REST security standards

Question

As far as I know, SOAP services have security standards recognized by OASIS and W3C, such as:

Are there any security standards for RESTful services?

Depends on whose recommendations you'd want to adhere to, but yes, [even NSA has some](http://www.nsa.gov/ia/_files/support/guidelines_implementation_rest.pdf) (PDF). There's even such chapters as _Guidance for using HEAD_ and _Consideration for use of SOAP_ :D — TildalWave, Mar 24 '14 at 00:22

score 2 · Accepted Answer · answered Mar 24 '14 at 10:53

2

OWASP has some very good guidelines concerning the security of REST services.

answered Mar 24 '14 at 10:53

Michael

The link is down. Maybe this: https://cheatsheetseries.owasp.org/cheatsheets/REST_Security_Cheat_Sheet.html – bomben May 11 '20 at 07:09

score 0 · Answer 2 · edited Oct 07 '21 at 07:18

In addition to the mentioned documents, these standards may be of your interest:

JSON Web Encryption (https://datatracker.ietf.org/doc/html/draft-ietf-jose-json-web-encryption-24) and JSON Web Signature (https://datatracker.ietf.org/doc/html/draft-ietf-jose-json-web-signature-24) are counterparts to XML Signature and XML Encryption. They are still under development, but you can already find some implementations of these standards which give you the possibility to apply crypto directly in JSON messages...
OpenID and OAuth: used for authentication and authorization purposes, similar to SAML

2 Answers2