API-Security
ziti-webhook-action
Our great sponsors
API-Security | ziti-webhook-action | |
---|---|---|
15 | 5 | |
1,933 | 2 | |
1.8% | - | |
6.2 | 0.0 | |
11 days ago | about 1 year ago | |
Dockerfile | JavaScript | |
GNU General Public License v3.0 or later | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
API-Security
-
What's the problem with my API?
Check the top 10 API security by OWASP
-
Quick Privacy Question
In the end this is a security oversight known as excessive data exposure (OWASP - API3:2019) of Riot and as long as they keep sending this info people will be able to see it.
-
Implementing decent security
Check out ----, https://github.com/OWASP/API-Security
-
API without authentication severity?
If incorrect API authentication mechanisms implementation considered as Broken User Authentication, how severe the one without authentication at all? Critical? or high?
-
Feedbak for an article on API Security Maturity Model+
The OWASP top 10 API security risks are posted on their GitHub here. As OWASP shows, because APIs are open to the network:
-
API10:2019 - Insufficient Logging & Monitoring
More cases and prevention methods can be found on the OWASP API Security Top 10 official repository
- API9:2019 - Improper Assets Management
- API8:2019 - Injection
-
API7:2019 - Security Misconfiguration
OWASP API-Security repo
- API6:2019 - Mass Assignment
ziti-webhook-action
-
Need help trying to make POST request from my static web app on Github Pages to SpringBoot on EC2 via HTTPS
Alternaitvely you could use OpenZiti 'zitified' webhook for Github (https://github.com/openziti/ziti-webhook-action). We use it internally to connect our GitHub from open source OpenZiti repo to our CloudZiti SaaS instance - https://netfoundry.io/this-is-the-way-invisible-jenkins/. You can do this by self-hosting ziti or using the CloudZiti free tier.
-
zrok: open-source peer-to-peer sharing (alternative to ngrok)
We used this to build a GitHub webhook action - https://github.com/openziti/ziti-webhook-action. We use this to connect our production Jenkins to the OpenZiti Jenkins with no inbound ports or ACLs - https://netfoundry.io/this-is-the-way-invisible-jenkins/.
-
Configuring Cloudflare zero trust for self hosted apps
This includes SDKs to embed in an app, e.g., Python running AWS Lambda (https://openziti.io/my-intern-assignment-call-a-dark-webhook-from-aws-lambda) or Node inside a GitHub webhook (https://github.com/openziti/ziti-webhook-action).
-
Feedbak for an article on API Security Maturity Model+
As far as your question on alternatives, the OpenZiti private networking approach has always been desired from a security perspective, but was previously implemented by requiring all your API clients to use VPNs, an MPLS network or private business APNs. For a relatively small and static implementation, those methods might be viable. The problem is managing all of that at scale. OpenZiti addresses this management problem by putting the private networking into the APIs themselves, as code. Here is a simple example of a Zitified Webhook.
-
Ziti Webhook Action - How to allow GitHub push notifications to a private server
open-sourcehttps://github.com/openziti/ziti-webhook-action
What are some alternatives?
API-Security-Checklist - Checklist of the most important security countermeasures when designing, testing, and releasing your API
memer-telegram-bot - Memer Telegram Bot - Search & Create memes!
wstg - The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
nitro-sniper - A lightweight, fast and efficient discord nitro sniper, giveaway sniper & invite sniper.
bugbounty-cheatsheet - A list of interesting payloads, tips and tricks for bug bounty hunters.
Caddy - Fast and extensible multi-platform HTTP/1-2-3 web server with automatic HTTPS
Security_Engineer_Interview_Questions - Every Security Engineer Interview Question From Glassdoor.com
webhook.site - ⚓️ Easily test HTTP webhooks with this handy tool that displays requests instantly.
offensiveinterview - Interview questions to screen offensive (red team/pentest) candidates
ziti-sdk-nodejs - An SDK for embedding zero trust into Node.JS applications and web servers to improve security.
Interview_Tips - Summary of Cyber Security interview questions I have been through, hope this helps
ngrok - Expose your localhost to the web. Node wrapper for ngrok.