In the previous sections, we covered in detail the various techniques for securing the RESTful services. Some of the best practices, apart from authentication and authorization, that are worth considering for securing RESTful services are listed as follows:

• A whitelist is a list of allowable actions on an entity; it is the reverse of blacklisting. It is important for a RESTful service to mention only the allowable action verbs such as GET/POST, so the other actions, even if triggered by the client, are denied.
• Validation of the URL is a must for RESTful services, as attackers tamper with the URL to perform injection attacks. Avoid encoding sensitive information in the URL.
• Ensure that the RESTful service definition includes the allowed content type.
• Ensure that the perimeter-level security is enabled using firewalls for enterprise services.
• The monitoring of the quality of service degradation helps to detect Denial-Of-Service (DOS)-type attacks.
• Not to undermine the security risks being overlooked from a coding perspective, use static code analysis tools such as Sonar to review the code for security vulnerabilities.