I use jwt .. imho it’s a lot safer and ease of use.

Asymmetric encryption is the best you can have currently in the encryption methods. As of today I see the threat of only quantum computers which are closest to breaking it. Apart from these you may have 3rd lib issues, Man-in-the-Middle Attacks, Social Engineering Attacks

1. SQL injection is one of the many ways of testing API's security. 2. API security testing has no limitations to websites. If a website uses an API it can be tested for security. In fact social media websites like FB & Google have higher risk of getting hacked. 3. If the security team (typically a combo of red & blue teams) should certify the application. 4. I will do a video on API security testing.

Decision table testing is particularly useful for systems with complex business logic and multiple conditions affecting outcomes. By laying out all possible combinations of inputs and corresponding actions, testers can ensure thorough and efficient testing coverage. Identify Conditions and Actions: Construct the Decision Table: Define Rules: Lemme give you a simplified insurance application system with two conditions and two actions: Conditions: Age > 18 Has a valid driver's license Actions: Approve application Require parental consent A decision table for this might look like: Rule Age > 18 Valid License Approve Application Require Parental Consent 1 Yes Yes Yes No 2 Yes No No No 3 No Yes No Yes 4 No No No Yes

Glad it was helpful!

Ans 1: Quality Assurance guys gain several benefits by examining API documentation early in the development process. Understanding Functionality, Test Planning, Early Issue Detection, Automation Opportunities, Improved Collaboration. Ans 2: Traditional API documentation is often more detailed and tailored for human readers, providing extensive explanations, tutorials, and use cases, whereas Swagger-generated documentation is more standardized and may lack the narrative depth found in traditional documentation, but it excels in providing clear and concise API definitions. Ans 3: API docx is to provide comprehensive details on API endpoints, methods, parameters, request/response formats, authentication mechanisms, and error codes & to assist developers (both internal and external) in integrating with the API, testing it, and troubleshooting issues.

JWTs ensure the integrity of the data by using digital signatures. The header of JWT specifies the signing algorithm (e.g., HMAC, RSA), and the signature is created by hashing the encoded header and payload with a secret key or private key. Upon receipt, the recipient can verify the token's integrity by recreating the signature and comparing it with the one provided in the JWT, ensuring the data hasn't been altered. Confidentiality, while not inherently provided by JWTs, can be achieved by using JSON Web Encryption or transmitting JWTs over secure channels like HTTPS. JWE encrypts the payload, ensuring only authorized parties can read it, while HTTPS encrypts the entire communication channel, protecting the JWT during transmission.

Sure. Will do

API documentation, like any other technical documentation is written by tech pubs team. Usually they take it from swagger but it is the developer of the API who should take the responsibility of making sure all the points are covered. The consumer of the API is also a developer albeit developing another application which would be using this API. The QA team takes the responsibility of Auditing the API documentation, which is the essence of this video.

I made the video on JWTs. It’ll be available on Friday at 9pm IST

Thank you

I second that. For beginners like me, this is the best format to understand

All of us would want the same 😀

May be a copy paste error 🙃

Yes it was. Copied from the previous word while making the video 🤦‍♂️

Glad it was helpful!

Thanks. Will surely do

That would be the last thing one can see 😳

Appreciate it