Migrating to a microservices from old an monolithic application is gaining traction and has become a trend. Most organizations are encouraging developers to create APIs that can help them to achieve digital transformation goals. If you have a complex system to develop but you need to deliver quickly and iteratively over a long period, then going with APIs is a good choice. Now, the question is: How do you secure these APIs? Securing APIs should start from the beginning — from design itself. Below are some patterns that can help secure your APIs.
1. Secure Coding
Developers should think about writing secure code at the beginning. If we follow OWASP (Open Web Application Security Project) guidelines, tools, and training, almost 85% of code vulnerabilities can be fixed. It is very important to validate each and every input that my application receives. For example, let's say my API is accepting name as string parameter and doing some business logic. Instead of just looking for name as not null, make sure to look for a specific pattern, like that name will contain only characters or numbers. This will rule out any pattern which might use for SQL injection.