Skip to content

Add API Security Cheat Sheet - Unified Guidance for All API Types #1868

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Add API Security Cheat Sheet - Unified Guidance for All API Types #1868

wants to merge 1 commit into from

Conversation

@ZMelliti
Copy link
Contributor

Summary

This PR introduces a new API Security Cheat Sheet that provides comprehensive guidance for securing APIs across all technologies. The cheat sheet covers:

  • Complete OWASP API Security Top 10 2023 vulnerabilities with prevention strategies
  • Technology-agnostic security controls applicable to REST, GraphQL, gRPC, WebSocket, and SOAP APIs
  • Modern API patterns including API gateways, microservices, and zero trust architecture
  • Practical code examples in Java and JavaScript for common security implementations
  • Core security controls for authentication, authorization, input validation, and transport security
  • Testing, monitoring, and compliance guidance for API security programs

Checklist

Please make sure that for your contribution:

  • In case of a new Cheat Sheet, you have used the Cheat Sheet template.
  • All the markdown files do not raise any validation policy violation, see the policy.
  • All the markdown files follow these format rules.
  • All your assets are stored in the assets folder.
  • All the images used are in the PNG format.
  • Any references to websites have been formatted as [TEXT](URL)
  • You verified/tested the effectiveness of your contribution (e.g., the defensive code proposed is really an effective remediation? Please verify it works!).
  • The CI build of your PR pass, see the build status here.

Verification Details

  • New Cheat Sheet: Created using the official template structure with Introduction, main sections, and References
  • Link Validation: All internal references use proper [TEXT](CheatSheet.md) format and external links use [TEXT](URL) format
  • Format Compliance: Follows markdown formatting rules with proper headers, code blocks, and structure
  • No Assets: Text-based content with code examples only, no images or external assets required
  • Effectiveness: All security practices validated against OWASP API Security Top 10 2023, RFC standards, and industry best practices
  • Cross-References: Properly integrates with existing OWASP cheat sheets without duplication

This PR fixes #1865

AI Tool Usage Disclosure (required for all PRs)

Please select one of the following options:

  • I have NOT used any AI tool to generate the contents of this PR.
  • I have used AI tools to generate the contents of this PR. I have verified
    the contents and I affirm the results. The LLM used is [llm name and version]
    and the prompt used is [your prompt here]. [Feel free to add more details if needed]

Thank you 😃

@ZMelliti ZMelliti force-pushed the api-security-cheat-sheet branch from fd0ff1b to 43d47a8 Compare October 26, 2025 20:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

New CS proposal: API Security Cheat Sheet

1 participant

@ZMelliti