAP for transmission - ends up being cumbersome)

- Relies on metadata

- Implements end-to-end processing

- SOAP cannot be cached. HTTP Soap is sent via HTTP-POST, which is non-idempotent, and thus is not cachable

- SOAP security is not transport protocol dependent

- SOAP is not self-descriptive - need WSDL to describe

What is RPC?

Remote Procedure Call. A protocol that a program can use to call a procedure on a remote machine.

Features of RPC

- Issues with platforms (Android doesn't support RPC)

- Issues with communication through firewalls

- A synchronous operation

- RPC makes it easier to develop an application that includes multiple programs distributed in a network

- Favours a structured programming style with clearly defined interfaces

- Makes a remote call look like a local one

What is a Web Service?

A Web service is a method of communication between two electronic devices over a network. RPC, REST and SOAP are examples of web services.

OWASP top 10

1. Injection

2. Broken authentication

3. Cross-site scripting

4. Insecure direct object reference

5. Security misconfiguration

6. Sensitive data exposure

7. Missing Function Level Access Control

8. Cross-Site Request Forgery

9. Using Components with Known Vulnerabilities

10. Unvalidated redirects and forwards

Top API Security Techniques

- Identification

- Authentication

- Authorisation


- Generally through API key

- Included in each API request

- API can monitor usage

- Not encrypted as default, so easily discovered - used for audit rather than security

- Stop unauthorized applications from flooding system


- Username/password

- OAuth (3rd party provides proxy authentication)

- HTTP basic authentication is easiest and most common

- Username/Password encoded using Base64

- Typically used over HTTPS

- SAML - Security Assertion Markup Language - secure distribution of public keys to clients inline with WS-security specifications


What the users can see/do. Programmed as part of application logic

API Best Practises

- Status Codes

- Rate limiting

- Documentation


Uniform Resource Indicator.


Uniform Resource Location. Location of a resource. URL can be a URI.