Scribd
Upload
11 views14 pages

CAPIE - Chapter 1.4 - API Architectures

The document provides an overview of API architecture, emphasizing the importance of understanding various architectures for effective pentesting and API design. It covers topics such as monolithic vs microservices architectures, API gateways, serverless architectures, GraphQL, API composition, stateful vs stateless APIs, versioning, WebSockets, rate limiting, caching mechanisms, containerization, and logging. Each section discusses definitions, pros and cons, security implications, and best practices relevant to API development and deployment.

Uploaded by

sajana
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
11 views14 pages

CAPIE - Chapter 1.4 - API Architectures

The document provides an overview of API architecture, emphasizing the importance of understanding various architectures for effective pentesting and API design. It covers topics such as monolithic vs microservices architectures, API gateways, serverless architectures, GraphQL, API composition, stateful vs stateless APIs, versioning, WebSockets, rate limiting, caching mechanisms, containerization, and logging. Each section discusses definitions, pros and cons, security implications, and best practices relevant to API development and deployment.

Uploaded by

sajana
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 14

1.

4 API
Architectures
1. Introduction to api architecture

● Why understanding architecture is vital for


effective pentesting & API design.

2
2. Monolithic v microservices architecture

● Definitions and primary distinctions.


● Pros & cons of each, especially from a security
perspective.

3
3. Api gateway

● Role & purpose in modern API architectures.


● Features: Request routing, rate limiting,
caching etc.
● Security implications & benefits.

4
4. Serverless architecture & api’s

● Introduction to serverless/FaaS(function as a
service)
● Platforms like AWS Lamdba, Azure functions.
● Security considerations specific to serverless.

5
5. GraphQl architecture

● Overview and how it works.


● Resolvers, Queries & Mutations.
● Potential vulnerabilities like batch query
attacks.

6
6. Api composition

● The idea of combining multiple API calls into a single


response.
● Backend-for-Frontend (BFF) pattern.
● Implications for performance & security.

7
7. Statefull v Stateless api’s

● Definitions & distinctions.


● Importance of state management.
● Security concerns associated with each.

8
8. Api versioning

● Why versioning is important.


● Common strategies: URI, header, parameter
versioning.
● The security implication of maintaining old API
versions.

9
9. Websockets & api architecture

● Introduction to WebSocket protocol.


● How WebSockets differ from traditional HTTP/REST.
● Use cases & security considerations.

10
10. Rate limiting & throttling

● Importance in API architectures.


● Strategies & their implications.
● Role in maintaining API’s health & security.

11
11. Caching mechanisms in api’s

● Benefits of caching for performance.


● Risks: Stale data, cache poisoning.
● Secure caching practises.

12
12. Containerization & api deployment

● Brief introduction to containers (e.g. Docker).


● Benefits & potential security risks.
● Importance of secure container orchestration(e.g.
kubernetes).

13
13. Logging & monitoring in api architecture

● Why it’s vital for security & diagnostics.


● What to loag & what not to.
● Risks: Sensitive data in logs, inadequate logging.

14

You might also like