ECP ID: 7c63467c-3adf-4538-af28-1a9d7d1abb44

API Security ECP

How Employability Centred Projects work!

This project is inspired by work undertaken by the OWASP API Security Project, which aims to address the increasing number of businesses that deploy potentially sensitive APIs as part of their software service provision. Unfortunately, many APIs do not undergo  rigorous security testing that would help to improve their security.

About this ECP

This project is inspired by work undertaken by the OWASP API Security Project, which aims to address the increasing number of businesses that deploy potentially sensitive APIs as part of their software service provision. Unfortunately, many APIs do not undergo  rigorous security testing that would help to improve their security.

ECP Description

APIs are a ubiquitous feature of modern web applications. However, designing APIs so that they are secure, is very challenging.
(https://www.cl.cam.ac.uk/~rja14/Papers/SEv2-c18.pdf). Subsequently, APIs are popular attack surface for malicious parties who seek to compromise web applications and more broadly, the organisations that run them.

ECP Designator

The project designators for this ECP are:

  • Dr Charles Clarke (University of Roehampton)

  • Professor Graeme Jones (Kingston University)

ECP Aims

The aim of this project is to investigate, procure, document and test case API security best practices.

ECP Objectives
  • Implement requirements engineering processes to elicit both functional and non-functional requirements for this project.

  • Research, review and collate API security links, resources, and tools.

  • Elicit input from API developers.

  • Establish a structure for collating research artefacts in the shared project space.

  • Create a report, video or presentation that presents a narrative of API security.

  • Evaluate the utility of the report, video or presentation with developers as part of a test plan.

  • Create examples of before and after best practices within a virtualised test rig.

  • Create a debrief report of the project and its outcomes

Indicative Technologies

Keywords: API; Cloud Computing; Docker, Virtual Machines; 

ECP Resources and Links

API Security ECP

Thank you for your interest in proposing a DevLab. We will contact to to discuss your proposal further.

Apply for this ECP