API vulnerabilities: current status and dependencies Bhuiyan, Touhid; Begum, Afsana; Rahman, Sharifur ...
International journal of engineering & technology (Dubai),
03/2018, Letnik:
7, Številka:
2.3
Journal Article
Odprti dostop
Recently API (Application Programming Interface) is becoming more popular for developers. When software is designed, most of the time, developers need to use APIs to manage a specific task. ...Developers use various kinds of APIs. Some of them are built by themselves and some are used from public APIs. API is a set of functions and procedures that allows another program or application to get access to features or data. Public APIs are open in public networks; developers collect these APIs depending on their specific needs. Developers need to interact with other software, as a result, a developer can conduct specific task without authorization to access the entirety of the software. It definitely reduces our loads at the same time introduces risks. In the end every developer wants to ensure security to his/her application. Commonly used public APIs are not enough secure to provide security to confidential data. We focused on these public APIs that are commonly used by developers. We tested a set of public APIs in our security lab and we have found many vulnerabilities that are highly alarming for developers who are going to use these API. In this paper we have tried to introduce the current status of vulnerable APIs. Moreover, several relationships exist between API vulnerabilities. In this paper we have also discussed the dependencies and relationships between API vulnerabilities.
Automated API Property Inference Techniques Robillard, M. P.; Bodden, E.; Kawrykow, D. ...
IEEE transactions on software engineering,
05/2013, Letnik:
39, Številka:
5
Journal Article
Recenzirano
Odprti dostop
Frameworks and libraries offer reusable and customizable functionality through Application Programming Interfaces (APIs). Correctly using large and sophisticated APIs can represent a challenge due to ...hidden assumptions and requirements. Numerous approaches have been developed to infer properties of APIs, intended to guide their use by developers. With each approach come new definitions of API properties, new techniques for inferring these properties, and new ways to assess their correctness and usefulness. This paper provides a comprehensive survey of over a decade of research on automated property inference for APIs. Our survey provides a synthesis of this complex technical field along different dimensions of analysis: properties inferred, mining techniques, and empirical results. In particular, we derive a classification and organization of over 60 techniques into five different categories based on the type of API property inferred: unordered usage patterns, sequential usage patterns, behavioral specifications, migration mappings, and general information.
API deprecation, which enables API developers to assist API users in migration tasks, has been widely employed in API removal management. However, mismanaged API deprecation will cause unnecessary ...cost and bring negligible benefit to API users. Cost-effective investments in API deprecation become challenges for API developers. In this work, an iterative model for cost-effective investments in API deprecation is developed. The model provides a data-driven mechanism for API developers to iteratively make investments in API deprecation. A tool named AWARE (AWin–win Assistant for API REmoval management) is also developed for API developers to accurately assess the benefit from the perspective of API usage statistics. Based on the prioritized benefit, API developers can allocate appropriate resources on API deprecation. A case study is performed to evaluate the effectiveness of the iterative model with AWARE. The evaluation result shows that the cost paid by API developers can be reduced significantly while the benefit brought to API users can be increased. A win–win strategy for API deprecation can be achieved.
Two theoretical approaches have recently emerged to characterize new digital objects of study in the media landscape: infrastructure studies and platform studies. Despite their separate origins and ...different features, we demonstrate in this article how the cross-articulation of these two perspectives improves our understanding of current digital media. We use case studies of the Open Web, Facebook, and Google to demonstrate that infrastructure studies provides a valuable approach to the evolution of shared, widely accessible systems and services of the type often provided or regulated by governments in the public interest. On the other hand, platform studies captures how communication and expression are both enabled and constrained by new digital systems and new media. In these environments, platform-based services acquire characteristics of infrastructure, while both new and existing infrastructures are built or reorganized on the logic of platforms. We conclude by underlining the potential of this combined framework for future case studies.
The Directorate General of Taxes (DGT) currently utilizes Application Programming Interface (API) to enhance efficiency in tax data exchange with external parties. DGT is facing challenges due to ...the rising number of published APIs and the increasing connections from external parties to the DGT system, which necessitates a speedy API issuance process. The objective of this research is to assist the Directorate General of Taxation (DGT) in developing an integrated API management system with Continuous Integration/Continuous Deployment (CI/CD). The system design process is conducted using the Standards and Architectures for E-Government Application (SAGA) framework, encompassing Enterprise Viewpoint, Technology Viewpoint, Computational Viewpoint, Information Viewpoint, and Engineering Viewpoint. A qualitative method is employed, including interviews to gain insights into the existing issues. Additionally, information regarding systems and technologies is documented for gap analysis. The results of this analysis are then utilized to design the architecture of the API management system, applications, and technologies. This research yields a model of the API management system integrated with CI/CD at DGT. The model is developed using 3Scale and Jenkins software. Following validation, the API management system at DGT operates effectively with three DGT API systems and three API users.
With the proliferation of online developer forums, developers share their opinions about the APIs they use. The plethora of such information can present challenges to the developers to get quick but ...informed insights about the APIs. To understand the potential benefits of such API reviews, we conducted a case study of opinions in Stack Overflow using a benchmark dataset of 4,522 sentences. We observed that opinions about diverse API aspects (e.g., usability) are prevalent and offer insights that can shape developers' perception and decisions related to software development. Motivated by the finding, we built a suite of techniques to automatically mine and categorize opinions about APIs from forum posts. First, we detect opinionated sentences in the forum posts. Second, we associate the opinionated sentences to the API mentions. Third, we detect API aspects (e.g., performance, usability) in the reviews. We developed and deployed a tool called Opiner, supporting the above techniques. Opiner is available online as a search engine, where developers can search for APIs by their names to see all the aggregated opinions about the APIs that are automatically mined and summarized from developer forums.