shieldfy/API-Security-Checklist

Issues

• Security Headers

  #189 opened 7 months ago by beyhantanerr
  0

• Why should not use Auto Increment IDs and Use UUIDs instead?

  #187 opened 8 months ago by codewithmecoder
  14

• PUT mentioned, but PATCH is probably a better choice

  #26 opened 7 years ago by geertjanvdk
  2

• More details on token expiration?

  #23 opened 7 years ago by jzaefferer
  7

• Translation for korean

  #33 opened 7 years ago by mingrammer
  3

• Api

  #157 opened 2 years ago by amolkumbhar2789
  0

• Og

  #188 opened 8 months ago by hau99
  0

• Aps security

  #178 opened a year ago by AhmadTIsmail
  0

• Expand on the authentication suggestion

  #179 opened a year ago by petrdvorak
  0

• HTTP Headers

  #174 opened a year ago by tautology0
  0

• OAuth referred to as AuthN

  #169 opened 2 years ago by garthoid
  5

• why no basic auth?

  #2 opened 2 years ago by rileytg
  16

• request integrity & replay

  #170 opened 2 years ago by agrandville
  1

• Please pay attention to this repo again

  #140 opened 2 years ago by hylerrix
  1

• Why no word about range, type and length checks?

  #11 opened 7 years ago by baybal
  1

• Don't recommend JWT

  #6 opened 7 years ago by sethherr
  47

• Why "User own resource ID should be avoided. Use /me/orders instead of /user/654321/orders." ?

  #144 opened 2 years ago by deveasywork
  4

• Cyber security

  #171 opened 2 years ago
  1

• Rationales

  #8 opened 7 years ago by erlkonig
  6

• Misspelling in README

  #7 opened 7 years ago by michaelmior
  2

• Why 'Do not forget and leave the DEBUG mode on.' ?

  #15 opened 7 years ago by trietphm
  3

• Rr

  #19 opened 7 years ago by wardanadana
  1

• Suggestion: add version information in base file and translation file

  #49 opened 7 years ago by peeratant
  1

• Translation ideas.

  #59 opened 7 years ago by Maikuolan
  5

• Is use sha1 sign to verify a parameter in the request safe?

  #77 opened 7 years ago by Y2Nk4
  2

• Japanese translations.

  #79 opened 5 years ago by Maikuolan
  2

• In "README.md", "簡" should be “简”.

  #120 opened 5 years ago by gxuamethyst
  3

• Should mention CORS

  #119 opened 5 years ago by yippibrian
  0

• JWT token should be stored securely if they are used as auth for browser users.

  #153 opened 3 years ago by h4cker39
  0

• Suggestion: Always set charset in response header

  #25 opened 7 years ago by ngyikp
  1

• ## Query

  #155 opened 2 years ago by perovovao
  1

• Serbian translations

  #113 opened 2 years ago by marjanovicsteva
  1

• "algorithm" in the JWT

  #127 opened 5 years ago by okdt
  4

• Question about "Don't auto-increment IDs. Use UUID instead."

  #122 opened 5 years ago by triforcely
  4

• Should add "Content-Disposition" to response header?

  #104 opened 6 years ago by nevermoe
  0

• curious about "don't return security token"

  #13 opened 7 years ago by fake-fur
  1

• What about GraphQL?

  #10 opened 7 years ago by gokaygurcan
  2

• I think there should be a mention about backup plan.

  #47 opened 7 years ago by peeratant
  0

• Add a CONTRIBUTING.md file.

  #34 opened 7 years ago by Maikuolan
  3

• Correlation with external (prior) guidelines

  #27 opened 7 years ago by geovanisouza92
  0

• Don't reinvent the wheel in Authentication, token generating, password storing use the standards.

  #32 opened 7 years ago by XYF001
  1

• User own resource id should be avoided ?

  #20 opened 7 years ago by nsteinmetz
  4