parent
e45c49a404
commit
7a4c077a90
56 changed files with 81 additions and 1 deletions
After Width: | Height: | Size: 505 KiB |
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
@ -0,0 +1,27 @@ |
||||
--- |
||||
jsonUrl: '/jsons/best-practices/api-security.json' |
||||
pdfUrl: '/pdfs/best-practices/api-security.pdf' |
||||
order: 2 |
||||
briefTitle: 'API Security' |
||||
briefDescription: 'API Security Best Practices' |
||||
isNew: true |
||||
isUpcoming: false |
||||
title: 'API Security Best Practices' |
||||
description: 'Detailed list of best practices to make your APIs secure' |
||||
dimensions: |
||||
width: 968 |
||||
height: 1543.39 |
||||
schema: |
||||
headline: 'API Security Best Practices' |
||||
description: 'Detailed list of best practices to make your APIs secure. Each best practice carries further details and how to implement that best practice.' |
||||
imageUrl: 'https://roadmap.sh/best-practices/api-security.png' |
||||
datePublished: '2023-02-21' |
||||
dateModified: '2023-02-21' |
||||
seo: |
||||
title: 'API Security Best Practices' |
||||
description: 'Detailed list of best practices to make your APIs secure. Each best practice carries further details and how to implement that best practice.' |
||||
keywords: |
||||
- 'API Security' |
||||
- 'API Security Best Practices' |
||||
- 'API Security Checklist' |
||||
--- |
@ -0,0 +1 @@ |
||||
# Api gateway |
@ -0,0 +1 @@ |
||||
# Authentication mechanisms |
@ -0,0 +1 @@ |
||||
# Authorization header |
@ -0,0 +1 @@ |
||||
# Avoid http blocking |
@ -0,0 +1 @@ |
||||
# Avoid logging sensitive data |
@ -0,0 +1 @@ |
||||
# Avoid personal id urls |
@ -0,0 +1 @@ |
||||
# Avoid sensitive data |
@ -0,0 +1 @@ |
||||
# Cdn for file uploads |
@ -0,0 +1 @@ |
||||
# Centralized logins |
@ -0,0 +1 @@ |
||||
# Check dependencies |
@ -0,0 +1 @@ |
||||
# Code review process |
@ -0,0 +1 @@ |
||||
# Csp header |
@ -0,0 +1 @@ |
||||
# Debug mode off |
@ -0,0 +1 @@ |
||||
# Directory listings |
@ -0,0 +1 @@ |
||||
# Disable entity expansion |
@ -0,0 +1 @@ |
||||
# Disable entity parsing xml |
@ -0,0 +1 @@ |
||||
# Endpoint authentication |
@ -0,0 +1 @@ |
||||
# Force content type |
@ -0,0 +1 @@ |
||||
# Good jwt secret |
@ -0,0 +1 @@ |
||||
# Hsts header |
@ -0,0 +1 @@ |
||||
# |
@ -0,0 +1 @@ |
||||
# Jwt algorithm |
@ -0,0 +1 @@ |
||||
# Jwt payload |
@ -0,0 +1 @@ |
||||
# Max retry jail |
@ -0,0 +1 @@ |
||||
# Monitor everything |
@ -0,0 +1 @@ |
||||
# No sniff header |
@ -0,0 +1 @@ |
||||
# Non executable stacks |
@ -0,0 +1 @@ |
||||
# Oauth redirect ui |
@ -0,0 +1 @@ |
||||
# Oauth state |
@ -0,0 +1 @@ |
||||
# Oauth validate scope |
@ -0,0 +1 @@ |
||||
# Only server side encryption |
@ -0,0 +1 @@ |
||||
# Payload size |
@ -0,0 +1 @@ |
||||
# Prefer uuid |
@ -0,0 +1 @@ |
||||
# Proper http methods |
@ -0,0 +1 @@ |
||||
# Proper response code |
@ -0,0 +1 @@ |
||||
# Recommended resources |
@ -0,0 +1 @@ |
||||
# Remove fingerprint header |
@ -0,0 +1 @@ |
||||
# Response type token |
@ -0,0 +1 @@ |
||||
# Restrict private apis |
@ -0,0 +1 @@ |
||||
# Rollback deployments |
@ -0,0 +1 @@ |
||||
# Run security analysis |
@ -0,0 +1 @@ |
||||
# Sensitive data encryption |
@ -0,0 +1 @@ |
||||
# Set alerts |
@ -0,0 +1 @@ |
||||
# Throttle requests |
@ -0,0 +1 @@ |
||||
# Token expiry |
@ -0,0 +1 @@ |
||||
# Unit integration tests |
@ -0,0 +1 @@ |
||||
# Use https |
@ -0,0 +1 @@ |
||||
# Use ids ips system |
@ -0,0 +1 @@ |
||||
# Use standard authentication |
@ -0,0 +1 @@ |
||||
# Validate content type |
@ -0,0 +1 @@ |
||||
# Validate user input |
@ -0,0 +1 @@ |
||||
# X frame options deny |
Loading…
Reference in new issue