AAU Student Projects - visit Aalborg University's student projects portal
A master's thesis from Aalborg University
Book cover


CLOUD API SECURITY AUDIT: An Extensive Approach to API Assessment

Author

Term

4. semester

Education

Cyber Security, Master

Publication year

2023

Submitted on

Pages

51

Abstract

As more computing moves to the cloud and software relies on Application Programming Interfaces (APIs) – the rules and endpoints that let different applications exchange data over the internet – new security challenges arise. To protect organizations, it is important to systematically audit how APIs are designed and used. This thesis presents a comprehensive approach to assessing RESTful APIs, a common style for web APIs. It first explains why API security and auditing matter, outlines typical vulnerabilities that affect APIs, and sets out clear security requirements. It then reviews existing API security audit frameworks and current practices, summarizing how they approach auditing. Building on this foundation, the thesis proposes a method for assessing cloud APIs, using the defined security requirements as measurable criteria. Finally, it demonstrates the approach with an assessment of a public API and discusses the findings.

Efterhånden som flere it-tjenester flyttes til skyen, og software bruger Application Programming Interfaces (API'er) – regler og endepunkter, der lader forskellige programmer udveksle data over internettet – opstår der nye sikkerhedsudfordringer. For at beskytte virksomheder er det vigtigt systematisk at revidere (audite), hvordan API'er er designet og bliver brugt. Dette speciale præsenterer en samlet tilgang til at vurdere RESTful API'er, en udbredt måde at bygge web-API'er på. Først forklarer specialet, hvorfor API-sikkerhed og revision er vigtig, beskriver typiske sårbarheder i API'er og opstiller klare sikkerhedskrav. Dernæst gennemgår det eksisterende rammeværk for API-sikkerhedsrevision og aktuelle praksisser og sammenfatter, hvordan de griber revision an. Med dette som grundlag foreslås en omfattende metode til at vurdere cloud-API'er, hvor de definerede sikkerhedskrav bruges som målbare kriterier. Til sidst demonstreres tilgangen med en vurdering af en offentlig API, og resultaterne drøftes.

[This apstract has been rewritten with the help of AI based on the project's original abstract]

Keywords

Cloud API auditing, ; API auditing ; API audit framework ; API Security ; API Testing ; API Security Testing

Documents

Download PDF
View record in AAU Student Projects