api-security-hardening

Solid

REST API security hardening with authentication, rate limiting, input validation, security headers. Use for production APIs, security audits, defense-in-depth, or encountering vulnerabilities, injection attacks, CORS issues.

API & Backend 162 stars 25 forks Updated 2 weeks ago MIT

Install

View on GitHub

Quality Score: 88/100

Stars 20%

Recency 20%

Frontmatter 20%

Documentation 15%

100

Issue Health 10%

License 10%

100

Description 5%

100

Skill Content

# API Security Hardening Protect REST APIs against common vulnerabilities with multiple security layers. ## Security Middleware Stack (Express) ```javascript const helmet = require('helmet'); const rateLimit = require('express-rate-limit'); const mongoSanitize = require('express-mongo-sanitize'); const xss = require('xss-clean'); app.use(helmet()); app.use(mongoSanitize()); app.use(xss()); app.use('/api/', rateLimit({ windowMs: 15 * 60 * 1000, max: 100 })); app.use('/api/auth/', rateLimit({ windowMs: 15 * 60 * 1000, max: 5 })); ``` ## Input Validation ```javascript const { body, validationResult } = require('express-validator'); app.post('/users', body('email').isEmail().normalizeEmail(), body('password').isLength({ min: 8 }).matches(/[A-Z]/).matches(/[0-9]/), body('name').trim().escape().isLength({ max: 100 }), (req, res) => { const errors = validationResult(req); if (!errors.isEmpty()) { return res.status(400).json({ errors: errors.array() }); } // Process request } ); ``` ## Security Headers ```javascript app.use((req, res, next) => { res.setHeader('Content-Security-Policy', "default-src 'self'"); res.setHeader('X-Frame-Options', 'DENY'); res.setHeader('X-Content-Type-Options', 'nosniff'); res.setHeader('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'); res.setHeader('X-XSS-Protection', '1; mode=block'); next(); }); ``` ## Security Checklist - [ ] HTTPS everywhere - [ ] Authentication on all...

Details

Author: secondsky
Repository: secondsky/claude-skills
Created: 6 months ago
Last Updated: 2 weeks ago
Language: TypeScript
License: MIT

Integrates with

Cloudflare · Cloud REST API · API

Similar Skills

Semantically similar based on skill content — not just same category

DevOps & Infrastructure Listed

security-best-practices

Implement security best practices for web applications and infrastructure. Use when securing APIs, preventing common vulnerabilities, or implementing security policies. Handles HTTPS, CORS, XSS, SQL Injection, CSRF, rate limiting, and OWASP Top 10.

335 Updated today

aiskillstore

AI & Automation Listed

api-security-testing

Security testing checklist for HTTP APIs—authn/z, input validation, rate limits, sensitive data exposure, and common OWASP API issues. Use when reviewing or testing REST/GraphQL endpoints before release.

15 Updated 2 days ago

charlieviettq

API & Backend Solid

api-hardening

API security hardening patterns. Use when implementing rate limiting, input validation, CORS configuration, API key management, request throttling, or protecting endpoints from abuse. Covers defense-in-depth strategies for REST APIs with practical implementations for Express, FastAPI, and serverless, oriented around the OWASP API Security Top 10:2023.

234 Updated yesterday

jamditis

API & Backend Listed

api-security

Audita y refuerza la seguridad de APIs REST y GraphQL. Usa cuando el usuario desarrolle endpoints, configure auth, o revise código backend por vulnerabilidades comunes.

0 Updated 2 days ago

Alexendros

AI & Automation Solid

security-headers-configuration

Configures HTTP security headers to protect against XSS, clickjacking, and MIME sniffing attacks. Use when hardening web applications, passing security audits, or implementing Content Security Policy.

162 Updated 2 weeks ago

secondsky