blchelle/collabogreat

API Security

Closed this issue 4 years ago · 0 comments

blchelle commented 4 years ago

Description

Ensure the following hold true to lock down the API

JWT's should be stored in HTTPOnly cookies
User input data should be sanitized
Set special HTTP headers
Implement rate limiting to prevent API spamming
Request body payloads should be limited in size
Always use HTTPS
Don’t commit Config Data to git
Prevent Cross-Site Request Forgery
Prevent parameter pollution causing Uncaught exceptions