Skip to content

docs: add "OWASP API Security Top 10 2023" to Security Guidelines#8669

Merged
kenjis merged 2 commits intocodeigniter4:developfrom
kenjis:docs-security-top10-api
Apr 5, 2024
Merged

docs: add "OWASP API Security Top 10 2023" to Security Guidelines#8669
kenjis merged 2 commits intocodeigniter4:developfrom
kenjis:docs-security-top10-api

Conversation

@kenjis
Copy link
Copy Markdown
Member

@kenjis kenjis commented Mar 28, 2024
edited
Loading

Needs #8652

Description

  • add "OWASP API Security Top 10 2023"

Frankly, CI4 offers very few features for API Security.

Checklist:

  • Securely signed commits
  • [] Component(s) with PHPDoc blocks, only if necessary or adds value
  • [] Unit testing, with >80% coverage
  • User guide updated
  • [] Conforms to style guide

@kenjis kenjis added the documentation Pull requests for documentation only label Mar 28, 2024
@kenjis kenjis marked this pull request as draft March 28, 2024 08:53
@github-actions github-actions bot added the stale Pull requests with conflicts label Mar 29, 2024
@github-actions
Copy link
Copy Markdown

github-actions bot commented Mar 29, 2024

👋 Hi, @kenjis!

We detected conflicts in your PR against the base branch 🙊
You may want to sync 🔄 your branch with upstream!

Ref: Syncing Your Branch

@kenjis kenjis force-pushed the docs-security-top10-api branch from fb5d619 to 6205a66 Compare March 29, 2024 05:26
@kenjis kenjis removed the stale Pull requests with conflicts label Mar 29, 2024
@kenjis kenjis force-pushed the docs-security-top10-api branch from 6205a66 to 24089a3 Compare April 3, 2024 21:48
@kenjis kenjis marked this pull request as ready for review April 3, 2024 21:49
@kenjis
Copy link
Copy Markdown
Member Author

kenjis commented Apr 5, 2024

This is the last PR for v4.4.8.
Review, please.

datamweb
datamweb approved these changes Apr 5, 2024
View reviewed changes
user_guide_src/source/concepts/security.rst
OWASP recommendations
---------------------

- Implement a proper authorization mechanism that relies on the user policies and
Copy link
Copy Markdown
Contributor

@datamweb datamweb Apr 5, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In this case a good job is done by lonnieezell:
https://github.com/lonnieezell/forum-example/blob/develop/_docs/policies.md

user_guide_src/source/concepts/security.rst

- When exposing an object using an API endpoint, always make sure that the user
should have access to the object's properties you expose.
- Avoid using generic methods such as to_json() and to_string(). Instead,
Copy link
Copy Markdown
Contributor

@datamweb datamweb Apr 5, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There are (to_json() and to_string())codes, it is better to specify them as codes.

Copy link
Copy Markdown
Member Author

@kenjis kenjis Apr 5, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since CI does not provide such methods, why not just leave it as it is?

@kenjis kenjis merged commit e05781b into codeigniter4:develop Apr 5, 2024
@kenjis kenjis deleted the docs-security-top10-api branch April 5, 2024 23:22
@kenjis kenjis mentioned this pull request Apr 6, 2024
Merged
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@datamweb datamweb datamweb approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

documentation Pull requests for documentation only

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@kenjis @datamweb