API Security
Closed this issue · 0 comments
blchelle commented
Description
Ensure the following hold true to lock down the API
- JWT's should be stored in HTTPOnly cookies
- User input data should be sanitized
- Set special HTTP headers
- Implement rate limiting to prevent API spamming
- Request body payloads should be limited in size
- Always use HTTPS
- Don’t commit Config Data to git
- Prevent Cross-Site Request Forgery
- Prevent parameter pollution causing Uncaught exceptions