Skip to main content
Stack Overflow
  1. About
  3. For Teams
Filter by
Sorted by
Tagged with
Best practices
0 votes
0 replies
22 views

I have done SAML with iDP and have followed similar for OAuth2. This integration I am not sure where to start. I went through these: APIM Documentation APIM Plans GRAVITEE Configure JWT Security ...
Mahesh's user avatar
  • 1,119
-5 votes
1 answer
168 views

We are facing an issue with a malicious user who has details about how our website works. Using the developer tools in the browser, the login and subsequent APIs are studied and a mobile app is built ...
1 vote
1 answer
264 views

Edit: it's been suggested that I edit this question to differentiate it from previously answered questions. Others have noted that I shouldn't be using HttpContextAccessor.HttpContext in Blazor server ...
1 vote
1 answer
260 views

I am trying to conducting an API scan using Zap Docker image, despite passing authentication configurations, authenticated endpoints return 404/403 errors. Unauthenticated endpoints scan correctly. ...
0 votes
1 answer
118 views

To secure API resources in Ballerina, according to the doc, I can put scope like so if in JWT scope is not listed resource can't be invoked @http:ResourceConfig { auth: [ { ...
0 votes
1 answer
182 views

I am sorry but this question needs to be long so you can understand the problem and it is absolutely relative the size of my problem, I am seeking web security experts opinion so thank you for your ...
0 votes
1 answer
83 views

I have the scenario where there is one web (Admin Panel) and another is front site on another domain. Now I want to provide the facility of "Impersonate" where supper admin can gain the ...
1 vote
0 answers
164 views

We are building an API Framework in PHP (Hacklang) and will be using json-schema from OPIS to implement validation of JSON input in the request body. OWASP recommends implementing validations on ...
0 votes
1 answer
74 views

Is it possible to have a API (HTTPS), which has some endpoints (test_1, test_2) with different HTTP methods (test_1-GET,POST) while GET and POST are having different HTTPS security features. (like ...
1 vote
2 answers
789 views

I'm using ansible to provision a particular service, and before I can interact with it I must first generate an API key. But I can't predefine that key in my playbook (as a secret) - it is generated ...
lonix's user avatar
  • 22.5k
-2 votes
1 answer
161 views

I have a Spring Boot project with a login endpoint that generates a token for accessing other endpoints. When a user logs in from a specific device (browser or application), I want to add a security ...
0 votes
1 answer
1k views

The "Server" and "X-Powered-By" headers are not present in the API response during runtime (or debugging) but appearing only on Postman / browser. My objective is to remove to ...
0 votes
0 answers
188 views

I am developing an app in flutter which will have in app purchases. I am keeping track of user credits and some other things on my node server. I am concerned that if I call my node api to increase ...
0 votes
1 answer
357 views

I have a very strange issue with Azure API Management, that I don't seem to figure out... We have an API operation that is part of an APIM API that is linked with a Product that does not require a ...
0 votes
1 answer
281 views

I have a security requirement that all the data flows through API should be encrypted. I don't see any OOTB implementation. So I have thought about having a filter to decrypt and a custom sanitizer to ...

15 30 50 per page
1
2 3

AltStyle によって変換されたページ (->オリジナル) /