Cybersecurity in API development
Markula, Erik (2026)
2026
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-202605049098
https://urn.fi/URN:NBN:fi:amk-202605049098
Tiivistelmä
The objective of this thesis was to create an API for Mission Grey Inc. and examine methods for improving the security of internet-facing APIs, with a focus on commonly occurring vulnerabilities and practical mitigation strategies.
The theoretical background was based on established API security principles and the OWASP API Security Top 10, which provides a structured overview of the most critical risks affecting APIs. A practical approach was taken to demonstrate implementation details, and research was conducted mainly through literature study. Django Rest Framework was used to demonstrate how security controls can be applied in practice.
The outcome of the thesis is a set of methods and practices that can be used to improve the security of any API implementation. API for Mission Grey Inc. was created. These methods serve as a foundation for further development of a well secured API for web application use.
The theoretical background was based on established API security principles and the OWASP API Security Top 10, which provides a structured overview of the most critical risks affecting APIs. A practical approach was taken to demonstrate implementation details, and research was conducted mainly through literature study. Django Rest Framework was used to demonstrate how security controls can be applied in practice.
The outcome of the thesis is a set of methods and practices that can be used to improve the security of any API implementation. API for Mission Grey Inc. was created. These methods serve as a foundation for further development of a well secured API for web application use.