Summary
In this chapter, we explored some essential details about security, the importance of not trusting user input data, and how to sanitize and validate that data to avoid the most common threats, such as SQL injection attacks or XSS attacks. We also explored how to properly handle, store, and safely validate our passwords. Another important topic in API security is the HTTP protocol security features. Some of them are less well known than they should be, such as CSP, CORS, and the importance of the Content-Type header. Finally, we explored HTTPS support using Let's Encrypt, a vital security feature of every API. As in previous chapters, we applied some concepts directly in our API project. In this case, we integrated CORS and Let's Encrypt into our API.
Now you have the fundamental knowledge to understand what to pay attention to in order to avoid dangerous mistakes and the tools needed to make your API more secure, incorporating password hashing, encryption, CSP...
