The Wayback Machine - https://web.archive.org/web/20210911221159/https://github.com/shieldfy/API-Security-Checklist/issues
Skip to content

/ API-Security-Checklist Public

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

12 Open 19 Closed
12 Open 19 Closed
Author
Filter by author
Label
Filter by label
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Milestones
Filter by milestone
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀
JWT token should be stored securely if they are used as auth for browser users.
#153 opened Jun 18, 2021 by h4cker39
Why "User own resource ID should be avoided. Use /me/orders instead of /user/654321/orders." ?
#144 opened Aug 3, 2020 by deveasywork
4
Please pay attention to this repo again
#140 opened Apr 29, 2020 by hylerrix
Should mention CORS
#119 opened May 21, 2019 by yippibrian
Serbian translations
#113 opened Oct 9, 2018 by marjanovicsteva
1
Should add "Content-Disposition" to response header?
#104 opened Mar 14, 2018 by nevermoe
Correlation with external (prior) guidelines enhancement
#27 opened Jul 11, 2017 by geovanisouza92
Suggestion: Always set charset in response header enhancement
#25 opened Jul 11, 2017 by ngyikp
Why no word about range, type and length checks?
#11 opened Jul 9, 2017 by baybal
Rationales enhancement
#8 opened Jul 9, 2017 by erlkonig
3
Don't recommend JWT
#6 opened Jul 9, 2017 by sethherr
47
why no basic auth? question
#2 opened Jul 8, 2017 by rileytg
16
ProTip! Adding no:label will show everything without a label.