Which of the following affirmations is a disadvantage of using static embedded API for client authentication for a web service?
API keys require the use of a certificate issued by a commercial certification authority.
The API keys are used with asymmetric cryptography, which is slow and can adversely affect the performance of the client's application. The API keys can not be transmitted through HTTPS, so they are open to commit.
API keys can be detected and abused by the attacker.
Which of the following determines why it is important that developers implement a well-known entry validation (white list) for all API web service requests?
Known health controls ensure that all entries in the expected and valid format before processing them.
As API requests that come through the network, they should be considered unreliable.
Known-good (white) can be done much faster than checking the obviously incorrect signal.
The well-known useful input validation is the only way to prevent the injection attacks of the command (SQL), so the web service is usually integrated with the SQL database backed, this verification guarantees the integrity and confidentiality of the data. Known verification of the first entry checks to ensure that incoming requests are valid and known by your client before starting to process them, so that the original data of the intruders never processed, therefore, protect the web service.
After the Android client checks the authenticity of a web service that must be done on the server side, to ensure that the appropriate authorization checks are carried out.
For each request, which is considered more sensitive than the previous ones, to force the client to re-authenticate, so that the users can be confirmed the identity and d.
For each query, check the session token so that the client was allowed for the device and the session.
For each query, make sure that the client is authenticated and that specific Android device identified in the request is the same as for the last request.
For each consultation, make sure that the client is authenticated and that a particular client has the right to perform a specific action on specific data.
Why should Android customers perform entry validation, derived from publicly available API web service call?
As data are received from the public service network, an unreliable contribution of potential intruders should be considered.
The API interfaces available for public web services must be accessible through HTTP and HTTPS, so an attacker can change the network data, how it is transmitted from the server to the Android application.
These are often more unreliable cellular networks.
JSON objects, web services transferred transferred are not structured in the same way as soap objects, so input validation is necessary to prevent one from understanding, such as others, and potentially exposing the hidden malicious code.
Which of the following options is the main reason for web services to issue the coding of all data sent to the Android application?
The output coding eliminates the need for the customer to validate the entry, since the server has already ensured that all the data is sent to the client safely.
The output coding guarantees that an attacker who can see the network traffic can not read between the server and the client.
Exit coding is required so that the data is sent through an SSL channel.
Performance encryption ensures that the client treats all the data obtained as data and not as executable scripts.