Memo 1: Web Security Concerns for the First MotionAPI Beta-Release

This memo collects various resources concerning web security, and lays a foundation for the security of the MotionAPI developed for the BRACE2 project.

The MotionAPI currently uses JWT authentication tokens that are created in-house and tightly controlled.

The following resources may be useful for further assessing the security of the MotionAPI and other web services which may be incorporated into the BRACE2 project.

• OWASP Application Security Verification Standard
• NIST Guide to Secure Web Services
• Best practices
• 4 Most Used REST API Authentication Methods
• Choosing an Authentication Method
• Why and when to use API keys