From 8ed874d4ea63b86c5d974f3b83d3956691f0fcbb Mon Sep 17 00:00:00 2001 From: Dan Holdsworth Date: Thu, 9 May 2024 09:20:19 +0100 Subject: [PATCH] fix typo in input section of API Security Best Practice Roadmap --- .../api-security/api-security.json | 4378 ++++++++++++++++- 1 file changed, 4377 insertions(+), 1 deletion(-) diff --git a/src/data/best-practices/api-security/api-security.json b/src/data/best-practices/api-security/api-security.json index 4082577a1..0769f1263 100644 --- a/src/data/best-practices/api-security/api-security.json +++ b/src/data/best-practices/api-security/api-security.json @@ -1 +1,4377 @@ -{"mockup":{"controls":{"control":[{"ID":"11608","typeID":"Arrow","zOrder":"0","w":"1","h":"81","measuredW":"150","measuredH":"100","x":"814","y":"2213","properties":{"curvature":"0","leftArrow":"false","rightArrow":"false","stroke":"dotted","color":"10027263","p0":{"x":0,"y":0},"p1":{"x":0.49999999999999994,"y":0},"p2":{"x":0,"y":81.09090909090901}}},{"ID":"11609","typeID":"Arrow","zOrder":"1","w":"1","h":"90","measuredW":"150","measuredH":"100","x":"1118","y":"1856","properties":{"curvature":"0","leftArrow":"false","rightArrow":"false","color":"4273622","stroke":"dotted","p0":{"x":0,"y":-0.48484848484849863},"p1":{"x":0.5,"y":0},"p2":{"x":0,"y":89.20412121212144}}},{"ID":"11610","typeID":"Arrow","zOrder":"2","w":"606","h":"1","measuredW":"150","measuredH":"100","x":"816","y":"1855","properties":{"curvature":"0","leftArrow":"false","rightArrow":"false","p0":{"x":0.4393939393939945,"y":0},"p1":{"x":0.499957866859274,"y":0.000355669369753909},"p2":{"x":606.8787878787878,"y":0},"color":"4273622"}},{"ID":"11612","typeID":"Arrow","zOrder":"3","w":"726","h":"1","measuredW":"150","measuredH":"100","x":"816","y":"708","properties":{"curvature":"0","leftArrow":"false","rightArrow":"false","color":"4273622","p0":{"x":-0.2686368305519409,"y":0},"p1":{"x":0.5001077701859017,"y":0.0003391382343339101},"p2":{"x":725.5310311167375,"y":0}}},{"ID":"11613","typeID":"Arrow","zOrder":"4","w":"588","h":"1","measuredW":"150","measuredH":"100","x":"225","y":"413","properties":{"curvature":"0","leftArrow":"false","rightArrow":"false","color":"4273622","p0":{"x":0,"y":0},"p1":{"x":0.4999449522687746,"y":0.0003335799224988863},"p2":{"x":588,"y":0}}},{"ID":"11614","typeID":"Canvas","zOrder":"5","w":"189","h":"50","measuredW":"100","measuredH":"70","x":"394","y":"389","properties":{"color":"16776960"}},{"ID":"11617","typeID":"Label","zOrder":"8","measuredW":"175","measuredH":"40","x":"726","y":"226","properties":{"size":"32","text":"API Security"}},{"ID":"11618","typeID":"Canvas","zOrder":"9","w":"361","h":"150","measuredW":"100","measuredH":"70","x":"1099","y":"158"},{"ID":"11619","typeID":"Label","zOrder":"10","measuredW":"332","measuredH":"26","x":"1115","y":"176","properties":{"text":"Find the detailed version of this checklist","size":"18"}},{"ID":"11620","typeID":"Label","zOrder":"11","measuredW":"318","measuredH":"26","x":"1115","y":"204","properties":{"size":"18","text":"With details on how to implement these"}},{"ID":"11621","typeID":"__group__","zOrder":"12","measuredW":"329","measuredH":"51","w":"329","h":"51","x":"1115","y":"240","properties":{"controlName":"ext_link:roadmap.sh"},"children":{"controls":{"control":[{"ID":"0","typeID":"Canvas","zOrder":"0","w":"329","h":"51","measuredW":"100","measuredH":"70","x":"0","y":"0","properties":{"color":"4273622","borderColor":"4273622"}},{"ID":"1","typeID":"Label","zOrder":"1","measuredW":"172","measuredH":"28","x":"79","y":"12","properties":{"color":"16777215","size":"20","text":"https://roadmap.sh"}}]}}},{"ID":"11622","typeID":"Canvas","zOrder":"13","w":"373","h":"169","measuredW":"100","measuredH":"70","x":"216","y":"148"},{"ID":"11623","typeID":"__group__","zOrder":"14","measuredW":"189","measuredH":"27","w":"189","h":"27","x":"246","y":"222","properties":{"controlName":"ext_link:roadmap.sh/backend"},"children":{"controls":{"control":[{"ID":"0","typeID":"Label","zOrder":"0","measuredW":"156","measuredH":"26","x":"33","y":"0","properties":{"size":"18","text":"Backend Roadmap"}},{"ID":"1","typeID":"__group__","zOrder":"1","measuredW":"24","measuredH":"24","w":"24","h":"24","x":"0","y":"3","children":{"controls":{"control":[{"ID":"0","typeID":"Icon","zOrder":"0","measuredW":"24","measuredH":"24","x":"0","y":"0","properties":{"color":"16777215","icon":{"ID":"circle","size":"small"}}},{"ID":"1","typeID":"Icon","zOrder":"1","measuredW":"24","measuredH":"24","x":"0","y":"0","properties":{"color":"10066329","icon":{"ID":"check-circle","size":"small"}}}]}}}]}}},{"ID":"11624","typeID":"__group__","zOrder":"15","measuredW":"183","measuredH":"27","w":"183","h":"27","x":"246","y":"258","properties":{"controlName":"ext_link:roadmap.sh/devops"},"children":{"controls":{"control":[{"ID":"0","typeID":"Label","zOrder":"0","measuredW":"150","measuredH":"26","x":"33","y":"0","properties":{"size":"18","text":"DevOps Roadmap"}},{"ID":"1","typeID":"__group__","zOrder":"1","measuredW":"24","measuredH":"24","w":"24","h":"24","x":"0","y":"3","children":{"controls":{"control":[{"ID":"0","typeID":"Icon","zOrder":"0","measuredW":"24","measuredH":"24","x":"0","y":"0","properties":{"color":"16777215","icon":{"ID":"circle","size":"small"}}},{"ID":"1","typeID":"Icon","zOrder":"1","measuredW":"24","measuredH":"24","x":"0","y":"0","properties":{"color":"10066329","icon":{"ID":"check-circle","size":"small"}}}]}}}]}}},{"ID":"11625","typeID":"Label","zOrder":"16","measuredW":"209","measuredH":"32","x":"246","y":"172","properties":{"size":"24","text":"Related Roadmaps"}},{"ID":"11626","typeID":"Arrow","zOrder":"17","w":"1","h":"76","measuredW":"150","measuredH":"100","x":"812","y":"134","properties":{"curvature":"0","leftArrow":"false","rightArrow":"false","p0":{"x":0,"y":0},"p1":{"x":0.49999999999999994,"y":0},"p2":{"x":0,"y":76.17275043077757},"stroke":"dotted","color":"10027263"}},{"ID":"11705","typeID":"Label","zOrder":"18","measuredW":"130","measuredH":"28","x":"424","y":"400","properties":{"size":"20","text":"Authentication"}},{"ID":"11706","typeID":"Arrow","zOrder":"19","w":"1","h":"1929","measuredW":"150","measuredH":"100","x":"814","y":"287","properties":{"curvature":"0","leftArrow":"false","rightArrow":"false","color":"4273622","p0":{"x":0,"y":-0.48484848484849863},"p1":{"x":0.4999999999999999,"y":0},"p2":{"x":0,"y":1928.151515151515}}},{"ID":"11708","typeID":"Canvas","zOrder":"36","w":"281","h":"50","measuredW":"100","measuredH":"70","x":"1000","y":"388","properties":{"color":"16776960"}},{"ID":"11709","typeID":"Label","zOrder":"37","measuredW":"218","measuredH":"28","x":"1032","y":"399","properties":{"size":"20","text":"JWT (JSON Web Token)"}},{"ID":"11710","typeID":"Canvas","zOrder":"20","w":"252","h":"50","measuredW":"100","measuredH":"70","x":"1015","y":"683","properties":{"color":"16776960"}},{"ID":"11711","typeID":"Label","zOrder":"21","measuredW":"55","measuredH":"28","x":"1113","y":"694","properties":{"size":"20","text":"OAuth"}},{"ID":"11719","typeID":"Canvas","zOrder":"22","w":"272","h":"50","measuredW":"100","measuredH":"70","x":"995","y":"1830","properties":{"color":"4273622","borderColor":"4273622"}},{"ID":"11720","typeID":"Label","zOrder":"23","measuredW":"151","measuredH":"28","x":"1055","y":"1841","properties":{"size":"20","text":"More Resources","color":"16777215"}},{"ID":"11724","typeID":"TextArea","zOrder":"25","w":"438","h":"118","measuredW":"200","measuredH":"140","x":"595","y":"2127"},{"ID":"11725","typeID":"Label","zOrder":"26","measuredW":"366","measuredH":"25","x":"631","y":"2146","properties":{"size":"17","text":"Continue Learning with following relevant tracks"}},{"ID":"11726","typeID":"__group__","zOrder":"27","measuredW":"198","measuredH":"44","w":"198","h":"44","x":"818","y":"2183","properties":{"controlName":"ext_link:roadmap.sh/devops"},"children":{"controls":{"control":[{"ID":"0","typeID":"TextArea","zOrder":"0","w":"198","h":"44","measuredW":"200","measuredH":"140","x":"0","y":"0","properties":{"color":"16770457"}},{"ID":"1","typeID":"Label","zOrder":"1","measuredW":"141","measuredH":"25","x":"28","y":"10","properties":{"size":"17","text":"DevOps Roadmap"}}]}}},{"ID":"11727","typeID":"__group__","zOrder":"28","measuredW":"198","measuredH":"44","w":"198","h":"44","x":"610","y":"2183","properties":{"controlName":"ext_link:roadmap.sh/backend"},"children":{"controls":{"control":[{"ID":"0","typeID":"TextArea","zOrder":"0","w":"198","h":"44","measuredW":"200","measuredH":"140","x":"0","y":"0","properties":{"color":"16770457"}},{"ID":"1","typeID":"Label","zOrder":"1","measuredW":"147","measuredH":"25","x":"24","y":"10","properties":{"size":"17","text":"Backend Roadmap"}}]}}},{"ID":"11738","typeID":"Arrow","zOrder":"35","w":"653","h":"1","measuredW":"150","measuredH":"100","x":"814","y":"413","properties":{"curvature":"0","leftArrow":"false","rightArrow":"false","color":"4273622","p0":{"x":0,"y":0},"p1":{"x":0.4999449522687745,"y":0.0003335799224988863},"p2":{"x":652.5,"y":0}}},{"ID":"11749","typeID":"Arrow","zOrder":"48","w":"620","h":"1","measuredW":"150","measuredH":"100","x":"193","y":"708","properties":{"curvature":"0","leftArrow":"false","rightArrow":"false","color":"4273622","p0":{"x":0.23125640404211367,"y":0},"p1":{"x":0.49994495226877456,"y":0.0003335799224988863},"p2":{"x":620.5,"y":0}}},{"ID":"11750","typeID":"Canvas","zOrder":"49","w":"264","h":"50","measuredW":"100","measuredH":"70","x":"357","y":"683","properties":{"color":"16776960"}},{"ID":"11751","typeID":"Label","zOrder":"50","measuredW":"136","measuredH":"28","x":"421","y":"694","properties":{"size":"20","text":"Access Control"}},{"ID":"11770","typeID":"Arrow","zOrder":"69","w":"620","h":"1","measuredW":"150","measuredH":"100","x":"193","y":"1046","properties":{"curvature":"0","leftArrow":"false","rightArrow":"false","color":"4273622","p0":{"x":0.23125640404211367,"y":0},"p1":{"x":0.49994495226877456,"y":0.0003335799224988863},"p2":{"x":620.5,"y":0}}},{"ID":"11771","typeID":"Canvas","zOrder":"70","w":"264","h":"50","measuredW":"100","measuredH":"70","x":"357","y":"1021","properties":{"color":"16776960"}},{"ID":"11772","typeID":"Label","zOrder":"71","measuredW":"47","measuredH":"28","x":"465","y":"1032","properties":{"size":"20","text":"Input"}},{"ID":"11787","typeID":"Arrow","zOrder":"84","w":"726","h":"1","measuredW":"150","measuredH":"100","x":"816","y":"978","properties":{"curvature":"0","leftArrow":"false","rightArrow":"false","color":"4273622","p0":{"x":-0.2686368305519409,"y":0},"p1":{"x":0.5001077701859017,"y":0.0003391382343339101},"p2":{"x":725.5310311167375,"y":0}}},{"ID":"11788","typeID":"Canvas","zOrder":"85","w":"252","h":"50","measuredW":"100","measuredH":"70","x":"1015","y":"953","properties":{"color":"16776960"}},{"ID":"11789","typeID":"Label","zOrder":"86","measuredW":"101","measuredH":"28","x":"1090","y":"964","properties":{"size":"20","text":"Processing"}},{"ID":"11817","typeID":"Arrow","zOrder":"105","w":"620","h":"1","measuredW":"150","measuredH":"100","x":"193","y":"1410","properties":{"curvature":"0","leftArrow":"false","rightArrow":"false","color":"4273622","p0":{"x":0.23125640404211367,"y":0},"p1":{"x":0.49994495226877456,"y":0.0003335799224988863},"p2":{"x":620.5,"y":0}}},{"ID":"11818","typeID":"Canvas","zOrder":"106","w":"264","h":"50","measuredW":"100","measuredH":"70","x":"357","y":"1385","properties":{"color":"16776960"}},{"ID":"11819","typeID":"Label","zOrder":"107","measuredW":"62","measuredH":"28","x":"458","y":"1396","properties":{"size":"20","text":"Output"}},{"ID":"11844","typeID":"Arrow","zOrder":"122","w":"726","h":"1","measuredW":"150","measuredH":"100","x":"816","y":"1503","properties":{"curvature":"0","leftArrow":"false","rightArrow":"false","color":"4273622","p0":{"x":-0.2686368305519409,"y":0},"p1":{"x":0.5001077701859017,"y":0.0003391382343339101},"p2":{"x":725.5310311167375,"y":0}}},{"ID":"11845","typeID":"Canvas","zOrder":"123","w":"252","h":"50","measuredW":"100","measuredH":"70","x":"1015","y":"1478","properties":{"color":"16776960"}},{"ID":"11846","typeID":"Label","zOrder":"124","measuredW":"74","measuredH":"28","x":"1104","y":"1489","properties":{"size":"20","text":"CI & CD"}},{"ID":"11873","typeID":"Arrow","zOrder":"135","w":"620","h":"1","measuredW":"150","measuredH":"100","x":"191","y":"1814","properties":{"curvature":"0","leftArrow":"false","rightArrow":"false","color":"4273622","p0":{"x":0.23125640404211367,"y":0},"p1":{"x":0.49994495226877456,"y":0.0003335799224988863},"p2":{"x":620.5,"y":0}}},{"ID":"11874","typeID":"Canvas","zOrder":"136","w":"264","h":"50","measuredW":"100","measuredH":"70","x":"355","y":"1789","properties":{"color":"16776960"}},{"ID":"11875","typeID":"Label","zOrder":"137","measuredW":"97","measuredH":"28","x":"438","y":"1800","properties":{"size":"20","text":"Monitoring"}},{"ID":"11894","typeID":"__group__","zOrder":"7","measuredW":"472","measuredH":"28","w":"472","h":"28","x":"260","y":"472","properties":{"controlName":"use-standard-authentication"},"children":{"controls":{"control":[{"ID":"0","typeID":"Label","zOrder":"0","measuredW":"472","measuredH":"28","x":"0","y":"0","properties":{"size":"20","text":"Avoid ‘Basic Authentication’, use standard (e.g. JWT)"}}]}}},{"ID":"11895","typeID":"__group__","zOrder":"30","measuredW":"510","measuredH":"28","w":"510","h":"28","x":"260","y":"514","properties":{"controlName":"authentication-mechanisms"},"children":{"controls":{"control":[{"ID":"0","typeID":"Label","zOrder":"0","measuredW":"510","measuredH":"28","x":"0","y":"0","properties":{"size":"20","text":"Do not reinvent the wheel in authentication mechanisms."}}]}}},{"ID":"11896","typeID":"__group__","zOrder":"32","measuredW":"378","measuredH":"28","w":"378","h":"28","x":"260","y":"555","properties":{"controlName":"max-retry-jail"},"children":{"controls":{"control":[{"ID":"0","typeID":"Label","zOrder":"0","measuredW":"378","measuredH":"28","x":"0","y":"0","properties":{"size":"20","text":" Use `Max Retry’ and jail features in Login."}}]}}},{"ID":"11897","typeID":"__group__","zOrder":"34","measuredW":"325","measuredH":"28","w":"325","h":"28","x":"261","y":"596","properties":{"controlName":"sensitive-data-encryption"},"children":{"controls":{"control":[{"ID":"0","typeID":"Label","zOrder":"0","measuredW":"325","measuredH":"28","x":"0","y":"0","properties":{"size":"20","text":"Use encryption on all sensitive data."}}]}}},{"ID":"11898","typeID":"__group__","zOrder":"6","measuredW":"30","measuredH":"30","w":"30","h":"30","x":"214","y":"471","properties":{"controlName":"check:use-standard-authentication"},"children":{"controls":{"control":[{"ID":"0","typeID":"TextArea","zOrder":"0","w":"30","h":"30","measuredW":"200","measuredH":"140","x":"0","y":"0"}]}}},{"ID":"11899","typeID":"__group__","zOrder":"29","measuredW":"30","measuredH":"30","w":"30","h":"30","x":"214","y":"513","properties":{"controlName":"check:authentication-mechanisms"},"children":{"controls":{"control":[{"ID":"0","typeID":"TextArea","zOrder":"0","w":"30","h":"30","measuredW":"200","measuredH":"140","x":"0","y":"0"}]}}},{"ID":"11900","typeID":"__group__","zOrder":"31","measuredW":"30","measuredH":"30","w":"30","h":"30","x":"214","y":"554","properties":{"controlName":"check:max-retry-jail"},"children":{"controls":{"control":[{"ID":"0","typeID":"TextArea","zOrder":"0","w":"30","h":"30","measuredW":"200","measuredH":"140","x":"0","y":"0"}]}}},{"ID":"11901","typeID":"__group__","zOrder":"33","measuredW":"30","measuredH":"30","w":"30","h":"30","x":"215","y":"595","properties":{"controlName":"check:sensitive-data-encryption"},"children":{"controls":{"control":[{"ID":"0","typeID":"TextArea","zOrder":"0","w":"30","h":"30","measuredW":"200","measuredH":"140","x":"0","y":"0"}]}}},{"ID":"11902","typeID":"__group__","zOrder":"39","measuredW":"527","measuredH":"28","w":"527","h":"28","x":"906","y":"471","properties":{"controlName":"good-jwt-secret"},"children":{"controls":{"control":[{"ID":"0","typeID":"Label","zOrder":"0","measuredW":"527","measuredH":"28","x":"0","y":"0","properties":{"size":"20","text":"Use good `JWT Secret` to make brute force attacks difficult"}}]}}},{"ID":"11903","typeID":"__group__","zOrder":"38","measuredW":"30","measuredH":"30","w":"30","h":"30","x":"860","y":"469","properties":{"controlName":"check:good-jwt-secret"},"children":{"controls":{"control":[{"ID":"0","typeID":"TextArea","zOrder":"0","w":"30","h":"30","measuredW":"200","measuredH":"140","x":"0","y":"0"}]}}},{"ID":"11904","typeID":"__group__","zOrder":"41","measuredW":"526","measuredH":"28","w":"526","h":"28","x":"907","y":"513","properties":{"controlName":"jwt-algorithm"},"children":{"controls":{"control":[{"ID":"0","typeID":"Label","zOrder":"0","measuredW":"526","measuredH":"28","x":"0","y":"0","properties":{"size":"20","text":"Do not extract the algorithm from the header, use backend"}}]}}},{"ID":"11905","typeID":"__group__","zOrder":"40","measuredW":"30","measuredH":"30","w":"30","h":"30","x":"861","y":"512","properties":{"controlName":"check:jwt-algorithm"},"children":{"controls":{"control":[{"ID":"0","typeID":"TextArea","zOrder":"0","w":"30","h":"30","measuredW":"200","measuredH":"140","x":"0","y":"0"}]}}},{"ID":"11906","typeID":"__group__","zOrder":"43","measuredW":"499","measuredH":"28","w":"499","h":"28","x":"907","y":"554","properties":{"controlName":"token-expiry"},"children":{"controls":{"control":[{"ID":"0","typeID":"Label","zOrder":"0","measuredW":"499","measuredH":"28","x":"0","y":"0","properties":{"size":"20","text":"Make token expiration (TTL, RTTL) as short as possible"}}]}}},{"ID":"11907","typeID":"__group__","zOrder":"42","measuredW":"30","measuredH":"30","w":"30","h":"30","x":"861","y":"553","properties":{"controlName":"check:token-expiry"},"children":{"controls":{"control":[{"ID":"0","typeID":"TextArea","zOrder":"0","w":"30","h":"30","measuredW":"200","measuredH":"140","x":"0","y":"0"}]}}},{"ID":"11908","typeID":"__group__","zOrder":"45","measuredW":"389","measuredH":"28","w":"389","h":"28","x":"907","y":"595","properties":{"controlName":"jwt-payload"},"children":{"controls":{"control":[{"ID":"0","typeID":"Label","zOrder":"0","measuredW":"389","measuredH":"28","x":"0","y":"0","properties":{"size":"20","text":"Avoid storing sensitive data in JWT payload"}}]}}},{"ID":"11909","typeID":"__group__","zOrder":"44","measuredW":"30","measuredH":"30","w":"30","h":"30","x":"861","y":"594","properties":{"controlName":"check:jwt-payload"},"children":{"controls":{"control":[{"ID":"0","typeID":"TextArea","zOrder":"0","w":"30","h":"30","measuredW":"200","measuredH":"140","x":"0","y":"0"}]}}},{"ID":"11910","typeID":"__group__","zOrder":"47","measuredW":"536","measuredH":"28","w":"536","h":"28","x":"907","y":"636","properties":{"controlName":"payload-size"},"children":{"controls":{"control":[{"ID":"0","typeID":"Label","zOrder":"0","measuredW":"536","measuredH":"28","x":"0","y":"0","properties":{"size":"20","text":"Keep the payload small to reduce the size of the JWT token"}}]}}},{"ID":"11911","typeID":"__group__","zOrder":"46","measuredW":"30","measuredH":"30","w":"30","h":"30","x":"861","y":"635","properties":{"controlName":"check:payload-size"},"children":{"controls":{"control":[{"ID":"0","typeID":"TextArea","zOrder":"0","w":"30","h":"30","measuredW":"200","measuredH":"140","x":"0","y":"0"}]}}},{"ID":"11912","typeID":"__group__","zOrder":"52","measuredW":"489","measuredH":"28","w":"489","h":"28","x":"262","y":"781","properties":{"controlName":"throttle-requests"},"children":{"controls":{"control":[{"ID":"0","typeID":"Label","zOrder":"0","measuredW":"489","measuredH":"28","x":"0","y":"0","properties":{"size":"20","text":"Limit requests (throttling) to avoid DDoS / Brute Force"}}]}}},{"ID":"11913","typeID":"__group__","zOrder":"51","measuredW":"30","measuredH":"30","w":"30","h":"30","x":"216","y":"779","properties":{"controlName":"check:throttle-requests"},"children":{"controls":{"control":[{"ID":"0","typeID":"TextArea","zOrder":"0","w":"30","h":"30","measuredW":"200","measuredH":"140","x":"0","y":"0"}]}}},{"ID":"11914","typeID":"__group__","zOrder":"54","measuredW":"419","measuredH":"28","w":"419","h":"28","x":"262","y":"822","properties":{"controlName":"use-https"},"children":{"controls":{"control":[{"ID":"0","typeID":"Label","zOrder":"0","measuredW":"419","measuredH":"28","x":"0","y":"0","properties":{"size":"20","text":"Use HTTPS on server side and secure ciphers"}}]}}},{"ID":"11915","typeID":"__group__","zOrder":"53","measuredW":"30","measuredH":"30","w":"30","h":"30","x":"216","y":"820","properties":{"controlName":"check:use-https"},"children":{"controls":{"control":[{"ID":"0","typeID":"TextArea","zOrder":"0","w":"30","h":"30","measuredW":"200","measuredH":"140","x":"0","y":"0"}]}}},{"ID":"11916","typeID":"__group__","zOrder":"56","measuredW":"482","measuredH":"28","w":"482","h":"28","x":"262","y":"864","properties":{"controlName":"hsts-header"},"children":{"controls":{"control":[{"ID":"0","typeID":"Label","zOrder":"0","measuredW":"482","measuredH":"28","x":"0","y":"0","properties":{"size":"20","text":"Use HSTS header with SSL to avoid SSL Strip attacks."}}]}}},{"ID":"11917","typeID":"__group__","zOrder":"55","measuredW":"30","measuredH":"30","w":"30","h":"30","x":"216","y":"862","properties":{"controlName":"check:hsts-header"},"children":{"controls":{"control":[{"ID":"0","typeID":"TextArea","zOrder":"0","w":"30","h":"30","measuredW":"200","measuredH":"140","x":"0","y":"0"}]}}},{"ID":"11918","typeID":"__group__","zOrder":"58","measuredW":"220","measuredH":"28","w":"220","h":"28","x":"262","y":"905","properties":{"controlName":"directory-listings"},"children":{"controls":{"control":[{"ID":"0","typeID":"Label","zOrder":"0","measuredW":"220","measuredH":"28","x":"0","y":"0","properties":{"size":"20","text":"Turn off directory listings"}}]}}},{"ID":"11919","typeID":"__group__","zOrder":"57","measuredW":"30","measuredH":"30","w":"30","h":"30","x":"216","y":"903","properties":{"controlName":"check:directory-listings"},"children":{"controls":{"control":[{"ID":"0","typeID":"TextArea","zOrder":"0","w":"30","h":"30","measuredW":"200","measuredH":"140","x":"0","y":"0"}]}}},{"ID":"11920","typeID":"__group__","zOrder":"60","measuredW":"480","measuredH":"28","w":"480","h":"28","x":"262","y":"947","properties":{"controlName":"restrict-private-apis"},"children":{"controls":{"control":[{"ID":"0","typeID":"Label","zOrder":"0","measuredW":"480","measuredH":"28","x":"0","y":"0","properties":{"size":"20","text":"Private APIs to be only accessible from safe listed IPs"}}]}}},{"ID":"11921","typeID":"__group__","zOrder":"59","measuredW":"30","measuredH":"30","w":"30","h":"30","x":"216","y":"945","properties":{"controlName":"check:restrict-private-apis"},"children":{"controls":{"control":[{"ID":"0","typeID":"TextArea","zOrder":"0","w":"30","h":"30","measuredW":"200","measuredH":"140","x":"0","y":"0"}]}}},{"ID":"11922","typeID":"__group__","zOrder":"62","measuredW":"391","measuredH":"28","w":"391","h":"28","x":"907","y":"766","properties":{"controlName":"oauth-redirect-ui"},"children":{"controls":{"control":[{"ID":"0","typeID":"Label","zOrder":"0","measuredW":"391","measuredH":"28","x":"0","y":"0","properties":{"size":"20","text":"Always validate `redirect_uri’ on server-side"}}]}}},{"ID":"11923","typeID":"__group__","zOrder":"61","measuredW":"30","measuredH":"30","w":"30","h":"30","x":"861","y":"765","properties":{"controlName":"check:oauth-redirect-ui"},"children":{"controls":{"control":[{"ID":"0","typeID":"TextArea","zOrder":"0","w":"30","h":"30","measuredW":"200","measuredH":"140","x":"0","y":"0"}]}}},{"ID":"11924","typeID":"__group__","zOrder":"64","measuredW":"524","measuredH":"28","w":"524","h":"28","x":"907","y":"807","properties":{"controlName":"response-type-token"},"children":{"controls":{"control":[{"ID":"0","typeID":"Label","zOrder":"0","measuredW":"524","measuredH":"28","x":"0","y":"0","properties":{"size":"20","text":"Avoid `response_type=token’ and try to exchange for code"}}]}}},{"ID":"11925","typeID":"__group__","zOrder":"63","measuredW":"30","measuredH":"30","w":"30","h":"30","x":"861","y":"806","properties":{"controlName":"check:response-type-token"},"children":{"controls":{"control":[{"ID":"0","typeID":"TextArea","zOrder":"0","w":"30","h":"30","measuredW":"200","measuredH":"140","x":"0","y":"0"}]}}},{"ID":"11926","typeID":"__group__","zOrder":"66","measuredW":"420","measuredH":"28","w":"420","h":"28","x":"907","y":"847","properties":{"controlName":"oauth-state"},"children":{"controls":{"control":[{"ID":"0","typeID":"Label","zOrder":"0","measuredW":"420","measuredH":"28","x":"0","y":"0","properties":{"size":"20","text":"Use `state’ parameter to prevent CSRF attacks"}}]}}},{"ID":"11927","typeID":"__group__","zOrder":"65","measuredW":"30","measuredH":"30","w":"30","h":"30","x":"861","y":"846","properties":{"controlName":"check:oauth-state"},"children":{"controls":{"control":[{"ID":"0","typeID":"TextArea","zOrder":"0","w":"30","h":"30","measuredW":"200","measuredH":"140","x":"0","y":"0"}]}}},{"ID":"11928","typeID":"__group__","zOrder":"68","measuredW":"539","measuredH":"28","w":"539","h":"28","x":"907","y":"887","properties":{"controlName":"oauth-validate-scope"},"children":{"controls":{"control":[{"ID":"0","typeID":"Label","zOrder":"0","measuredW":"539","measuredH":"28","x":"0","y":"0","properties":{"size":"20","text":"Have default scope, and validate scope for each application"}}]}}},{"ID":"11929","typeID":"__group__","zOrder":"67","measuredW":"30","measuredH":"30","w":"30","h":"30","x":"861","y":"886","properties":{"controlName":"check:oauth-validate-scope"},"children":{"controls":{"control":[{"ID":"0","typeID":"TextArea","zOrder":"0","w":"30","h":"30","measuredW":"200","measuredH":"140","x":"0","y":"0"}]}}},{"ID":"11930","typeID":"__group__","zOrder":"73","measuredW":"406","measuredH":"28","w":"406","h":"28","x":"261","y":"1105","properties":{"controlName":"proper-http-methods"},"children":{"controls":{"control":[{"ID":"0","typeID":"Label","zOrder":"0","measuredW":"406","measuredH":"28","x":"0","y":"0","properties":{"size":"20","text":"User proper HTTP methods for the operation"}}]}}},{"ID":"11931","typeID":"__group__","zOrder":"72","measuredW":"30","measuredH":"30","w":"30","h":"30","x":"214","y":"1103","properties":{"controlName":"check:proper-http-methods"},"children":{"controls":{"control":[{"ID":"0","typeID":"TextArea","zOrder":"0","w":"30","h":"30","measuredW":"200","measuredH":"140","x":"0","y":"0"}]}}},{"ID":"11932","typeID":"__group__","zOrder":"75","measuredW":"373","measuredH":"28","w":"373","h":"28","x":"261","y":"1148","properties":{"controlName":"validate-content-type"},"children":{"controls":{"control":[{"ID":"0","typeID":"Label","zOrder":"0","measuredW":"373","measuredH":"28","x":"0","y":"0","properties":{"size":"20","text":"Validate `content-type` on request header"}}]}}},{"ID":"11933","typeID":"__group__","zOrder":"74","measuredW":"30","measuredH":"30","w":"30","h":"30","x":"214","y":"1146","properties":{"controlName":"check:validate-content-type"},"children":{"controls":{"control":[{"ID":"0","typeID":"TextArea","zOrder":"0","w":"30","h":"30","measuredW":"200","measuredH":"140","x":"0","y":"0"}]}}},{"ID":"11934","typeID":"__group__","zOrder":"77","measuredW":"457","measuredH":"28","w":"457","h":"28","x":"261","y":"1188","properties":{"controlName":"validate-user-input"},"children":{"controls":{"control":[{"ID":"0","typeID":"Label","zOrder":"0","measuredW":"457","measuredH":"28","x":"0","y":"0","properties":{"size":"20","text":"Validate user input to avoid common vulnerabilities"}}]}}},{"ID":"11935","typeID":"__group__","zOrder":"76","measuredW":"30","measuredH":"30","w":"30","h":"30","x":"215","y":"1186","properties":{"controlName":"check:validate-user-input"},"children":{"controls":{"control":[{"ID":"0","typeID":"TextArea","zOrder":"0","w":"30","h":"30","measuredW":"200","measuredH":"140","x":"0","y":"0"}]}}},{"ID":"11936","typeID":"__group__","zOrder":"79","measuredW":"474","measuredH":"28","w":"474","h":"28","x":"261","y":"1226","properties":{"controlName":"authorization-header"},"children":{"controls":{"control":[{"ID":"0","typeID":"Label","zOrder":"0","measuredW":"474","measuredH":"28","x":"0","y":"0","properties":{"size":"20","text":"Use standard Authorization header for sensitive data"}}]}}},{"ID":"11937","typeID":"__group__","zOrder":"78","measuredW":"30","measuredH":"30","w":"30","h":"30","x":"215","y":"1224","properties":{"controlName":"check:authorization-header"},"children":{"controls":{"control":[{"ID":"0","typeID":"TextArea","zOrder":"0","w":"30","h":"30","measuredW":"200","measuredH":"140","x":"0","y":"0"}]}}},{"ID":"11938","typeID":"__group__","zOrder":"81","measuredW":"285","measuredH":"28","w":"285","h":"28","x":"261","y":"1265","properties":{"controlName":"only-server-side-encryption"},"children":{"controls":{"control":[{"ID":"0","typeID":"Label","zOrder":"0","measuredW":"285","measuredH":"28","x":"0","y":"0","properties":{"size":"20","text":"Use only server-side encryption"}}]}}},{"ID":"11939","typeID":"__group__","zOrder":"80","measuredW":"30","measuredH":"30","w":"30","h":"30","x":"216","y":"1263","properties":{"controlName":"check:only-server-side-encryption"},"children":{"controls":{"control":[{"ID":"0","typeID":"TextArea","zOrder":"0","w":"30","h":"30","measuredW":"200","measuredH":"140","x":"0","y":"0"}]}}},{"ID":"11940","typeID":"__group__","zOrder":"83","measuredW":"499","measuredH":"28","w":"499","h":"28","x":"261","y":"1307","properties":{"controlName":"api-gateway"},"children":{"controls":{"control":[{"ID":"0","typeID":"Label","zOrder":"0","measuredW":"499","measuredH":"28","x":"0","y":"0","properties":{"size":"20","text":"Use an API Gateway for caching, Rate Limit policies etc"}}]}}},{"ID":"11941","typeID":"__group__","zOrder":"82","measuredW":"30","measuredH":"30","w":"30","h":"30","x":"216","y":"1305","properties":{"controlName":"check:api-gateway"},"children":{"controls":{"control":[{"ID":"0","typeID":"TextArea","zOrder":"0","w":"30","h":"30","measuredW":"200","measuredH":"140","x":"0","y":"0"}]}}},{"ID":"11942","typeID":"__group__","zOrder":"88","measuredW":"559","measuredH":"61","w":"559","h":"61","x":"907","y":"1036","properties":{"controlName":"endpoint-authentication"},"children":{"controls":{"control":[{"ID":"0","typeID":"Label","zOrder":"0","measuredW":"559","measuredH":"28","x":"0","y":"0","properties":{"size":"20","text":"Check if all the endpoints are protected behind authentication"}},{"ID":"1","typeID":"Label","zOrder":"1","measuredW":"351","measuredH":"28","x":"0","y":"33","properties":{"size":"20","text":"to avoid broken authentication process"}}]}}},{"ID":"11943","typeID":"__group__","zOrder":"87","measuredW":"30","measuredH":"30","w":"30","h":"30","x":"861","y":"1035","properties":{"controlName":"check:endpoint-authentication"},"children":{"controls":{"control":[{"ID":"0","typeID":"TextArea","zOrder":"0","w":"30","h":"30","measuredW":"200","measuredH":"140","x":"0","y":"0"}]}}},{"ID":"11944","typeID":"__group__","zOrder":"90","measuredW":"618","measuredH":"28","w":"618","h":"28","x":"907","y":"1108","properties":{"controlName":"avoid-personal-id-urls"},"children":{"controls":{"control":[{"ID":"0","typeID":"Label","zOrder":"0","measuredW":"618","measuredH":"28","x":"0","y":"0","properties":{"size":"20","text":"Avoid user’s personal ID in the resource URLs e.g. {color:blue}users/242/orders{color}"}}]}}},{"ID":"11945","typeID":"__group__","zOrder":"89","measuredW":"30","measuredH":"30","w":"30","h":"30","x":"861","y":"1105","properties":{"controlName":"check:avoid-personal-id-urls"},"children":{"controls":{"control":[{"ID":"0","typeID":"TextArea","zOrder":"0","w":"30","h":"30","measuredW":"200","measuredH":"140","x":"0","y":"0"}]}}},{"ID":"11946","typeID":"__group__","zOrder":"92","measuredW":"390","measuredH":"28","w":"390","h":"28","x":"907","y":"1152","properties":{"controlName":"prefer-uuid"},"children":{"controls":{"control":[{"ID":"0","typeID":"Label","zOrder":"0","measuredW":"390","measuredH":"28","x":"0","y":"0","properties":{"size":"20","text":"Prefer using UUID over auto-increment IDs"}}]}}},{"ID":"11947","typeID":"__group__","zOrder":"91","measuredW":"30","measuredH":"30","w":"30","h":"30","x":"861","y":"1149","properties":{"controlName":"check:prefer-uuid"},"children":{"controls":{"control":[{"ID":"0","typeID":"TextArea","zOrder":"0","w":"30","h":"30","measuredW":"200","measuredH":"140","x":"0","y":"0"}]}}},{"ID":"11948","typeID":"__group__","zOrder":"94","measuredW":"586","measuredH":"28","w":"586","h":"28","x":"907","y":"1194","properties":{"controlName":"disable-entity-parsing-xml"},"children":{"controls":{"control":[{"ID":"0","typeID":"Label","zOrder":"0","measuredW":"586","measuredH":"28","x":"0","y":"0","properties":{"size":"20","text":"Disable entity parsing if you are parsing XML to avoid XXE attacks"}}]}}},{"ID":"11949","typeID":"__group__","zOrder":"93","measuredW":"30","measuredH":"30","w":"30","h":"30","x":"861","y":"1191","properties":{"controlName":"check:disable-entity-parsing-xml"},"children":{"controls":{"control":[{"ID":"0","typeID":"TextArea","zOrder":"0","w":"30","h":"30","measuredW":"200","measuredH":"140","x":"0","y":"0"}]}}},{"ID":"11950","typeID":"__group__","zOrder":"96","measuredW":"584","measuredH":"28","w":"584","h":"28","x":"907","y":"1234","properties":{"controlName":"disable-entity-expansion"},"children":{"controls":{"control":[{"ID":"0","typeID":"Label","zOrder":"0","measuredW":"584","measuredH":"28","x":"0","y":"0","properties":{"size":"20","text":"Disable entity expansion if using XML, YML or any other language"}}]}}},{"ID":"11951","typeID":"__group__","zOrder":"95","measuredW":"30","measuredH":"30","w":"30","h":"30","x":"861","y":"1233","properties":{"controlName":"check:disable-entity-expansion"},"children":{"controls":{"control":[{"ID":"0","typeID":"TextArea","zOrder":"0","w":"30","h":"30","measuredW":"200","measuredH":"140","x":"0","y":"0"}]}}},{"ID":"11952","typeID":"__group__","zOrder":"98","measuredW":"223","measuredH":"28","w":"223","h":"28","x":"907","y":"1276","properties":{"controlName":"cdn-for-file-uploads"},"children":{"controls":{"control":[{"ID":"0","typeID":"Label","zOrder":"0","measuredW":"223","measuredH":"28","x":"0","y":"0","properties":{"size":"20","text":"Use CDN for file uploads"}}]}}},{"ID":"11953","typeID":"__group__","zOrder":"97","measuredW":"30","measuredH":"30","w":"30","h":"30","x":"861","y":"1275","properties":{"controlName":"check:cdn-for-file-uploads"},"children":{"controls":{"control":[{"ID":"0","typeID":"TextArea","zOrder":"0","w":"30","h":"30","measuredW":"200","measuredH":"140","x":"0","y":"0"}]}}},{"ID":"11954","typeID":"__group__","zOrder":"100","measuredW":"520","measuredH":"28","w":"520","h":"28","x":"907","y":"1317","properties":{"controlName":"avoid-http-blocking"},"children":{"controls":{"control":[{"ID":"0","typeID":"Label","zOrder":"0","measuredW":"520","measuredH":"28","x":"0","y":"0","properties":{"size":"20","text":"Avoid HTTP blocking if you are using huge amount of data"}}]}}},{"ID":"11955","typeID":"__group__","zOrder":"99","measuredW":"30","measuredH":"30","w":"30","h":"30","x":"861","y":"1316","properties":{"controlName":"check:avoid-http-blocking"},"children":{"controls":{"control":[{"ID":"0","typeID":"TextArea","zOrder":"0","w":"30","h":"30","measuredW":"200","measuredH":"140","x":"0","y":"0"}]}}},{"ID":"11956","typeID":"__group__","zOrder":"102","measuredW":"464","measuredH":"28","w":"464","h":"28","x":"907","y":"1359","properties":{"controlName":"debug-mode-off"},"children":{"controls":{"control":[{"ID":"0","typeID":"Label","zOrder":"0","measuredW":"464","measuredH":"28","x":"0","y":"0","properties":{"size":"20","text":"Make sure to turn the debug mode off in production"}}]}}},{"ID":"11957","typeID":"__group__","zOrder":"101","measuredW":"30","measuredH":"30","w":"30","h":"30","x":"861","y":"1358","properties":{"controlName":"check:debug-mode-off"},"children":{"controls":{"control":[{"ID":"0","typeID":"TextArea","zOrder":"0","w":"30","h":"30","measuredW":"200","measuredH":"140","x":"0","y":"0"}]}}},{"ID":"11958","typeID":"__group__","zOrder":"104","measuredW":"386","measuredH":"28","w":"386","h":"28","x":"907","y":"1401","properties":{"controlName":"non-executable-stacks"},"children":{"controls":{"control":[{"ID":"0","typeID":"Label","zOrder":"0","measuredW":"386","measuredH":"28","x":"0","y":"0","properties":{"size":"20","text":"Use non-executable stacks when available."}}]}}},{"ID":"11959","typeID":"__group__","zOrder":"103","measuredW":"30","measuredH":"30","w":"30","h":"30","x":"861","y":"1400","properties":{"controlName":"check:non-executable-stacks"},"children":{"controls":{"control":[{"ID":"0","typeID":"TextArea","zOrder":"0","w":"30","h":"30","measuredW":"200","measuredH":"140","x":"0","y":"0"}]}}},{"ID":"11960","typeID":"__group__","zOrder":"109","measuredW":"416","measuredH":"28","w":"416","h":"28","x":"243","y":"1469","properties":{"controlName":"no-sniff-header"},"children":{"controls":{"control":[{"ID":"0","typeID":"Label","zOrder":"0","measuredW":"416","measuredH":"28","x":"0","y":"0","properties":{"size":"20","text":"Send `X-Content-Type-Options: nosniff` header"}}]}}},{"ID":"11961","typeID":"__group__","zOrder":"108","measuredW":"30","measuredH":"30","w":"30","h":"30","x":"196","y":"1467","properties":{"controlName":"check:no-sniff-header"},"children":{"controls":{"control":[{"ID":"0","typeID":"TextArea","zOrder":"0","w":"30","h":"30","measuredW":"200","measuredH":"140","x":"0","y":"0"}]}}},{"ID":"11962","typeID":"__group__","zOrder":"111","measuredW":"341","measuredH":"28","w":"341","h":"28","x":"243","y":"1510","properties":{"controlName":"x-frame-options-deny"},"children":{"controls":{"control":[{"ID":"0","typeID":"Label","zOrder":"0","measuredW":"341","measuredH":"28","x":"0","y":"0","properties":{"size":"20","text":"Send `X-Frame-Options: deny` header."}}]}}},{"ID":"11963","typeID":"__group__","zOrder":"110","measuredW":"30","measuredH":"30","w":"30","h":"30","x":"196","y":"1508","properties":{"controlName":"check:x-frame-options-deny"},"children":{"controls":{"control":[{"ID":"0","typeID":"TextArea","zOrder":"0","w":"30","h":"30","measuredW":"200","measuredH":"140","x":"0","y":"0"}]}}},{"ID":"11964","typeID":"__group__","zOrder":"113","measuredW":"511","measuredH":"28","w":"511","h":"28","x":"243","y":"1551","properties":{"controlName":"csp-header"},"children":{"controls":{"control":[{"ID":"0","typeID":"Label","zOrder":"0","measuredW":"511","measuredH":"28","x":"0","y":"0","properties":{"size":"20","text":"Send `Content-Security-Policy: default-src 'none'` header."}}]}}},{"ID":"11965","typeID":"__group__","zOrder":"112","measuredW":"30","measuredH":"30","w":"30","h":"30","x":"196","y":"1549","properties":{"controlName":"check:csp-header"},"children":{"controls":{"control":[{"ID":"0","typeID":"TextArea","zOrder":"0","w":"30","h":"30","measuredW":"200","measuredH":"140","x":"0","y":"0"}]}}},{"ID":"11966","typeID":"__group__","zOrder":"115","measuredW":"485","measuredH":"28","w":"485","h":"28","x":"243","y":"1592","properties":{"controlName":"remove-fingerprint-header"},"children":{"controls":{"control":[{"ID":"0","typeID":"Label","zOrder":"0","measuredW":"485","measuredH":"28","x":"0","y":"0","properties":{"size":"20","text":"Remove fingerprinting headers (i.e. x-powered-by etc)"}}]}}},{"ID":"11967","typeID":"__group__","zOrder":"114","measuredW":"30","measuredH":"30","w":"30","h":"30","x":"196","y":"1590","properties":{"controlName":"check:remove-fingerprint-header"},"children":{"controls":{"control":[{"ID":"0","typeID":"TextArea","zOrder":"0","w":"30","h":"30","measuredW":"200","measuredH":"140","x":"0","y":"0"}]}}},{"ID":"11968","typeID":"__group__","zOrder":"117","measuredW":"345","measuredH":"28","w":"345","h":"28","x":"243","y":"1633","properties":{"controlName":"force-content-type"},"children":{"controls":{"control":[{"ID":"0","typeID":"Label","zOrder":"0","measuredW":"345","measuredH":"28","x":"0","y":"0","properties":{"size":"20","text":"Force `content-type` for your response."}}]}}},{"ID":"11969","typeID":"__group__","zOrder":"116","measuredW":"30","measuredH":"30","w":"30","h":"30","x":"196","y":"1631","properties":{"controlName":"check:force-content-type"},"children":{"controls":{"control":[{"ID":"0","typeID":"TextArea","zOrder":"0","w":"30","h":"30","measuredW":"200","measuredH":"140","x":"0","y":"0"}]}}},{"ID":"11970","typeID":"__group__","zOrder":"119","measuredW":"531","measuredH":"28","w":"531","h":"28","x":"243","y":"1674","properties":{"controlName":"avoid-sensitive-data"},"children":{"controls":{"control":[{"ID":"0","typeID":"Label","zOrder":"0","measuredW":"531","measuredH":"28","x":"0","y":"0","properties":{"size":"20","text":"Avoid returning sensitive data (credentials, sec. tokens etc)"}}]}}},{"ID":"11971","typeID":"__group__","zOrder":"118","measuredW":"30","measuredH":"30","w":"30","h":"30","x":"196","y":"1672","properties":{"controlName":"check:avoid-sensitive-data"},"children":{"controls":{"control":[{"ID":"0","typeID":"TextArea","zOrder":"0","w":"30","h":"30","measuredW":"200","measuredH":"140","x":"0","y":"0"}]}}},{"ID":"11972","typeID":"__group__","zOrder":"121","measuredW":"467","measuredH":"28","w":"467","h":"28","x":"243","y":"1717","properties":{"controlName":"proper-response-code"},"children":{"controls":{"control":[{"ID":"0","typeID":"Label","zOrder":"0","measuredW":"467","measuredH":"28","x":"0","y":"0","properties":{"size":"20","text":"Return proper response codes as per the operation"}}]}}},{"ID":"11973","typeID":"__group__","zOrder":"120","measuredW":"30","measuredH":"30","w":"30","h":"30","x":"196","y":"1715","properties":{"controlName":"check:proper-response-code"},"children":{"controls":{"control":[{"ID":"0","typeID":"TextArea","zOrder":"0","w":"30","h":"30","measuredW":"200","measuredH":"140","x":"0","y":"0"}]}}},{"ID":"11974","typeID":"__group__","zOrder":"126","measuredW":"578","measuredH":"28","w":"578","h":"28","x":"907","y":"1563","properties":{"controlName":"unit-integration-tests"},"children":{"controls":{"control":[{"ID":"0","typeID":"Label","zOrder":"0","measuredW":"578","measuredH":"28","x":"0","y":"0","properties":{"size":"20","text":"Audit your design and implementation with unit/integration tests."}}]}}},{"ID":"11977","typeID":"__group__","zOrder":"125","measuredW":"30","measuredH":"30","w":"30","h":"30","x":"861","y":"1562","properties":{"controlName":"check:unit-integration-tests"},"children":{"controls":{"control":[{"ID":"0","typeID":"TextArea","zOrder":"0","w":"30","h":"30","measuredW":"200","measuredH":"140","x":"0","y":"0"}]}}},{"ID":"11978","typeID":"__group__","zOrder":"128","measuredW":"503","measuredH":"28","w":"503","h":"28","x":"907","y":"1602","properties":{"controlName":"code-review-process"},"children":{"controls":{"control":[{"ID":"0","typeID":"Label","zOrder":"0","measuredW":"503","measuredH":"28","x":"0","y":"0","properties":{"size":"20","text":"Use a code review process and disregard self-approval."}}]}}},{"ID":"11979","typeID":"__group__","zOrder":"127","measuredW":"30","measuredH":"30","w":"30","h":"30","x":"861","y":"1601","properties":{"controlName":"check:code-review-process"},"children":{"controls":{"control":[{"ID":"0","typeID":"TextArea","zOrder":"0","w":"30","h":"30","measuredW":"200","measuredH":"140","x":"0","y":"0"}]}}},{"ID":"11980","typeID":"__group__","zOrder":"130","measuredW":"432","measuredH":"28","w":"432","h":"28","x":"907","y":"1643","properties":{"controlName":"run-security-analysis"},"children":{"controls":{"control":[{"ID":"0","typeID":"Label","zOrder":"0","measuredW":"432","measuredH":"28","x":"0","y":"0","properties":{"size":"20","text":" Continuously run security analysis on your code."}}]}}},{"ID":"11981","typeID":"__group__","zOrder":"129","measuredW":"30","measuredH":"30","w":"30","h":"30","x":"861","y":"1641","properties":{"controlName":"check:run-security-analysis"},"children":{"controls":{"control":[{"ID":"0","typeID":"TextArea","zOrder":"0","w":"30","h":"30","measuredW":"200","measuredH":"140","x":"0","y":"0"}]}}},{"ID":"11982","typeID":"__group__","zOrder":"132","measuredW":"461","measuredH":"28","w":"461","h":"28","x":"907","y":"1684","properties":{"controlName":"check-dependencies"},"children":{"controls":{"control":[{"ID":"0","typeID":"Label","zOrder":"0","measuredW":"461","measuredH":"28","x":"0","y":"0","properties":{"size":"20","text":"Check your dependencies for known vulnerabilities."}}]}}},{"ID":"11983","typeID":"__group__","zOrder":"131","measuredW":"30","measuredH":"30","w":"30","h":"30","x":"861","y":"1682","properties":{"controlName":"check:check-dependencies"},"children":{"controls":{"control":[{"ID":"0","typeID":"TextArea","zOrder":"0","w":"30","h":"30","measuredW":"200","measuredH":"140","x":"0","y":"0"}]}}},{"ID":"11984","typeID":"__group__","zOrder":"134","measuredW":"386","measuredH":"28","w":"386","h":"28","x":"907","y":"1726","properties":{"controlName":"rollback-deployments"},"children":{"controls":{"control":[{"ID":"0","typeID":"Label","zOrder":"0","measuredW":"386","measuredH":"28","x":"0","y":"0","properties":{"size":"20","text":"Design a rollback solution for deployments."}}]}}},{"ID":"11985","typeID":"__group__","zOrder":"133","measuredW":"30","measuredH":"30","w":"30","h":"30","x":"861","y":"1724","properties":{"controlName":"check:rollback-deployments"},"children":{"controls":{"control":[{"ID":"0","typeID":"TextArea","zOrder":"0","w":"30","h":"30","measuredW":"200","measuredH":"140","x":"0","y":"0"}]}}},{"ID":"11986","typeID":"__group__","zOrder":"139","measuredW":"497","measuredH":"28","w":"497","h":"28","x":"241","y":"1873","properties":{"controlName":"centralized-logins"},"children":{"controls":{"control":[{"ID":"0","typeID":"Label","zOrder":"0","measuredW":"497","measuredH":"28","x":"0","y":"0","properties":{"size":"20","text":"Use centralized logins for all services and components."}}]}}},{"ID":"11987","typeID":"__group__","zOrder":"138","measuredW":"30","measuredH":"30","w":"30","h":"30","x":"194","y":"1871","properties":{"controlName":"check:centralized-logins"},"children":{"controls":{"control":[{"ID":"0","typeID":"TextArea","zOrder":"0","w":"30","h":"30","measuredW":"200","measuredH":"140","x":"0","y":"0"}]}}},{"ID":"11988","typeID":"__group__","zOrder":"141","measuredW":"518","measuredH":"28","w":"518","h":"28","x":"241","y":"1914","properties":{"controlName":"monitor-everything"},"children":{"controls":{"control":[{"ID":"0","typeID":"Label","zOrder":"0","measuredW":"518","measuredH":"28","x":"0","y":"0","properties":{"size":"20","text":"Use agents to monitor all requests, responses and errors."}}]}}},{"ID":"11989","typeID":"__group__","zOrder":"140","measuredW":"30","measuredH":"30","w":"30","h":"30","x":"194","y":"1912","properties":{"controlName":"check:monitor-everything"},"children":{"controls":{"control":[{"ID":"0","typeID":"TextArea","zOrder":"0","w":"30","h":"30","measuredW":"200","measuredH":"140","x":"0","y":"0"}]}}},{"ID":"11990","typeID":"__group__","zOrder":"143","measuredW":"511","measuredH":"28","w":"511","h":"28","x":"241","y":"1955","properties":{"controlName":"set-alerts"},"children":{"controls":{"control":[{"ID":"0","typeID":"Label","zOrder":"0","measuredW":"511","measuredH":"28","x":"0","y":"0","properties":{"size":"20","text":"Use alerts for SMS, Slack, Email, Kibana, Cloudwatch, etc."}}]}}},{"ID":"11991","typeID":"__group__","zOrder":"142","measuredW":"30","measuredH":"30","w":"30","h":"30","x":"194","y":"1953","properties":{"controlName":"check:set-alerts"},"children":{"controls":{"control":[{"ID":"0","typeID":"TextArea","zOrder":"0","w":"30","h":"30","measuredW":"200","measuredH":"140","x":"0","y":"0"}]}}},{"ID":"11992","typeID":"__group__","zOrder":"145","measuredW":"438","measuredH":"28","w":"438","h":"28","x":"241","y":"1996","properties":{"controlName":"avoid-logging-sensitive-data"},"children":{"controls":{"control":[{"ID":"0","typeID":"Label","zOrder":"0","measuredW":"438","measuredH":"28","x":"0","y":"0","properties":{"size":"20","text":"Ensure that you aren't logging any sensitive data."}}]}}},{"ID":"11993","typeID":"__group__","zOrder":"144","measuredW":"30","measuredH":"30","w":"30","h":"30","x":"194","y":"1994","properties":{"controlName":"check:avoid-logging-sensitive-data"},"children":{"controls":{"control":[{"ID":"0","typeID":"TextArea","zOrder":"0","w":"30","h":"30","measuredW":"200","measuredH":"140","x":"0","y":"0"}]}}},{"ID":"11994","typeID":"__group__","zOrder":"147","measuredW":"474","measuredH":"28","w":"474","h":"28","x":"241","y":"2037","properties":{"controlName":"use-ids-ips-system"},"children":{"controls":{"control":[{"ID":"0","typeID":"Label","zOrder":"0","measuredW":"474","measuredH":"28","x":"0","y":"0","properties":{"size":"20","text":"Use an IDS and/or IPS system to monitor everything."}}]}}},{"ID":"11995","typeID":"__group__","zOrder":"146","measuredW":"30","measuredH":"30","w":"30","h":"30","x":"194","y":"2035","properties":{"controlName":"check:use-ids-ips-system"},"children":{"controls":{"control":[{"ID":"0","typeID":"TextArea","zOrder":"0","w":"30","h":"30","measuredW":"200","measuredH":"140","x":"0","y":"0"}]}}},{"ID":"11996","typeID":"__group__","zOrder":"24","measuredW":"272","measuredH":"44","w":"272","h":"44","x":"995","y":"1934","properties":{"controlName":"recommended-resources"},"children":{"controls":{"control":[{"ID":"0","typeID":"TextArea","zOrder":"0","w":"272","h":"44","measuredW":"200","measuredH":"140","x":"0","y":"0","properties":{"color":"16770457"}},{"ID":"1","typeID":"Label","zOrder":"1","measuredW":"206","measuredH":"25","x":"33","y":"9","properties":{"size":"17","text":"Recommended Resources"}}]}}}]},"attributes":{"name":"New Wireframe 1 copy","order":1000022.7455786733,"parentID":null,"notes":""},"branchID":"Master","resourceID":"8024860B-B61F-451D-B579-28AA621BB239","mockupH":"2160","mockupW":"1351","measuredW":"1542","measuredH":"2294","version":"1.0"},"groupOffset":{"x":0,"y":0},"dependencies":[],"projectID":"file:///Users/kamranahmed/Desktop/devops%20roadmap%5C.bmpr"} \ No newline at end of file +{ + "mockup": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "Arrow", + "zOrder": "0", + "w": "1", + "h": "81", + "measuredW": "150", + "measuredH": "100", + "x": "814", + "y": "2213", + "properties": { + "curvature": "0", + "leftArrow": "false", + "rightArrow": "false", + "stroke": "dotted", + "color": "10027263", + "p0": { + "x": 0, + "y": 0 + }, + "p1": { + "x": 0.49999999999999994, + "y": 0 + }, + "p2": { + "x": 0, + "y": 81.09090909090901 + } + } + }, + { + "ID": "1", + "typeID": "Arrow", + "zOrder": "1", + "w": "1", + "h": "90", + "measuredW": "150", + "measuredH": "100", + "x": "1118", + "y": "1856", + "properties": { + "curvature": "0", + "leftArrow": "false", + "rightArrow": "false", + "color": "4273622", + "stroke": "dotted", + "p0": { + "x": 0, + "y": -0.48484848484849863 + }, + "p1": { + "x": 0.5, + "y": 0 + }, + "p2": { + "x": 0, + "y": 89.20412121212144 + } + } + }, + { + "ID": "2", + "typeID": "Arrow", + "zOrder": "2", + "w": "606", + "h": "1", + "measuredW": "150", + "measuredH": "100", + "x": "816", + "y": "1855", + "properties": { + "curvature": "0", + "leftArrow": "false", + "rightArrow": "false", + "p0": { + "x": 0.4393939393939945, + "y": 0 + }, + "p1": { + "x": 0.499957866859274, + "y": 0.000355669369753909 + }, + "p2": { + "x": 606.8787878787878, + "y": 0 + }, + "color": "4273622" + } + }, + { + "ID": "3", + "typeID": "Arrow", + "zOrder": "3", + "w": "726", + "h": "1", + "measuredW": "150", + "measuredH": "100", + "x": "816", + "y": "708", + "properties": { + "curvature": "0", + "leftArrow": "false", + "rightArrow": "false", + "color": "4273622", + "p0": { + "x": -0.2686368305519409, + "y": 0 + }, + "p1": { + "x": 0.5001077701859017, + "y": 0.0003391382343339101 + }, + "p2": { + "x": 725.5310311167375, + "y": 0 + } + } + }, + { + "ID": "4", + "typeID": "Arrow", + "zOrder": "4", + "w": "588", + "h": "1", + "measuredW": "150", + "measuredH": "100", + "x": "225", + "y": "413", + "properties": { + "curvature": "0", + "leftArrow": "false", + "rightArrow": "false", + "color": "4273622", + "p0": { + "x": 0, + "y": 0 + }, + "p1": { + "x": 0.4999449522687746, + "y": 0.0003335799224988863 + }, + "p2": { + "x": 588, + "y": 0 + } + } + }, + { + "ID": "5", + "typeID": "Canvas", + "zOrder": "5", + "w": "189", + "h": "50", + "measuredW": "100", + "measuredH": "70", + "x": "394", + "y": "389", + "properties": { + "color": "16776960" + } + }, + { + "ID": "6", + "typeID": "__group__", + "zOrder": "6", + "measuredW": "30", + "measuredH": "30", + "w": "30", + "h": "30", + "x": "214", + "y": "471", + "properties": { + "controlName": "check:use-standard-authentication" + }, + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "TextArea", + "zOrder": "0", + "w": "30", + "h": "30", + "measuredW": "200", + "measuredH": "140", + "x": "0", + "y": "0" + } + ] + } + } + }, + { + "ID": "7", + "typeID": "__group__", + "zOrder": "7", + "measuredW": "472", + "measuredH": "28", + "w": "472", + "h": "28", + "x": "260", + "y": "472", + "properties": { + "controlName": "use-standard-authentication" + }, + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "Label", + "zOrder": "0", + "measuredW": "472", + "measuredH": "28", + "x": "0", + "y": "0", + "properties": { + "size": "20", + "text": "Avoid ‘Basic Authentication’, use standard (e.g. JWT)" + } + } + ] + } + } + }, + { + "ID": "8", + "typeID": "Label", + "zOrder": "8", + "measuredW": "175", + "measuredH": "40", + "x": "726", + "y": "226", + "properties": { + "size": "32", + "text": "API Security" + } + }, + { + "ID": "9", + "typeID": "Canvas", + "zOrder": "9", + "w": "361", + "h": "150", + "measuredW": "100", + "measuredH": "70", + "x": "1099", + "y": "158" + }, + { + "ID": "10", + "typeID": "Label", + "zOrder": "10", + "measuredW": "332", + "measuredH": "26", + "x": "1115", + "y": "176", + "properties": { + "text": "Find the detailed version of this checklist", + "size": "18" + } + }, + { + "ID": "11", + "typeID": "Label", + "zOrder": "11", + "measuredW": "318", + "measuredH": "26", + "x": "1115", + "y": "204", + "properties": { + "size": "18", + "text": "With details on how to implement these" + } + }, + { + "ID": "12", + "typeID": "__group__", + "zOrder": "12", + "measuredW": "329", + "measuredH": "51", + "w": "329", + "h": "51", + "x": "1115", + "y": "240", + "properties": { + "controlName": "ext_link:roadmap.sh" + }, + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "Canvas", + "zOrder": "0", + "w": "329", + "h": "51", + "measuredW": "100", + "measuredH": "70", + "x": "0", + "y": "0", + "properties": { + "color": "4273622", + "borderColor": "4273622" + } + }, + { + "ID": "1", + "typeID": "Label", + "zOrder": "1", + "measuredW": "172", + "measuredH": "28", + "x": "79", + "y": "12", + "properties": { + "color": "16777215", + "size": "20", + "text": "https://roadmap.sh" + } + } + ] + } + } + }, + { + "ID": "13", + "typeID": "Canvas", + "zOrder": "13", + "w": "373", + "h": "169", + "measuredW": "100", + "measuredH": "70", + "x": "216", + "y": "148" + }, + { + "ID": "14", + "typeID": "__group__", + "zOrder": "14", + "measuredW": "189", + "measuredH": "27", + "w": "189", + "h": "27", + "x": "246", + "y": "222", + "properties": { + "controlName": "ext_link:roadmap.sh/backend" + }, + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "Label", + "zOrder": "0", + "measuredW": "156", + "measuredH": "26", + "x": "33", + "y": "0", + "properties": { + "size": "18", + "text": "Backend Roadmap" + } + }, + { + "ID": "1", + "typeID": "__group__", + "zOrder": "1", + "measuredW": "24", + "measuredH": "24", + "w": "24", + "h": "24", + "x": "0", + "y": "3", + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "Icon", + "zOrder": "0", + "measuredW": "24", + "measuredH": "24", + "x": "0", + "y": "0", + "properties": { + "color": "16777215", + "icon": { + "ID": "circle", + "size": "small" + } + } + }, + { + "ID": "1", + "typeID": "Icon", + "zOrder": "1", + "measuredW": "24", + "measuredH": "24", + "x": "0", + "y": "0", + "properties": { + "color": "10066329", + "icon": { + "ID": "check-circle", + "size": "small" + } + } + } + ] + } + } + } + ] + } + } + }, + { + "ID": "15", + "typeID": "__group__", + "zOrder": "15", + "measuredW": "183", + "measuredH": "27", + "w": "183", + "h": "27", + "x": "246", + "y": "258", + "properties": { + "controlName": "ext_link:roadmap.sh/devops" + }, + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "Label", + "zOrder": "0", + "measuredW": "150", + "measuredH": "26", + "x": "33", + "y": "0", + "properties": { + "size": "18", + "text": "DevOps Roadmap" + } + }, + { + "ID": "1", + "typeID": "__group__", + "zOrder": "1", + "measuredW": "24", + "measuredH": "24", + "w": "24", + "h": "24", + "x": "0", + "y": "3", + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "Icon", + "zOrder": "0", + "measuredW": "24", + "measuredH": "24", + "x": "0", + "y": "0", + "properties": { + "color": "16777215", + "icon": { + "ID": "circle", + "size": "small" + } + } + }, + { + "ID": "1", + "typeID": "Icon", + "zOrder": "1", + "measuredW": "24", + "measuredH": "24", + "x": "0", + "y": "0", + "properties": { + "color": "10066329", + "icon": { + "ID": "check-circle", + "size": "small" + } + } + } + ] + } + } + } + ] + } + } + }, + { + "ID": "16", + "typeID": "Label", + "zOrder": "16", + "measuredW": "209", + "measuredH": "32", + "x": "246", + "y": "172", + "properties": { + "size": "24", + "text": "Related Roadmaps" + } + }, + { + "ID": "17", + "typeID": "Arrow", + "zOrder": "17", + "w": "1", + "h": "76", + "measuredW": "150", + "measuredH": "100", + "x": "812", + "y": "134", + "properties": { + "curvature": "0", + "leftArrow": "false", + "rightArrow": "false", + "p0": { + "x": 0, + "y": 0 + }, + "p1": { + "x": 0.49999999999999994, + "y": 0 + }, + "p2": { + "x": 0, + "y": 76.17275043077757 + }, + "stroke": "dotted", + "color": "10027263" + } + }, + { + "ID": "18", + "typeID": "Label", + "zOrder": "18", + "measuredW": "130", + "measuredH": "28", + "x": "424", + "y": "400", + "properties": { + "size": "20", + "text": "Authentication" + } + }, + { + "ID": "19", + "typeID": "Arrow", + "zOrder": "19", + "w": "1", + "h": "1929", + "measuredW": "150", + "measuredH": "100", + "x": "814", + "y": "287", + "properties": { + "curvature": "0", + "leftArrow": "false", + "rightArrow": "false", + "color": "4273622", + "p0": { + "x": 0, + "y": -0.48484848484849863 + }, + "p1": { + "x": 0.4999999999999999, + "y": 0 + }, + "p2": { + "x": 0, + "y": 1928.151515151515 + } + } + }, + { + "ID": "20", + "typeID": "Canvas", + "zOrder": "20", + "w": "252", + "h": "50", + "measuredW": "100", + "measuredH": "70", + "x": "1015", + "y": "683", + "properties": { + "color": "16776960" + } + }, + { + "ID": "21", + "typeID": "Label", + "zOrder": "21", + "measuredW": "55", + "measuredH": "28", + "x": "1113", + "y": "694", + "properties": { + "size": "20", + "text": "OAuth" + } + }, + { + "ID": "22", + "typeID": "Canvas", + "zOrder": "22", + "w": "272", + "h": "50", + "measuredW": "100", + "measuredH": "70", + "x": "995", + "y": "1830", + "properties": { + "color": "4273622", + "borderColor": "4273622" + } + }, + { + "ID": "23", + "typeID": "Label", + "zOrder": "23", + "measuredW": "151", + "measuredH": "28", + "x": "1055", + "y": "1841", + "properties": { + "size": "20", + "text": "More Resources", + "color": "16777215" + } + }, + { + "ID": "24", + "typeID": "__group__", + "zOrder": "24", + "measuredW": "272", + "measuredH": "44", + "w": "272", + "h": "44", + "x": "995", + "y": "1934", + "properties": { + "controlName": "recommended-resources" + }, + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "TextArea", + "zOrder": "0", + "w": "272", + "h": "44", + "measuredW": "200", + "measuredH": "140", + "x": "0", + "y": "0", + "properties": { + "color": "16770457" + } + }, + { + "ID": "1", + "typeID": "Label", + "zOrder": "1", + "measuredW": "206", + "measuredH": "25", + "x": "33", + "y": "9", + "properties": { + "size": "17", + "text": "Recommended Resources" + } + } + ] + } + } + }, + { + "ID": "25", + "typeID": "TextArea", + "zOrder": "25", + "w": "438", + "h": "118", + "measuredW": "200", + "measuredH": "140", + "x": "595", + "y": "2127" + }, + { + "ID": "26", + "typeID": "Label", + "zOrder": "26", + "measuredW": "366", + "measuredH": "25", + "x": "631", + "y": "2146", + "properties": { + "size": "17", + "text": "Continue Learning with following relevant tracks" + } + }, + { + "ID": "27", + "typeID": "__group__", + "zOrder": "27", + "measuredW": "198", + "measuredH": "44", + "w": "198", + "h": "44", + "x": "818", + "y": "2183", + "properties": { + "controlName": "ext_link:roadmap.sh/devops" + }, + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "TextArea", + "zOrder": "0", + "w": "198", + "h": "44", + "measuredW": "200", + "measuredH": "140", + "x": "0", + "y": "0", + "properties": { + "color": "16770457" + } + }, + { + "ID": "1", + "typeID": "Label", + "zOrder": "1", + "measuredW": "141", + "measuredH": "25", + "x": "28", + "y": "10", + "properties": { + "size": "17", + "text": "DevOps Roadmap" + } + } + ] + } + } + }, + { + "ID": "28", + "typeID": "__group__", + "zOrder": "28", + "measuredW": "198", + "measuredH": "44", + "w": "198", + "h": "44", + "x": "610", + "y": "2183", + "properties": { + "controlName": "ext_link:roadmap.sh/backend" + }, + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "TextArea", + "zOrder": "0", + "w": "198", + "h": "44", + "measuredW": "200", + "measuredH": "140", + "x": "0", + "y": "0", + "properties": { + "color": "16770457" + } + }, + { + "ID": "1", + "typeID": "Label", + "zOrder": "1", + "measuredW": "147", + "measuredH": "25", + "x": "24", + "y": "10", + "properties": { + "size": "17", + "text": "Backend Roadmap" + } + } + ] + } + } + }, + { + "ID": "29", + "typeID": "__group__", + "zOrder": "29", + "measuredW": "30", + "measuredH": "30", + "w": "30", + "h": "30", + "x": "214", + "y": "513", + "properties": { + "controlName": "check:authentication-mechanisms" + }, + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "TextArea", + "zOrder": "0", + "w": "30", + "h": "30", + "measuredW": "200", + "measuredH": "140", + "x": "0", + "y": "0" + } + ] + } + } + }, + { + "ID": "30", + "typeID": "__group__", + "zOrder": "30", + "measuredW": "510", + "measuredH": "28", + "w": "510", + "h": "28", + "x": "260", + "y": "514", + "properties": { + "controlName": "authentication-mechanisms" + }, + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "Label", + "zOrder": "0", + "measuredW": "510", + "measuredH": "28", + "x": "0", + "y": "0", + "properties": { + "size": "20", + "text": "Do not reinvent the wheel in authentication mechanisms." + } + } + ] + } + } + }, + { + "ID": "31", + "typeID": "__group__", + "zOrder": "31", + "measuredW": "30", + "measuredH": "30", + "w": "30", + "h": "30", + "x": "214", + "y": "554", + "properties": { + "controlName": "check:max-retry-jail" + }, + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "TextArea", + "zOrder": "0", + "w": "30", + "h": "30", + "measuredW": "200", + "measuredH": "140", + "x": "0", + "y": "0" + } + ] + } + } + }, + { + "ID": "32", + "typeID": "__group__", + "zOrder": "32", + "measuredW": "378", + "measuredH": "28", + "w": "378", + "h": "28", + "x": "260", + "y": "555", + "properties": { + "controlName": "max-retry-jail" + }, + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "Label", + "zOrder": "0", + "measuredW": "378", + "measuredH": "28", + "x": "0", + "y": "0", + "properties": { + "size": "20", + "text": " Use `Max Retry’ and jail features in Login." + } + } + ] + } + } + }, + { + "ID": "33", + "typeID": "__group__", + "zOrder": "33", + "measuredW": "30", + "measuredH": "30", + "w": "30", + "h": "30", + "x": "215", + "y": "595", + "properties": { + "controlName": "check:sensitive-data-encryption" + }, + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "TextArea", + "zOrder": "0", + "w": "30", + "h": "30", + "measuredW": "200", + "measuredH": "140", + "x": "0", + "y": "0" + } + ] + } + } + }, + { + "ID": "34", + "typeID": "__group__", + "zOrder": "34", + "measuredW": "325", + "measuredH": "28", + "w": "325", + "h": "28", + "x": "261", + "y": "596", + "properties": { + "controlName": "sensitive-data-encryption" + }, + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "Label", + "zOrder": "0", + "measuredW": "325", + "measuredH": "28", + "x": "0", + "y": "0", + "properties": { + "size": "20", + "text": "Use encryption on all sensitive data." + } + } + ] + } + } + }, + { + "ID": "35", + "typeID": "Arrow", + "zOrder": "35", + "w": "653", + "h": "1", + "measuredW": "150", + "measuredH": "100", + "x": "814", + "y": "413", + "properties": { + "curvature": "0", + "leftArrow": "false", + "rightArrow": "false", + "color": "4273622", + "p0": { + "x": 0, + "y": 0 + }, + "p1": { + "x": 0.4999449522687745, + "y": 0.0003335799224988863 + }, + "p2": { + "x": 652.5, + "y": 0 + } + } + }, + { + "ID": "36", + "typeID": "Canvas", + "zOrder": "36", + "w": "281", + "h": "50", + "measuredW": "100", + "measuredH": "70", + "x": "1000", + "y": "388", + "properties": { + "color": "16776960" + } + }, + { + "ID": "37", + "typeID": "Label", + "zOrder": "37", + "measuredW": "218", + "measuredH": "28", + "x": "1032", + "y": "399", + "properties": { + "size": "20", + "text": "JWT (JSON Web Token)" + } + }, + { + "ID": "38", + "typeID": "__group__", + "zOrder": "38", + "measuredW": "30", + "measuredH": "30", + "w": "30", + "h": "30", + "x": "860", + "y": "469", + "properties": { + "controlName": "check:good-jwt-secret" + }, + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "TextArea", + "zOrder": "0", + "w": "30", + "h": "30", + "measuredW": "200", + "measuredH": "140", + "x": "0", + "y": "0" + } + ] + } + } + }, + { + "ID": "39", + "typeID": "__group__", + "zOrder": "39", + "measuredW": "527", + "measuredH": "28", + "w": "527", + "h": "28", + "x": "906", + "y": "471", + "properties": { + "controlName": "good-jwt-secret" + }, + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "Label", + "zOrder": "0", + "measuredW": "527", + "measuredH": "28", + "x": "0", + "y": "0", + "properties": { + "size": "20", + "text": "Use good `JWT Secret` to make brute force attacks difficult" + } + } + ] + } + } + }, + { + "ID": "40", + "typeID": "__group__", + "zOrder": "40", + "measuredW": "30", + "measuredH": "30", + "w": "30", + "h": "30", + "x": "861", + "y": "512", + "properties": { + "controlName": "check:jwt-algorithm" + }, + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "TextArea", + "zOrder": "0", + "w": "30", + "h": "30", + "measuredW": "200", + "measuredH": "140", + "x": "0", + "y": "0" + } + ] + } + } + }, + { + "ID": "41", + "typeID": "__group__", + "zOrder": "41", + "measuredW": "526", + "measuredH": "28", + "w": "526", + "h": "28", + "x": "907", + "y": "513", + "properties": { + "controlName": "jwt-algorithm" + }, + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "Label", + "zOrder": "0", + "measuredW": "526", + "measuredH": "28", + "x": "0", + "y": "0", + "properties": { + "size": "20", + "text": "Do not extract the algorithm from the header, use backend" + } + } + ] + } + } + }, + { + "ID": "42", + "typeID": "__group__", + "zOrder": "42", + "measuredW": "30", + "measuredH": "30", + "w": "30", + "h": "30", + "x": "861", + "y": "553", + "properties": { + "controlName": "check:token-expiry" + }, + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "TextArea", + "zOrder": "0", + "w": "30", + "h": "30", + "measuredW": "200", + "measuredH": "140", + "x": "0", + "y": "0" + } + ] + } + } + }, + { + "ID": "43", + "typeID": "__group__", + "zOrder": "43", + "measuredW": "499", + "measuredH": "28", + "w": "499", + "h": "28", + "x": "907", + "y": "554", + "properties": { + "controlName": "token-expiry" + }, + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "Label", + "zOrder": "0", + "measuredW": "499", + "measuredH": "28", + "x": "0", + "y": "0", + "properties": { + "size": "20", + "text": "Make token expiration (TTL, RTTL) as short as possible" + } + } + ] + } + } + }, + { + "ID": "44", + "typeID": "__group__", + "zOrder": "44", + "measuredW": "30", + "measuredH": "30", + "w": "30", + "h": "30", + "x": "861", + "y": "594", + "properties": { + "controlName": "check:jwt-payload" + }, + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "TextArea", + "zOrder": "0", + "w": "30", + "h": "30", + "measuredW": "200", + "measuredH": "140", + "x": "0", + "y": "0" + } + ] + } + } + }, + { + "ID": "45", + "typeID": "__group__", + "zOrder": "45", + "measuredW": "389", + "measuredH": "28", + "w": "389", + "h": "28", + "x": "907", + "y": "595", + "properties": { + "controlName": "jwt-payload" + }, + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "Label", + "zOrder": "0", + "measuredW": "389", + "measuredH": "28", + "x": "0", + "y": "0", + "properties": { + "size": "20", + "text": "Avoid storing sensitive data in JWT payload" + } + } + ] + } + } + }, + { + "ID": "46", + "typeID": "__group__", + "zOrder": "46", + "measuredW": "30", + "measuredH": "30", + "w": "30", + "h": "30", + "x": "861", + "y": "635", + "properties": { + "controlName": "check:payload-size" + }, + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "TextArea", + "zOrder": "0", + "w": "30", + "h": "30", + "measuredW": "200", + "measuredH": "140", + "x": "0", + "y": "0" + } + ] + } + } + }, + { + "ID": "47", + "typeID": "__group__", + "zOrder": "47", + "measuredW": "536", + "measuredH": "28", + "w": "536", + "h": "28", + "x": "907", + "y": "636", + "properties": { + "controlName": "payload-size" + }, + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "Label", + "zOrder": "0", + "measuredW": "536", + "measuredH": "28", + "x": "0", + "y": "0", + "properties": { + "size": "20", + "text": "Keep the payload small to reduce the size of the JWT token" + } + } + ] + } + } + }, + { + "ID": "48", + "typeID": "Arrow", + "zOrder": "48", + "w": "620", + "h": "1", + "measuredW": "150", + "measuredH": "100", + "x": "193", + "y": "708", + "properties": { + "curvature": "0", + "leftArrow": "false", + "rightArrow": "false", + "color": "4273622", + "p0": { + "x": 0.23125640404211367, + "y": 0 + }, + "p1": { + "x": 0.49994495226877456, + "y": 0.0003335799224988863 + }, + "p2": { + "x": 620.5, + "y": 0 + } + } + }, + { + "ID": "49", + "typeID": "Canvas", + "zOrder": "49", + "w": "264", + "h": "50", + "measuredW": "100", + "measuredH": "70", + "x": "357", + "y": "683", + "properties": { + "color": "16776960" + } + }, + { + "ID": "50", + "typeID": "Label", + "zOrder": "50", + "measuredW": "136", + "measuredH": "28", + "x": "421", + "y": "694", + "properties": { + "size": "20", + "text": "Access Control" + } + }, + { + "ID": "51", + "typeID": "__group__", + "zOrder": "51", + "measuredW": "30", + "measuredH": "30", + "w": "30", + "h": "30", + "x": "216", + "y": "779", + "properties": { + "controlName": "check:throttle-requests" + }, + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "TextArea", + "zOrder": "0", + "w": "30", + "h": "30", + "measuredW": "200", + "measuredH": "140", + "x": "0", + "y": "0" + } + ] + } + } + }, + { + "ID": "52", + "typeID": "__group__", + "zOrder": "52", + "measuredW": "489", + "measuredH": "28", + "w": "489", + "h": "28", + "x": "262", + "y": "781", + "properties": { + "controlName": "throttle-requests" + }, + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "Label", + "zOrder": "0", + "measuredW": "489", + "measuredH": "28", + "x": "0", + "y": "0", + "properties": { + "size": "20", + "text": "Limit requests (throttling) to avoid DDoS / Brute Force" + } + } + ] + } + } + }, + { + "ID": "53", + "typeID": "__group__", + "zOrder": "53", + "measuredW": "30", + "measuredH": "30", + "w": "30", + "h": "30", + "x": "216", + "y": "820", + "properties": { + "controlName": "check:use-https" + }, + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "TextArea", + "zOrder": "0", + "w": "30", + "h": "30", + "measuredW": "200", + "measuredH": "140", + "x": "0", + "y": "0" + } + ] + } + } + }, + { + "ID": "54", + "typeID": "__group__", + "zOrder": "54", + "measuredW": "419", + "measuredH": "28", + "w": "419", + "h": "28", + "x": "262", + "y": "822", + "properties": { + "controlName": "use-https" + }, + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "Label", + "zOrder": "0", + "measuredW": "419", + "measuredH": "28", + "x": "0", + "y": "0", + "properties": { + "size": "20", + "text": "Use HTTPS on server side and secure ciphers" + } + } + ] + } + } + }, + { + "ID": "55", + "typeID": "__group__", + "zOrder": "55", + "measuredW": "30", + "measuredH": "30", + "w": "30", + "h": "30", + "x": "216", + "y": "862", + "properties": { + "controlName": "check:hsts-header" + }, + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "TextArea", + "zOrder": "0", + "w": "30", + "h": "30", + "measuredW": "200", + "measuredH": "140", + "x": "0", + "y": "0" + } + ] + } + } + }, + { + "ID": "56", + "typeID": "__group__", + "zOrder": "56", + "measuredW": "482", + "measuredH": "28", + "w": "482", + "h": "28", + "x": "262", + "y": "864", + "properties": { + "controlName": "hsts-header" + }, + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "Label", + "zOrder": "0", + "measuredW": "482", + "measuredH": "28", + "x": "0", + "y": "0", + "properties": { + "size": "20", + "text": "Use HSTS header with SSL to avoid SSL Strip attacks." + } + } + ] + } + } + }, + { + "ID": "57", + "typeID": "__group__", + "zOrder": "57", + "measuredW": "30", + "measuredH": "30", + "w": "30", + "h": "30", + "x": "216", + "y": "903", + "properties": { + "controlName": "check:directory-listings" + }, + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "TextArea", + "zOrder": "0", + "w": "30", + "h": "30", + "measuredW": "200", + "measuredH": "140", + "x": "0", + "y": "0" + } + ] + } + } + }, + { + "ID": "58", + "typeID": "__group__", + "zOrder": "58", + "measuredW": "220", + "measuredH": "28", + "w": "220", + "h": "28", + "x": "262", + "y": "905", + "properties": { + "controlName": "directory-listings" + }, + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "Label", + "zOrder": "0", + "measuredW": "220", + "measuredH": "28", + "x": "0", + "y": "0", + "properties": { + "size": "20", + "text": "Turn off directory listings" + } + } + ] + } + } + }, + { + "ID": "59", + "typeID": "__group__", + "zOrder": "59", + "measuredW": "30", + "measuredH": "30", + "w": "30", + "h": "30", + "x": "216", + "y": "945", + "properties": { + "controlName": "check:restrict-private-apis" + }, + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "TextArea", + "zOrder": "0", + "w": "30", + "h": "30", + "measuredW": "200", + "measuredH": "140", + "x": "0", + "y": "0" + } + ] + } + } + }, + { + "ID": "60", + "typeID": "__group__", + "zOrder": "60", + "measuredW": "480", + "measuredH": "28", + "w": "480", + "h": "28", + "x": "262", + "y": "947", + "properties": { + "controlName": "restrict-private-apis" + }, + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "Label", + "zOrder": "0", + "measuredW": "480", + "measuredH": "28", + "x": "0", + "y": "0", + "properties": { + "size": "20", + "text": "Private APIs to be only accessible from safe listed IPs" + } + } + ] + } + } + }, + { + "ID": "61", + "typeID": "__group__", + "zOrder": "61", + "measuredW": "30", + "measuredH": "30", + "w": "30", + "h": "30", + "x": "861", + "y": "765", + "properties": { + "controlName": "check:oauth-redirect-ui" + }, + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "TextArea", + "zOrder": "0", + "w": "30", + "h": "30", + "measuredW": "200", + "measuredH": "140", + "x": "0", + "y": "0" + } + ] + } + } + }, + { + "ID": "62", + "typeID": "__group__", + "zOrder": "62", + "measuredW": "391", + "measuredH": "28", + "w": "391", + "h": "28", + "x": "907", + "y": "766", + "properties": { + "controlName": "oauth-redirect-ui" + }, + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "Label", + "zOrder": "0", + "measuredW": "391", + "measuredH": "28", + "x": "0", + "y": "0", + "properties": { + "size": "20", + "text": "Always validate `redirect_uri’ on server-side" + } + } + ] + } + } + }, + { + "ID": "63", + "typeID": "__group__", + "zOrder": "63", + "measuredW": "30", + "measuredH": "30", + "w": "30", + "h": "30", + "x": "861", + "y": "806", + "properties": { + "controlName": "check:response-type-token" + }, + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "TextArea", + "zOrder": "0", + "w": "30", + "h": "30", + "measuredW": "200", + "measuredH": "140", + "x": "0", + "y": "0" + } + ] + } + } + }, + { + "ID": "64", + "typeID": "__group__", + "zOrder": "64", + "measuredW": "524", + "measuredH": "28", + "w": "524", + "h": "28", + "x": "907", + "y": "807", + "properties": { + "controlName": "response-type-token" + }, + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "Label", + "zOrder": "0", + "measuredW": "524", + "measuredH": "28", + "x": "0", + "y": "0", + "properties": { + "size": "20", + "text": "Avoid `response_type=token’ and try to exchange for code" + } + } + ] + } + } + }, + { + "ID": "65", + "typeID": "__group__", + "zOrder": "65", + "measuredW": "30", + "measuredH": "30", + "w": "30", + "h": "30", + "x": "861", + "y": "846", + "properties": { + "controlName": "check:oauth-state" + }, + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "TextArea", + "zOrder": "0", + "w": "30", + "h": "30", + "measuredW": "200", + "measuredH": "140", + "x": "0", + "y": "0" + } + ] + } + } + }, + { + "ID": "66", + "typeID": "__group__", + "zOrder": "66", + "measuredW": "420", + "measuredH": "28", + "w": "420", + "h": "28", + "x": "907", + "y": "847", + "properties": { + "controlName": "oauth-state" + }, + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "Label", + "zOrder": "0", + "measuredW": "420", + "measuredH": "28", + "x": "0", + "y": "0", + "properties": { + "size": "20", + "text": "Use `state’ parameter to prevent CSRF attacks" + } + } + ] + } + } + }, + { + "ID": "67", + "typeID": "__group__", + "zOrder": "67", + "measuredW": "30", + "measuredH": "30", + "w": "30", + "h": "30", + "x": "861", + "y": "886", + "properties": { + "controlName": "check:oauth-validate-scope" + }, + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "TextArea", + "zOrder": "0", + "w": "30", + "h": "30", + "measuredW": "200", + "measuredH": "140", + "x": "0", + "y": "0" + } + ] + } + } + }, + { + "ID": "68", + "typeID": "__group__", + "zOrder": "68", + "measuredW": "539", + "measuredH": "28", + "w": "539", + "h": "28", + "x": "907", + "y": "887", + "properties": { + "controlName": "oauth-validate-scope" + }, + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "Label", + "zOrder": "0", + "measuredW": "539", + "measuredH": "28", + "x": "0", + "y": "0", + "properties": { + "size": "20", + "text": "Have default scope, and validate scope for each application" + } + } + ] + } + } + }, + { + "ID": "69", + "typeID": "Arrow", + "zOrder": "69", + "w": "620", + "h": "1", + "measuredW": "150", + "measuredH": "100", + "x": "193", + "y": "1046", + "properties": { + "curvature": "0", + "leftArrow": "false", + "rightArrow": "false", + "color": "4273622", + "p0": { + "x": 0.23125640404211367, + "y": 0 + }, + "p1": { + "x": 0.49994495226877456, + "y": 0.0003335799224988863 + }, + "p2": { + "x": 620.5, + "y": 0 + } + } + }, + { + "ID": "70", + "typeID": "Canvas", + "zOrder": "70", + "w": "264", + "h": "50", + "measuredW": "100", + "measuredH": "70", + "x": "357", + "y": "1021", + "properties": { + "color": "16776960" + } + }, + { + "ID": "71", + "typeID": "Label", + "zOrder": "71", + "measuredW": "47", + "measuredH": "28", + "x": "465", + "y": "1032", + "properties": { + "size": "20", + "text": "Input" + } + }, + { + "ID": "72", + "typeID": "__group__", + "zOrder": "72", + "measuredW": "30", + "measuredH": "30", + "w": "30", + "h": "30", + "x": "214", + "y": "1103", + "properties": { + "controlName": "check:proper-http-methods" + }, + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "TextArea", + "zOrder": "0", + "w": "30", + "h": "30", + "measuredW": "200", + "measuredH": "140", + "x": "0", + "y": "0" + } + ] + } + } + }, + { + "ID": "73", + "typeID": "__group__", + "zOrder": "73", + "measuredW": "399", + "measuredH": "28", + "w": "399", + "h": "28", + "x": "261", + "y": "1105", + "properties": { + "controlName": "proper-http-methods" + }, + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "Label", + "zOrder": "0", + "measuredW": "399", + "measuredH": "28", + "x": "0", + "y": "0", + "properties": { + "size": "20", + "text": "Use proper HTTP methods for the operation" + } + } + ] + } + } + }, + { + "ID": "74", + "typeID": "__group__", + "zOrder": "74", + "measuredW": "30", + "measuredH": "30", + "w": "30", + "h": "30", + "x": "214", + "y": "1146", + "properties": { + "controlName": "check:validate-content-type" + }, + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "TextArea", + "zOrder": "0", + "w": "30", + "h": "30", + "measuredW": "200", + "measuredH": "140", + "x": "0", + "y": "0" + } + ] + } + } + }, + { + "ID": "75", + "typeID": "__group__", + "zOrder": "75", + "measuredW": "373", + "measuredH": "28", + "w": "373", + "h": "28", + "x": "261", + "y": "1148", + "properties": { + "controlName": "validate-content-type" + }, + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "Label", + "zOrder": "0", + "measuredW": "373", + "measuredH": "28", + "x": "0", + "y": "0", + "properties": { + "size": "20", + "text": "Validate `content-type` on request header" + } + } + ] + } + } + }, + { + "ID": "76", + "typeID": "__group__", + "zOrder": "76", + "measuredW": "30", + "measuredH": "30", + "w": "30", + "h": "30", + "x": "215", + "y": "1186", + "properties": { + "controlName": "check:validate-user-input" + }, + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "TextArea", + "zOrder": "0", + "w": "30", + "h": "30", + "measuredW": "200", + "measuredH": "140", + "x": "0", + "y": "0" + } + ] + } + } + }, + { + "ID": "77", + "typeID": "__group__", + "zOrder": "77", + "measuredW": "457", + "measuredH": "28", + "w": "457", + "h": "28", + "x": "261", + "y": "1188", + "properties": { + "controlName": "validate-user-input" + }, + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "Label", + "zOrder": "0", + "measuredW": "457", + "measuredH": "28", + "x": "0", + "y": "0", + "properties": { + "size": "20", + "text": "Validate user input to avoid common vulnerabilities" + } + } + ] + } + } + }, + { + "ID": "78", + "typeID": "__group__", + "zOrder": "78", + "measuredW": "30", + "measuredH": "30", + "w": "30", + "h": "30", + "x": "215", + "y": "1224", + "properties": { + "controlName": "check:authorization-header" + }, + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "TextArea", + "zOrder": "0", + "w": "30", + "h": "30", + "measuredW": "200", + "measuredH": "140", + "x": "0", + "y": "0" + } + ] + } + } + }, + { + "ID": "79", + "typeID": "__group__", + "zOrder": "79", + "measuredW": "474", + "measuredH": "28", + "w": "474", + "h": "28", + "x": "261", + "y": "1226", + "properties": { + "controlName": "authorization-header" + }, + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "Label", + "zOrder": "0", + "measuredW": "474", + "measuredH": "28", + "x": "0", + "y": "0", + "properties": { + "size": "20", + "text": "Use standard Authorization header for sensitive data" + } + } + ] + } + } + }, + { + "ID": "80", + "typeID": "__group__", + "zOrder": "80", + "measuredW": "30", + "measuredH": "30", + "w": "30", + "h": "30", + "x": "216", + "y": "1263", + "properties": { + "controlName": "check:only-server-side-encryption" + }, + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "TextArea", + "zOrder": "0", + "w": "30", + "h": "30", + "measuredW": "200", + "measuredH": "140", + "x": "0", + "y": "0" + } + ] + } + } + }, + { + "ID": "81", + "typeID": "__group__", + "zOrder": "81", + "measuredW": "285", + "measuredH": "28", + "w": "285", + "h": "28", + "x": "261", + "y": "1265", + "properties": { + "controlName": "only-server-side-encryption" + }, + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "Label", + "zOrder": "0", + "measuredW": "285", + "measuredH": "28", + "x": "0", + "y": "0", + "properties": { + "size": "20", + "text": "Use only server-side encryption" + } + } + ] + } + } + }, + { + "ID": "82", + "typeID": "__group__", + "zOrder": "82", + "measuredW": "30", + "measuredH": "30", + "w": "30", + "h": "30", + "x": "216", + "y": "1305", + "properties": { + "controlName": "check:api-gateway" + }, + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "TextArea", + "zOrder": "0", + "w": "30", + "h": "30", + "measuredW": "200", + "measuredH": "140", + "x": "0", + "y": "0" + } + ] + } + } + }, + { + "ID": "83", + "typeID": "__group__", + "zOrder": "83", + "measuredW": "499", + "measuredH": "28", + "w": "499", + "h": "28", + "x": "261", + "y": "1307", + "properties": { + "controlName": "api-gateway" + }, + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "Label", + "zOrder": "0", + "measuredW": "499", + "measuredH": "28", + "x": "0", + "y": "0", + "properties": { + "size": "20", + "text": "Use an API Gateway for caching, Rate Limit policies etc" + } + } + ] + } + } + }, + { + "ID": "84", + "typeID": "Arrow", + "zOrder": "84", + "w": "726", + "h": "1", + "measuredW": "150", + "measuredH": "100", + "x": "816", + "y": "978", + "properties": { + "curvature": "0", + "leftArrow": "false", + "rightArrow": "false", + "color": "4273622", + "p0": { + "x": -0.2686368305519409, + "y": 0 + }, + "p1": { + "x": 0.5001077701859017, + "y": 0.0003391382343339101 + }, + "p2": { + "x": 725.5310311167375, + "y": 0 + } + } + }, + { + "ID": "85", + "typeID": "Canvas", + "zOrder": "85", + "w": "252", + "h": "50", + "measuredW": "100", + "measuredH": "70", + "x": "1015", + "y": "953", + "properties": { + "color": "16776960" + } + }, + { + "ID": "86", + "typeID": "Label", + "zOrder": "86", + "measuredW": "101", + "measuredH": "28", + "x": "1090", + "y": "964", + "properties": { + "size": "20", + "text": "Processing" + } + }, + { + "ID": "87", + "typeID": "__group__", + "zOrder": "87", + "measuredW": "30", + "measuredH": "30", + "w": "30", + "h": "30", + "x": "861", + "y": "1035", + "properties": { + "controlName": "check:endpoint-authentication" + }, + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "TextArea", + "zOrder": "0", + "w": "30", + "h": "30", + "measuredW": "200", + "measuredH": "140", + "x": "0", + "y": "0" + } + ] + } + } + }, + { + "ID": "88", + "typeID": "__group__", + "zOrder": "88", + "measuredW": "559", + "measuredH": "61", + "w": "559", + "h": "61", + "x": "907", + "y": "1036", + "properties": { + "controlName": "endpoint-authentication" + }, + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "Label", + "zOrder": "0", + "measuredW": "559", + "measuredH": "28", + "x": "0", + "y": "0", + "properties": { + "size": "20", + "text": "Check if all the endpoints are protected behind authentication" + } + }, + { + "ID": "1", + "typeID": "Label", + "zOrder": "1", + "measuredW": "351", + "measuredH": "28", + "x": "0", + "y": "33", + "properties": { + "size": "20", + "text": "to avoid broken authentication process" + } + } + ] + } + } + }, + { + "ID": "89", + "typeID": "__group__", + "zOrder": "89", + "measuredW": "30", + "measuredH": "30", + "w": "30", + "h": "30", + "x": "861", + "y": "1105", + "properties": { + "controlName": "check:avoid-personal-id-urls" + }, + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "TextArea", + "zOrder": "0", + "w": "30", + "h": "30", + "measuredW": "200", + "measuredH": "140", + "x": "0", + "y": "0" + } + ] + } + } + }, + { + "ID": "90", + "typeID": "__group__", + "zOrder": "90", + "measuredW": "618", + "measuredH": "28", + "w": "618", + "h": "28", + "x": "907", + "y": "1108", + "properties": { + "controlName": "avoid-personal-id-urls" + }, + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "Label", + "zOrder": "0", + "measuredW": "618", + "measuredH": "28", + "x": "0", + "y": "0", + "properties": { + "size": "20", + "text": "Avoid user’s personal ID in the resource URLs e.g. {color:blue}users/242/orders{color}" + } + } + ] + } + } + }, + { + "ID": "91", + "typeID": "__group__", + "zOrder": "91", + "measuredW": "30", + "measuredH": "30", + "w": "30", + "h": "30", + "x": "861", + "y": "1149", + "properties": { + "controlName": "check:prefer-uuid" + }, + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "TextArea", + "zOrder": "0", + "w": "30", + "h": "30", + "measuredW": "200", + "measuredH": "140", + "x": "0", + "y": "0" + } + ] + } + } + }, + { + "ID": "92", + "typeID": "__group__", + "zOrder": "92", + "measuredW": "390", + "measuredH": "28", + "w": "390", + "h": "28", + "x": "907", + "y": "1152", + "properties": { + "controlName": "prefer-uuid" + }, + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "Label", + "zOrder": "0", + "measuredW": "390", + "measuredH": "28", + "x": "0", + "y": "0", + "properties": { + "size": "20", + "text": "Prefer using UUID over auto-increment IDs" + } + } + ] + } + } + }, + { + "ID": "93", + "typeID": "__group__", + "zOrder": "93", + "measuredW": "30", + "measuredH": "30", + "w": "30", + "h": "30", + "x": "861", + "y": "1191", + "properties": { + "controlName": "check:disable-entity-parsing-xml" + }, + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "TextArea", + "zOrder": "0", + "w": "30", + "h": "30", + "measuredW": "200", + "measuredH": "140", + "x": "0", + "y": "0" + } + ] + } + } + }, + { + "ID": "94", + "typeID": "__group__", + "zOrder": "94", + "measuredW": "586", + "measuredH": "28", + "w": "586", + "h": "28", + "x": "907", + "y": "1194", + "properties": { + "controlName": "disable-entity-parsing-xml" + }, + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "Label", + "zOrder": "0", + "measuredW": "586", + "measuredH": "28", + "x": "0", + "y": "0", + "properties": { + "size": "20", + "text": "Disable entity parsing if you are parsing XML to avoid XXE attacks" + } + } + ] + } + } + }, + { + "ID": "95", + "typeID": "__group__", + "zOrder": "95", + "measuredW": "30", + "measuredH": "30", + "w": "30", + "h": "30", + "x": "861", + "y": "1233", + "properties": { + "controlName": "check:disable-entity-expansion" + }, + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "TextArea", + "zOrder": "0", + "w": "30", + "h": "30", + "measuredW": "200", + "measuredH": "140", + "x": "0", + "y": "0" + } + ] + } + } + }, + { + "ID": "96", + "typeID": "__group__", + "zOrder": "96", + "measuredW": "584", + "measuredH": "28", + "w": "584", + "h": "28", + "x": "907", + "y": "1234", + "properties": { + "controlName": "disable-entity-expansion" + }, + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "Label", + "zOrder": "0", + "measuredW": "584", + "measuredH": "28", + "x": "0", + "y": "0", + "properties": { + "size": "20", + "text": "Disable entity expansion if using XML, YML or any other language" + } + } + ] + } + } + }, + { + "ID": "97", + "typeID": "__group__", + "zOrder": "97", + "measuredW": "30", + "measuredH": "30", + "w": "30", + "h": "30", + "x": "861", + "y": "1275", + "properties": { + "controlName": "check:cdn-for-file-uploads" + }, + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "TextArea", + "zOrder": "0", + "w": "30", + "h": "30", + "measuredW": "200", + "measuredH": "140", + "x": "0", + "y": "0" + } + ] + } + } + }, + { + "ID": "98", + "typeID": "__group__", + "zOrder": "98", + "measuredW": "223", + "measuredH": "28", + "w": "223", + "h": "28", + "x": "907", + "y": "1276", + "properties": { + "controlName": "cdn-for-file-uploads" + }, + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "Label", + "zOrder": "0", + "measuredW": "223", + "measuredH": "28", + "x": "0", + "y": "0", + "properties": { + "size": "20", + "text": "Use CDN for file uploads" + } + } + ] + } + } + }, + { + "ID": "99", + "typeID": "__group__", + "zOrder": "99", + "measuredW": "30", + "measuredH": "30", + "w": "30", + "h": "30", + "x": "861", + "y": "1316", + "properties": { + "controlName": "check:avoid-http-blocking" + }, + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "TextArea", + "zOrder": "0", + "w": "30", + "h": "30", + "measuredW": "200", + "measuredH": "140", + "x": "0", + "y": "0" + } + ] + } + } + }, + { + "ID": "100", + "typeID": "__group__", + "zOrder": "100", + "measuredW": "520", + "measuredH": "28", + "w": "520", + "h": "28", + "x": "907", + "y": "1317", + "properties": { + "controlName": "avoid-http-blocking" + }, + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "Label", + "zOrder": "0", + "measuredW": "520", + "measuredH": "28", + "x": "0", + "y": "0", + "properties": { + "size": "20", + "text": "Avoid HTTP blocking if you are using huge amount of data" + } + } + ] + } + } + }, + { + "ID": "101", + "typeID": "__group__", + "zOrder": "101", + "measuredW": "30", + "measuredH": "30", + "w": "30", + "h": "30", + "x": "861", + "y": "1358", + "properties": { + "controlName": "check:debug-mode-off" + }, + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "TextArea", + "zOrder": "0", + "w": "30", + "h": "30", + "measuredW": "200", + "measuredH": "140", + "x": "0", + "y": "0" + } + ] + } + } + }, + { + "ID": "102", + "typeID": "__group__", + "zOrder": "102", + "measuredW": "464", + "measuredH": "28", + "w": "464", + "h": "28", + "x": "907", + "y": "1359", + "properties": { + "controlName": "debug-mode-off" + }, + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "Label", + "zOrder": "0", + "measuredW": "464", + "measuredH": "28", + "x": "0", + "y": "0", + "properties": { + "size": "20", + "text": "Make sure to turn the debug mode off in production" + } + } + ] + } + } + }, + { + "ID": "103", + "typeID": "__group__", + "zOrder": "103", + "measuredW": "30", + "measuredH": "30", + "w": "30", + "h": "30", + "x": "861", + "y": "1400", + "properties": { + "controlName": "check:non-executable-stacks" + }, + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "TextArea", + "zOrder": "0", + "w": "30", + "h": "30", + "measuredW": "200", + "measuredH": "140", + "x": "0", + "y": "0" + } + ] + } + } + }, + { + "ID": "104", + "typeID": "__group__", + "zOrder": "104", + "measuredW": "386", + "measuredH": "28", + "w": "386", + "h": "28", + "x": "907", + "y": "1401", + "properties": { + "controlName": "non-executable-stacks" + }, + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "Label", + "zOrder": "0", + "measuredW": "386", + "measuredH": "28", + "x": "0", + "y": "0", + "properties": { + "size": "20", + "text": "Use non-executable stacks when available." + } + } + ] + } + } + }, + { + "ID": "105", + "typeID": "Arrow", + "zOrder": "105", + "w": "620", + "h": "1", + "measuredW": "150", + "measuredH": "100", + "x": "193", + "y": "1410", + "properties": { + "curvature": "0", + "leftArrow": "false", + "rightArrow": "false", + "color": "4273622", + "p0": { + "x": 0.23125640404211367, + "y": 0 + }, + "p1": { + "x": 0.49994495226877456, + "y": 0.0003335799224988863 + }, + "p2": { + "x": 620.5, + "y": 0 + } + } + }, + { + "ID": "106", + "typeID": "Canvas", + "zOrder": "106", + "w": "264", + "h": "50", + "measuredW": "100", + "measuredH": "70", + "x": "357", + "y": "1385", + "properties": { + "color": "16776960" + } + }, + { + "ID": "107", + "typeID": "Label", + "zOrder": "107", + "measuredW": "62", + "measuredH": "28", + "x": "458", + "y": "1396", + "properties": { + "size": "20", + "text": "Output" + } + }, + { + "ID": "108", + "typeID": "__group__", + "zOrder": "108", + "measuredW": "30", + "measuredH": "30", + "w": "30", + "h": "30", + "x": "196", + "y": "1467", + "properties": { + "controlName": "check:no-sniff-header" + }, + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "TextArea", + "zOrder": "0", + "w": "30", + "h": "30", + "measuredW": "200", + "measuredH": "140", + "x": "0", + "y": "0" + } + ] + } + } + }, + { + "ID": "109", + "typeID": "__group__", + "zOrder": "109", + "measuredW": "416", + "measuredH": "28", + "w": "416", + "h": "28", + "x": "243", + "y": "1469", + "properties": { + "controlName": "no-sniff-header" + }, + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "Label", + "zOrder": "0", + "measuredW": "416", + "measuredH": "28", + "x": "0", + "y": "0", + "properties": { + "size": "20", + "text": "Send `X-Content-Type-Options: nosniff` header" + } + } + ] + } + } + }, + { + "ID": "110", + "typeID": "__group__", + "zOrder": "110", + "measuredW": "30", + "measuredH": "30", + "w": "30", + "h": "30", + "x": "196", + "y": "1508", + "properties": { + "controlName": "check:x-frame-options-deny" + }, + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "TextArea", + "zOrder": "0", + "w": "30", + "h": "30", + "measuredW": "200", + "measuredH": "140", + "x": "0", + "y": "0" + } + ] + } + } + }, + { + "ID": "111", + "typeID": "__group__", + "zOrder": "111", + "measuredW": "341", + "measuredH": "28", + "w": "341", + "h": "28", + "x": "243", + "y": "1510", + "properties": { + "controlName": "x-frame-options-deny" + }, + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "Label", + "zOrder": "0", + "measuredW": "341", + "measuredH": "28", + "x": "0", + "y": "0", + "properties": { + "size": "20", + "text": "Send `X-Frame-Options: deny` header." + } + } + ] + } + } + }, + { + "ID": "112", + "typeID": "__group__", + "zOrder": "112", + "measuredW": "30", + "measuredH": "30", + "w": "30", + "h": "30", + "x": "196", + "y": "1549", + "properties": { + "controlName": "check:csp-header" + }, + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "TextArea", + "zOrder": "0", + "w": "30", + "h": "30", + "measuredW": "200", + "measuredH": "140", + "x": "0", + "y": "0" + } + ] + } + } + }, + { + "ID": "113", + "typeID": "__group__", + "zOrder": "113", + "measuredW": "511", + "measuredH": "28", + "w": "511", + "h": "28", + "x": "243", + "y": "1551", + "properties": { + "controlName": "csp-header" + }, + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "Label", + "zOrder": "0", + "measuredW": "511", + "measuredH": "28", + "x": "0", + "y": "0", + "properties": { + "size": "20", + "text": "Send `Content-Security-Policy: default-src 'none'` header." + } + } + ] + } + } + }, + { + "ID": "114", + "typeID": "__group__", + "zOrder": "114", + "measuredW": "30", + "measuredH": "30", + "w": "30", + "h": "30", + "x": "196", + "y": "1590", + "properties": { + "controlName": "check:remove-fingerprint-header" + }, + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "TextArea", + "zOrder": "0", + "w": "30", + "h": "30", + "measuredW": "200", + "measuredH": "140", + "x": "0", + "y": "0" + } + ] + } + } + }, + { + "ID": "115", + "typeID": "__group__", + "zOrder": "115", + "measuredW": "485", + "measuredH": "28", + "w": "485", + "h": "28", + "x": "243", + "y": "1592", + "properties": { + "controlName": "remove-fingerprint-header" + }, + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "Label", + "zOrder": "0", + "measuredW": "485", + "measuredH": "28", + "x": "0", + "y": "0", + "properties": { + "size": "20", + "text": "Remove fingerprinting headers (i.e. x-powered-by etc)" + } + } + ] + } + } + }, + { + "ID": "116", + "typeID": "__group__", + "zOrder": "116", + "measuredW": "30", + "measuredH": "30", + "w": "30", + "h": "30", + "x": "196", + "y": "1631", + "properties": { + "controlName": "check:force-content-type" + }, + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "TextArea", + "zOrder": "0", + "w": "30", + "h": "30", + "measuredW": "200", + "measuredH": "140", + "x": "0", + "y": "0" + } + ] + } + } + }, + { + "ID": "117", + "typeID": "__group__", + "zOrder": "117", + "measuredW": "345", + "measuredH": "28", + "w": "345", + "h": "28", + "x": "243", + "y": "1633", + "properties": { + "controlName": "force-content-type" + }, + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "Label", + "zOrder": "0", + "measuredW": "345", + "measuredH": "28", + "x": "0", + "y": "0", + "properties": { + "size": "20", + "text": "Force `content-type` for your response." + } + } + ] + } + } + }, + { + "ID": "118", + "typeID": "__group__", + "zOrder": "118", + "measuredW": "30", + "measuredH": "30", + "w": "30", + "h": "30", + "x": "196", + "y": "1672", + "properties": { + "controlName": "check:avoid-sensitive-data" + }, + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "TextArea", + "zOrder": "0", + "w": "30", + "h": "30", + "measuredW": "200", + "measuredH": "140", + "x": "0", + "y": "0" + } + ] + } + } + }, + { + "ID": "119", + "typeID": "__group__", + "zOrder": "119", + "measuredW": "531", + "measuredH": "28", + "w": "531", + "h": "28", + "x": "243", + "y": "1674", + "properties": { + "controlName": "avoid-sensitive-data" + }, + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "Label", + "zOrder": "0", + "measuredW": "531", + "measuredH": "28", + "x": "0", + "y": "0", + "properties": { + "size": "20", + "text": "Avoid returning sensitive data (credentials, sec. tokens etc)" + } + } + ] + } + } + }, + { + "ID": "120", + "typeID": "__group__", + "zOrder": "120", + "measuredW": "30", + "measuredH": "30", + "w": "30", + "h": "30", + "x": "196", + "y": "1715", + "properties": { + "controlName": "check:proper-response-code" + }, + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "TextArea", + "zOrder": "0", + "w": "30", + "h": "30", + "measuredW": "200", + "measuredH": "140", + "x": "0", + "y": "0" + } + ] + } + } + }, + { + "ID": "121", + "typeID": "__group__", + "zOrder": "121", + "measuredW": "467", + "measuredH": "28", + "w": "467", + "h": "28", + "x": "243", + "y": "1717", + "properties": { + "controlName": "proper-response-code" + }, + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "Label", + "zOrder": "0", + "measuredW": "467", + "measuredH": "28", + "x": "0", + "y": "0", + "properties": { + "size": "20", + "text": "Return proper response codes as per the operation" + } + } + ] + } + } + }, + { + "ID": "122", + "typeID": "Arrow", + "zOrder": "122", + "w": "726", + "h": "1", + "measuredW": "150", + "measuredH": "100", + "x": "816", + "y": "1503", + "properties": { + "curvature": "0", + "leftArrow": "false", + "rightArrow": "false", + "color": "4273622", + "p0": { + "x": -0.2686368305519409, + "y": 0 + }, + "p1": { + "x": 0.5001077701859017, + "y": 0.0003391382343339101 + }, + "p2": { + "x": 725.5310311167375, + "y": 0 + } + } + }, + { + "ID": "123", + "typeID": "Canvas", + "zOrder": "123", + "w": "252", + "h": "50", + "measuredW": "100", + "measuredH": "70", + "x": "1015", + "y": "1478", + "properties": { + "color": "16776960" + } + }, + { + "ID": "124", + "typeID": "Label", + "zOrder": "124", + "measuredW": "74", + "measuredH": "28", + "x": "1104", + "y": "1489", + "properties": { + "size": "20", + "text": "CI & CD" + } + }, + { + "ID": "125", + "typeID": "__group__", + "zOrder": "125", + "measuredW": "30", + "measuredH": "30", + "w": "30", + "h": "30", + "x": "861", + "y": "1562", + "properties": { + "controlName": "check:unit-integration-tests" + }, + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "TextArea", + "zOrder": "0", + "w": "30", + "h": "30", + "measuredW": "200", + "measuredH": "140", + "x": "0", + "y": "0" + } + ] + } + } + }, + { + "ID": "126", + "typeID": "__group__", + "zOrder": "126", + "measuredW": "578", + "measuredH": "28", + "w": "578", + "h": "28", + "x": "907", + "y": "1563", + "properties": { + "controlName": "unit-integration-tests" + }, + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "Label", + "zOrder": "0", + "measuredW": "578", + "measuredH": "28", + "x": "0", + "y": "0", + "properties": { + "size": "20", + "text": "Audit your design and implementation with unit/integration tests." + } + } + ] + } + } + }, + { + "ID": "127", + "typeID": "__group__", + "zOrder": "127", + "measuredW": "30", + "measuredH": "30", + "w": "30", + "h": "30", + "x": "861", + "y": "1601", + "properties": { + "controlName": "check:code-review-process" + }, + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "TextArea", + "zOrder": "0", + "w": "30", + "h": "30", + "measuredW": "200", + "measuredH": "140", + "x": "0", + "y": "0" + } + ] + } + } + }, + { + "ID": "128", + "typeID": "__group__", + "zOrder": "128", + "measuredW": "503", + "measuredH": "28", + "w": "503", + "h": "28", + "x": "907", + "y": "1602", + "properties": { + "controlName": "code-review-process" + }, + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "Label", + "zOrder": "0", + "measuredW": "503", + "measuredH": "28", + "x": "0", + "y": "0", + "properties": { + "size": "20", + "text": "Use a code review process and disregard self-approval." + } + } + ] + } + } + }, + { + "ID": "129", + "typeID": "__group__", + "zOrder": "129", + "measuredW": "30", + "measuredH": "30", + "w": "30", + "h": "30", + "x": "861", + "y": "1641", + "properties": { + "controlName": "check:run-security-analysis" + }, + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "TextArea", + "zOrder": "0", + "w": "30", + "h": "30", + "measuredW": "200", + "measuredH": "140", + "x": "0", + "y": "0" + } + ] + } + } + }, + { + "ID": "130", + "typeID": "__group__", + "zOrder": "130", + "measuredW": "432", + "measuredH": "28", + "w": "432", + "h": "28", + "x": "907", + "y": "1643", + "properties": { + "controlName": "run-security-analysis" + }, + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "Label", + "zOrder": "0", + "measuredW": "432", + "measuredH": "28", + "x": "0", + "y": "0", + "properties": { + "size": "20", + "text": " Continuously run security analysis on your code." + } + } + ] + } + } + }, + { + "ID": "131", + "typeID": "__group__", + "zOrder": "131", + "measuredW": "30", + "measuredH": "30", + "w": "30", + "h": "30", + "x": "861", + "y": "1682", + "properties": { + "controlName": "check:check-dependencies" + }, + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "TextArea", + "zOrder": "0", + "w": "30", + "h": "30", + "measuredW": "200", + "measuredH": "140", + "x": "0", + "y": "0" + } + ] + } + } + }, + { + "ID": "132", + "typeID": "__group__", + "zOrder": "132", + "measuredW": "461", + "measuredH": "28", + "w": "461", + "h": "28", + "x": "907", + "y": "1684", + "properties": { + "controlName": "check-dependencies" + }, + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "Label", + "zOrder": "0", + "measuredW": "461", + "measuredH": "28", + "x": "0", + "y": "0", + "properties": { + "size": "20", + "text": "Check your dependencies for known vulnerabilities." + } + } + ] + } + } + }, + { + "ID": "133", + "typeID": "__group__", + "zOrder": "133", + "measuredW": "30", + "measuredH": "30", + "w": "30", + "h": "30", + "x": "861", + "y": "1724", + "properties": { + "controlName": "check:rollback-deployments" + }, + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "TextArea", + "zOrder": "0", + "w": "30", + "h": "30", + "measuredW": "200", + "measuredH": "140", + "x": "0", + "y": "0" + } + ] + } + } + }, + { + "ID": "134", + "typeID": "__group__", + "zOrder": "134", + "measuredW": "386", + "measuredH": "28", + "w": "386", + "h": "28", + "x": "907", + "y": "1726", + "properties": { + "controlName": "rollback-deployments" + }, + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "Label", + "zOrder": "0", + "measuredW": "386", + "measuredH": "28", + "x": "0", + "y": "0", + "properties": { + "size": "20", + "text": "Design a rollback solution for deployments." + } + } + ] + } + } + }, + { + "ID": "135", + "typeID": "Arrow", + "zOrder": "135", + "w": "620", + "h": "1", + "measuredW": "150", + "measuredH": "100", + "x": "191", + "y": "1814", + "properties": { + "curvature": "0", + "leftArrow": "false", + "rightArrow": "false", + "color": "4273622", + "p0": { + "x": 0.23125640404211367, + "y": 0 + }, + "p1": { + "x": 0.49994495226877456, + "y": 0.0003335799224988863 + }, + "p2": { + "x": 620.5, + "y": 0 + } + } + }, + { + "ID": "136", + "typeID": "Canvas", + "zOrder": "136", + "w": "264", + "h": "50", + "measuredW": "100", + "measuredH": "70", + "x": "355", + "y": "1789", + "properties": { + "color": "16776960" + } + }, + { + "ID": "137", + "typeID": "Label", + "zOrder": "137", + "measuredW": "97", + "measuredH": "28", + "x": "438", + "y": "1800", + "properties": { + "size": "20", + "text": "Monitoring" + } + }, + { + "ID": "138", + "typeID": "__group__", + "zOrder": "138", + "measuredW": "30", + "measuredH": "30", + "w": "30", + "h": "30", + "x": "194", + "y": "1871", + "properties": { + "controlName": "check:centralized-logins" + }, + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "TextArea", + "zOrder": "0", + "w": "30", + "h": "30", + "measuredW": "200", + "measuredH": "140", + "x": "0", + "y": "0" + } + ] + } + } + }, + { + "ID": "139", + "typeID": "__group__", + "zOrder": "139", + "measuredW": "497", + "measuredH": "28", + "w": "497", + "h": "28", + "x": "241", + "y": "1873", + "properties": { + "controlName": "centralized-logins" + }, + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "Label", + "zOrder": "0", + "measuredW": "497", + "measuredH": "28", + "x": "0", + "y": "0", + "properties": { + "size": "20", + "text": "Use centralized logins for all services and components." + } + } + ] + } + } + }, + { + "ID": "140", + "typeID": "__group__", + "zOrder": "140", + "measuredW": "30", + "measuredH": "30", + "w": "30", + "h": "30", + "x": "194", + "y": "1912", + "properties": { + "controlName": "check:monitor-everything" + }, + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "TextArea", + "zOrder": "0", + "w": "30", + "h": "30", + "measuredW": "200", + "measuredH": "140", + "x": "0", + "y": "0" + } + ] + } + } + }, + { + "ID": "141", + "typeID": "__group__", + "zOrder": "141", + "measuredW": "518", + "measuredH": "28", + "w": "518", + "h": "28", + "x": "241", + "y": "1914", + "properties": { + "controlName": "monitor-everything" + }, + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "Label", + "zOrder": "0", + "measuredW": "518", + "measuredH": "28", + "x": "0", + "y": "0", + "properties": { + "size": "20", + "text": "Use agents to monitor all requests, responses and errors." + } + } + ] + } + } + }, + { + "ID": "142", + "typeID": "__group__", + "zOrder": "142", + "measuredW": "30", + "measuredH": "30", + "w": "30", + "h": "30", + "x": "194", + "y": "1953", + "properties": { + "controlName": "check:set-alerts" + }, + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "TextArea", + "zOrder": "0", + "w": "30", + "h": "30", + "measuredW": "200", + "measuredH": "140", + "x": "0", + "y": "0" + } + ] + } + } + }, + { + "ID": "143", + "typeID": "__group__", + "zOrder": "143", + "measuredW": "511", + "measuredH": "28", + "w": "511", + "h": "28", + "x": "241", + "y": "1955", + "properties": { + "controlName": "set-alerts" + }, + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "Label", + "zOrder": "0", + "measuredW": "511", + "measuredH": "28", + "x": "0", + "y": "0", + "properties": { + "size": "20", + "text": "Use alerts for SMS, Slack, Email, Kibana, Cloudwatch, etc." + } + } + ] + } + } + }, + { + "ID": "144", + "typeID": "__group__", + "zOrder": "144", + "measuredW": "30", + "measuredH": "30", + "w": "30", + "h": "30", + "x": "194", + "y": "1994", + "properties": { + "controlName": "check:avoid-logging-sensitive-data" + }, + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "TextArea", + "zOrder": "0", + "w": "30", + "h": "30", + "measuredW": "200", + "measuredH": "140", + "x": "0", + "y": "0" + } + ] + } + } + }, + { + "ID": "145", + "typeID": "__group__", + "zOrder": "145", + "measuredW": "438", + "measuredH": "28", + "w": "438", + "h": "28", + "x": "241", + "y": "1996", + "properties": { + "controlName": "avoid-logging-sensitive-data" + }, + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "Label", + "zOrder": "0", + "measuredW": "438", + "measuredH": "28", + "x": "0", + "y": "0", + "properties": { + "size": "20", + "text": "Ensure that you aren't logging any sensitive data." + } + } + ] + } + } + }, + { + "ID": "146", + "typeID": "__group__", + "zOrder": "146", + "measuredW": "30", + "measuredH": "30", + "w": "30", + "h": "30", + "x": "194", + "y": "2035", + "properties": { + "controlName": "check:use-ids-ips-system" + }, + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "TextArea", + "zOrder": "0", + "w": "30", + "h": "30", + "measuredW": "200", + "measuredH": "140", + "x": "0", + "y": "0" + } + ] + } + } + }, + { + "ID": "147", + "typeID": "__group__", + "zOrder": "147", + "measuredW": "474", + "measuredH": "28", + "w": "474", + "h": "28", + "x": "241", + "y": "2037", + "properties": { + "controlName": "use-ids-ips-system" + }, + "children": { + "controls": { + "control": [ + { + "ID": "0", + "typeID": "Label", + "zOrder": "0", + "measuredW": "474", + "measuredH": "28", + "x": "0", + "y": "0", + "properties": { + "size": "20", + "text": "Use an IDS and/or IPS system to monitor everything." + } + } + ] + } + } + } + ] + }, + "attributes": { + "name": "New Wireframe 1", + "order": 1000000, + "parentID": null, + "notes": "" + }, + "branchID": "Master", + "resourceID": "5A30BFEF-684E-429E-9C5D-BAAAC1A8339A", + "mockupH": "2160", + "mockupW": "1351", + "measuredW": "1542", + "measuredH": "2294", + "version": "1.0", + "calloutsOffset": { + "x": 189.2312564040421, + "y": 132 + } + }, + "groupOffset": { + "x": 0, + "y": 0 + }, + "dependencies": [], + "projectID": "file:///Users/dan/Library/Application%20Support/Balsamiq%20Wireframes/UnsavedFiles/New%20Project%201.bmpr" +} \ No newline at end of file