shieldfy/API-Security-Checklist
Checklist of the most important security countermeasures when designing, testing, and releasing your API
MIT
Issues
- 0
Security Headers
#189 opened by beyhantanerr - 14
- 2
- 7
More details on token expiration?
#23 opened by jzaefferer - 3
Translation for korean
#33 opened by mingrammer - 0
Api
#157 opened by amolkumbhar2789 - 0
- 0
Aps security
#178 opened by AhmadTIsmail - 0
Expand on the authentication suggestion
#179 opened by petrdvorak - 0
HTTP Headers
#174 opened by tautology0 - 5
OAuth referred to as AuthN
#169 opened by garthoid - 16
why no basic auth?
#2 opened by rileytg - 1
request integrity & replay
#170 opened by agrandville - 1
Please pay attention to this repo again
#140 opened by hylerrix - 1
Why no word about range, type and length checks?
#11 opened by baybal - 47
Don't recommend JWT
#6 opened by sethherr - 4
Why "User own resource ID should be avoided. Use /me/orders instead of /user/654321/orders." ?
#144 opened by deveasywork - 1
Cyber security
#171 opened - 6
Rationales
#8 opened by erlkonig - 2
Misspelling in README
#7 opened by michaelmior - 3
- 1
Rr
#19 opened by wardanadana - 1
- 5
Translation ideas.
#59 opened by Maikuolan - 2
- 2
Japanese translations.
#79 opened by Maikuolan - 3
In "README.md", "簡" should be “简”.
#120 opened by gxuamethyst - 0
Should mention CORS
#119 opened by yippibrian - 0
JWT token should be stored securely if they are used as auth for browser users.
#153 opened by h4cker39 - 1
Suggestion: Always set charset in response header
#25 opened by ngyikp - 1
- 1
Serbian translations
#113 opened by marjanovicsteva - 4
"algorithm" in the JWT
#127 opened by okdt - 4
- 0
Should add "Content-Disposition" to response header?
#104 opened by nevermoe - 1
curious about "don't return security token"
#13 opened by fake-fur - 2
What about GraphQL?
#10 opened by gokaygurcan - 0
- 3
Add a CONTRIBUTING.md file.
#34 opened by Maikuolan - 0
- 1
Don't reinvent the wheel in Authentication, token generating, password storing use the standards.
#32 opened by XYF001 - 4
User own resource id should be avoided ?
#20 opened by nsteinmetz