Modelo de una interfaz de programación de aplicaciones REST utilizando GO basado en normas y principios de seguridad de la información y aplicaciones web.

Abstract

The present research work aims to provide a safe and pragmatic model for REST API with best practices, for modern web applications, using the GO programming language. The research shows an analysis of the main vulnerabilities to protect an Application Programming Interface. In addition, a study of the norms, standards and information security guides to build a model that will serve as a reference to develop more secure web applications. To check the validity of the model, a vulnerability scan was performed in PROTOTYPE I (without model) and PROTOTYPE II (using the model). A 53.33% was observed in prototype I and 2.77% in prototype II, showing an improvement in safety in prototype II of 50.36% with respect to the results obtained from prototype I. To verify the hypothesis, the Statistical Student's T test. The result, an obvious improvement in API security. In conclusion, the model based on the use of norms, standards and good practices is a model that provides guidelines to build Application Programming Interfaces with greater security, therefore, the use of the model is recommended for the implementation of REST APIs. using the GO programming language. It is important to know that security is a process, not a product, therefore, it is recommended to use standards and / or good practices throughout the life cycle of the software, monitor it and give it maintenance during its useful life. Finally, always know the business rules and the relationship between resources, have the software updated, stay up-to-date on vulnerabilities in the Common Vulnerabilities and Exposures (CVE) database, National Vulnerability Database (NVD), computer security issues and above all never stop investigating.