top of page
Image by ThisisEngineering RAEng

API
Security

Check your api security using below list

scroll

CI & CD

Use a code review process and disregard self-approval.

CI & CD

Ensure that all components of your services are statically scanned by AV software before pushing to production, including vendor libraries and other dependencies.

CI & CD

Design a rollback solution for deployments.

CI & CD

Audit your design and implementation with unit/integration tests coverage.

Output

Send X-Frame-Options: deny header.

Output

Send Content-Security-Policy: default-src 'none' header.

Output

Remove fingerprinting headers - X-Powered-By, Server, X-AspNet-Version, etc.

Output

Force content-type for your response. If you return application/json, then your content-type response is application/json.

Output

Don't return sensitive data like credentials, Passwords, or security tokens.

Output

Return the proper status code according to the operation completed. (e.g. 200 OK, 400 Bad Request, 401 Unauthorized, 405 Method Not Allowed, etc.).

Output

Send X-Content-Type-Options: nosniff header.

Processing

User own resource ID should be avoided. Use /me/orders instead of /user/654321/orders.

An error occurred. Try again later

Your content has been submitted

bottom of page