Learning Objectives REST Test and Security

Rest Assured

  • Be able to explain and demonstrate how one can test RESTful API’s with Rest Assured.
  • Write basic API tests to verify endpoints’ CRUD functionality and response status codes.
  • Demonstrate how to use a variety of Hamcrest matchers to write expressive assertions in Rest Assured tests.
  • Explore and demonstrate techniques for handling authentication and authorization in Rest Assured tests.

JWT (JSON Web Tokens)

  • Explain the concept of JWT (JSON Web Tokens) and its role in securing RESTful web services.
  • Show how to generate JWTs for user authentication and authorization.
  • Explore and explain the components of a JWT, including the header, payload, and signature.
  • Show how to implement JWT-based authentication and authorization in a Javalin application.
  • Demonstrate how to secure REST endpoints using JWTs to control access to resources.
  • Optional: Show how to handle token expiration and token refresh mechanisms for long-lived sessions.

Password Hashing

  • Explain why password hashing is important in securing user credentialsd, and how it works.
  • Implement password hashing and salt generation in a Javalin application using bcrypt.
  • Develop user registration and authentication mechanisms with secure password handling.
  • Demonstrate how to handle password change and reset procedures securely.
  • Identify and mitigate common password-related vulnerabilities, such as brute force attacks and rainbow table attacks.

Top

3. semester efterår 2024