CISSP PRACTICE QUESTIONS – 20200415

Effective CISSP Questions

Which of the following operations of a RESTful API that conforms to the REpresentational State Transfer (REST) architectural style most likely suffers from misuse cases by end-users?
A. PUT
B. POST
C. GET
D. DELETE


Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is C. GET.

http_requestmessageexample

Source: documentation.Help!

API

An API (Application Programming Interface) is a set of services exposed as a communication interface to authorized applications.

  • Traditional APIs rely on the URL to submit requests, e.g., /customer/create?FirstName=Wentz&LastName=Wu. The syntax and semantics vary from API to API.
  • RESTful APIs use standard HTTP methods to manipulate data. For example, GET for query, POST for insert, PUT for modification, DELETE for delete, etc.

Misuse Cases

  • The URL address bar of a browser provides input points for end-users to modify or manipulate the URL and its parameters. It is subject to resulting in misuse cases.
  • The browser always sends the URL typed in the address bar through an HTTP request using the GET method.

However, HTTP methods, such as POST, PUT, and DELETE, are typically sent through scripts (JavaScript), applications, or hacking/diagnostic tools. It has a higher threshold for end-uses to do so.

References

Leave a Reply