O'Reilly logo

Pro PHP Security: From Application Security Principles to the Implementation of XSS Defenses, Second Edition by Thomas Myer, Michael Southwell, Chris Snyder

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

REST Security

The best thing about REST is its lightweight approach to exposing APIs and resources. Typically, if you want to allow an application to list out the contents of a database table (for example), you can provide a RESTful address that accepts a GET request and then reply with a JSON or XML string.

For example, http://example.com/events/today/ is the address, and hitting it with a GET request will spill out all the events occurring today at a certain locale. The requesting application sends the request and receives a JSON document with the requested information.

The bad thing about this approach is that the stack that REST relies on is pretty much absent any meaningful security support. If you want to create a more secure REST service, ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required