In the world of web applications, where there are numerous request and response exchanges over HTTP, security is one of the most important cross-cutting concerns. Any unsecured service or web application can face datatampering issues.
"Whenever data is modified (destroyed, manipulated, or edited) by an unauthorized channel, it is generally called data tempering."
Data can be tampered with when it is in transit or in another place. There might be several reasons why data is tampered with—unprotected data is the most common reason in the industry. To prevent such issues, you can protect your environment and application systems. Generally, a firewall is the best way to protect your environment (server). You can protect an application by implementing an authorization mechanism.
Unfortunately, data breaches of well-known sites are commonplace these days. Taking this into account, information and application security has become critical to web applications. For the same reason, secure applications should no longer be an afterthought. Security is everyone's responsibility in an organization.
In this chapter, we will mainly be focused on security and the REST and OWASP security standards. By the end of this chapter, you will understand the concepts of authentication, single sign-on (SSO), token-based authentication, and authentication using a proxy server (such as Azure API Management). We will cover the following topics:
- OWASP standards for web security
- Securing RESTful web services
- Authentication and authorization
- Validations
- Data encryption and storing sensitive data