Good kick off point https://owasp.org/www-project-api-security/ https://cheatsheetseries.owasp.org/cheatsheets/REST_Security_Cheat_Sheet.html https://github.com/OWASP/wstg https://stackoverflow.blog/2021/10/06/best-practices-for-authentication-and-authorization-for-rest-apis/ Around the industry https://www.f5.com/labs/learning-center/securing-apis-10-best-practices-for-keeping-your-data-and-infrastructure-safe https://blog.axway.com/learning-center/digital-security/keys-oauth/api-security-best-practices https://curity.io/resources/learn/api-security-best-practices/ https://medium.com/apis-and-digital-transformation/best-practices-for-building-secure-apis-2b4eb8071d41 https://learn.microsoft.com/en-us/azure/api-management/mitigate-owasp-api-threats https://learn.microsoft.com/en-us/dotnet/architecture/microservices/secure-net-microservices-web-applications/ State of API Security https://content.salt.security/gartner-2022-predicts https://content.salt.security/state-api-report.html Serv...
Comments