Authentication Security Best Practices
Set of 14 security best practices for API authentication
home
Authentication Security Best Practices
This ruleset contains a set of 14 security best practices for API authentication.
Rules in this Ruleset
Violations
- security-fields-operation-empty
- access-tokens-oauth2-cleartext
- insecure-oauth2-grants
- api-keys-in-cookie
- api-keys-in-query
- api-keys-in-header
- api-negotiates-authentication
- insecure-basic-auth
- bearer-token-cleartext
- http-token-cleartext
- oauth1-deprecated
- oauth2-redirections-non-encrypted
- unknown-security-scheme
- valid-server-urltemplate
- valid-oauth2-redirection-urls