Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
B
B
BonBon Slick2017-12-26 21:58:09
XSS
BonBon Slick, 2017-12-26 21:58:09

What are the main methods of protecting the service API?

When developing an API for your web service, please tell me the main details that you should definitely take into account?
The first thing to worry about is:
- CORS
- DDOS
- XSS (SQL Injection, Cookie stealers, worms)
- Sniffer
- all sorts of loggers, etc., everything that allows a malicious person to get sensitive data.
Type functions:
htmlentities(), strip_tags(), utf8_decode() etc
As I understand it, CSRF can be thrown out, or?) I
use JWT for authorization

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
D
Dimonchik, 2017-12-26
@dimonchik2013

the key decides everything
, this does not apply, of course, to filtering the input

Similar questions
S
sorry_i_noob2018-08-10 00:27:41
How to secure a site from a user comment with XSS, but still keep the right tags (htmlspecialchars makes the tags plain text)? 4Reply
S
Snewer2014-03-24 18:46:55
How to clean up custom html? 5Reply
D
Dmitry Demin2014-05-02 14:23:02
Is it possible to use two platforms on the same server? 2Reply
I
Ilya Bukatich2020-12-08 16:53:51
Where can I find cybersecurity reports for 2019 or 2020? 1Reply
A
akdes2015-03-15 18:08:18
Cross domain request from domain.com to api.domain.com... how? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question