Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Prevent API Security Risks #15

Open
japananh opened this issue Oct 1, 2023 · 0 comments
Open

Prevent API Security Risks #15

japananh opened this issue Oct 1, 2023 · 0 comments

Comments

@japananh
Copy link
Owner

japananh commented Oct 1, 2023

Prevent critical attacks in APIs

1. CORS

Example: https://github.com/japananh/zero-and-one/blob/main/middleware/cors.go

2. DoS (Denial of Service)

package main

import (
	"fmt"
	"log"
	"net/http"
	"time"

	"github.com/gin-gonic/gin"
	"github.com/gin-contrib/limit"
)

func main() {
	r := gin.Default()

	// Apply rate limiting middleware
        // The number depends on server capacity, expected traffic, response time, resource intensity, load testing, failover and scalability, security, monitoring and adjustments.
	r.Use(limit.MaxAllowed(10)) // Limit to 10 requests per second

	r.GET("/api/data", getData)

	r.Run(":8080")
}

func getData(c *gin.Context) {
	// Simulate some work
	time.Sleep(100 * time.Millisecond)

	c.JSON(http.StatusOK, gin.H{"message": "Data retrieved successfully"})
}

3. SQL Injection

4. XSS (Cross-Site Scripting)

To protect against XSS, you should properly escape and sanitize user-generated content before rendering it in your web pages using html/template.

package main

import (
	"html"
	"net/url"
)

func sanitizeInput(input string) string {
	// Sanitize for HTML
	htmlSafe := html.EscapeString(input)

	// Sanitize for URL
	urlSafe := url.QueryEscape(htmlSafe)

	return urlSafe
}

SSRF (Server-Side Request Forgery)

Screenshot 2023-10-01 at 11 03 47 Screenshot 2023-10-01 at 11 04 29 Screenshot 2023-10-01 at 11 04 47 Screenshot 2023-10-01 at 11 17 58 Screenshot 2023-10-01 at 14 25 20 Screenshot 2023-10-01 at 15 09 16
@japananh japananh self-assigned this Oct 1, 2023
@japananh japananh changed the title Top 10 API Security Risks Prevent API Security Risks Oct 1, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

1 participant