Skip to content

nyit-vancouver/apisecurity

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

19 Commits
.idea
.idea
 
 
apiproxy
apiproxy
 
 
orderservice/src/main
orderservice/src/main
 
 
proxy.sql
proxy.sql
 
 
readMe.md
readMe.md
 
 

Repository files navigation

1, What’s the objective of this project?

The proxy module provides API security services that can prevent injection-related attacks. The users (the service provider) do not need to consider security issues in their system; they can focus on implementing functions or processes in their business. image

2, How to use it?

Step1: Configurate the IP address and port the service provider in table ‘source_match’. It will be used by the proxy server to forward requests to the service provider. image

Column description: service_name : The servlet context path of the service provider. Service_ip: The ip address of the service provider. Service_port: The port of the service provider.

Step2: Use the API provided by the proxy server instead of the service provider. For example: The API of the service provider shows below. image

While finishing the configuration in the proxy server, the user should use the api provided by the proxy server as below. image

After above settings, clients can use the API as normal, the proxy server will receive requests and analyze the parameters, and then forward those normal requests and block those malicious ones.

3, Does it work? We use the LEVO API testing tool to test if it works, follow the instructions below to test it. For more information, visit https://app.levo.ai/

Preparation: 1, LEVO uses OPENAPI as the API format, we should firstly generate the .yml file of our service. 1.1, Use Postman as an example, first export the json file of a collection. image

1.2, After the first step we will get a Json file which contains the parameters of our API. Then we need to transform the Json file to OPENAPI format file. Transform it online on this site: https://kevinswiber.github.io/postman2openapi/ Save the content as servicename.yml. image

  1. Register and login Levo account here: https://app.levo.ai/login image

  2. Select API Catalog

  • Click import new schema

  • image

  • Choose testing type, application. image

  • Choose the .yml file we generated before.

  1. Select Test Plan, click new test plan. image

  • Choose Data driven testing image

  • Choose the imported API assets

  • Click advanced test plan settings and select testing indicators in checkbox image

  • Copy LRN (Levo Resource Number) and replace it to test command image

  1. Run the application or service in docker or local developing environment. image

  2. Run test plan in Powershell

  • Install and update the Levo CLI Command 1: Function Launch_Levo {docker run --rm -v ${HOME}/.config/configstore:/home/levo/.config/configstore:rw -v ${pwd}:/home/levo/work:rw -e TERM=xterm-256color -ti levoai/levo:stable $args}

Command 2: Set-Alias -Name levo -Value Launch_Levo

Command 3: docker pull levoai/levo:stable

Command 4: levo login

Command 5: levo test --test-plan --target-url <your live API's base URL>

For example:

levo test --test-plan twang35_nyit_edu:ws/twang35:app/proxy_orderservice:tp/proxy_orderservice --target-url host.docker.internal:8080

  1. The test will start then as below. image

  2. When it is finished, we can see detailed testing result on the Levo webpage. image

About

No description, website, or topics provided.

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages