Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
B
B
BonBon Slick2017-12-26 21:58:09
XSS
BonBon Slick, 2017-12-26 21:58:09

What are the main methods of protecting the service API?

When developing an API for your web service, please tell me the main details that you should definitely take into account?
The first thing to worry about is:
- CORS
- DDOS
- XSS (SQL Injection, Cookie stealers, worms)
- Sniffer
- all sorts of loggers, etc., everything that allows a malicious person to get sensitive data.
Type functions:
htmlentities(), strip_tags(), utf8_decode() etc
As I understand it, CSRF can be thrown out, or?) I
use JWT for authorization

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
D
Dimonchik, 2017-12-26
@dimonchik2013

the key decides everything
, this does not apply, of course, to filtering the input

Similar questions
P
Pavel K2017-06-18 00:05:10
How to do JSON escaping? 1Reply
K
komarevtsev2017-07-11 04:16:34
How to properly protect against xss? 3Reply
N
NO1nam2020-01-24 15:40:37
How to replace the script? 3Reply
S
Sergey Shilov2017-09-15 00:46:22
My website has been hacked, where do I start? 1Reply
T
Tremo2017-11-18 15:55:37
How to bypass firefox xss protection which encodes url and prevents XSS from firing? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question