Exploring Security Practices in OpenAPIs

Istituto del software

Data: 7 Dicembre 2023 / 16:30 - 17:30

USI Campus Est, room D1.15, Sector D

Diana Carolina Muñoz Hurtado

Security is an integral requirement of any software development project, particularly critical for application programming interfaces (APIs). In this presentation I will introduce how different API security schemes are described using OpenAPI, an emerging interface description language for Web APIs. We will then observe how developers adopt basic API security practices and patterns (such as API keys) by analysing a large database of OpenAPI artefacts. We will not only discuss the most common security schemes that developers have adopted, but also track which API become more (or less) secure over time.

I am a Ph.D student in the DESIGN (Architecture, Design and Web Information Systems Engineering) research group at the software institute USI, Lugano, supervised by Prof. Dr Cessare Pautasso. In 2022 I receive my Master’s degree in Software Engineering from the Pontificia Universidad Javeriana from Colombia. I worked for 4 years as a Technical Consultant in ACI Worldwide a company that developed software for electronic payments. My currently research focuses on study security practices and patterns for application programming interfaces (APIs).

Chair: Tahereh Zohdinasab

In February 2019, the Software Institute started its SI Seminar Series. Every Thursday afternoon, a researcher of the Institute will publicly give a short talk on a software engineering argument of their choice. Examples include, but are not limited to novel interesting papers, seminal papers, personal research overview, discussion of preliminary research ideas, tutorials, and small experiments.
On our YouTube playlist you can watch some of the past seminars. On the SI website you can find more details on the next seminar, the upcoming seminars, and an archive of the past speakers.