Skip to content

This is a Python based API-Security framework containing ApiSecurityHeader.py script which will check the Security response headers mentioned in OWASP Secure Headers Project are present and contains the required value.

Notifications You must be signed in to change notification settings

AmitKulkarni9/API-Security

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
 
 
 
 
 
 

Repository files navigation

API-Security

Introduction

When an API is accessed by method say for e.g. Get/Post it will give some response containing response data, response code along-with response headers.

The OWASP Secure Headers Project describes these HTTP response headers that applications can use to increase the security of the application. Once set, these HTTP response headers can restrict modern browsers from running into easily preventable vulnerabilities. The OWASP Secure Headers Project intends to raise awareness and use of these headers. Below are the Response Headers described by OWASP which increases the security of the application.

Response Headers

HTTP Strict Transport Security (HSTS)

X-Frame-Options

X-Content-Type-Options

Content-Security-Policy

X-Permitted-Cross-Domain-Policies

Referrer-Policy

Feature-Policy

Public Key Pinning Extension for HTTP (HPKP)

Expect-CT

X-XSS-Protection

Solution

This is a Python based API-Security framework containing ApiSecurityHeader.py script which will check the above mentioned Security response headers are present and contains the required value. The script will work for ANY API provided. It supports both get and post method.

Reference

https://github.com/OWASP/www-project-secure-headers

About

This is a Python based API-Security framework containing ApiSecurityHeader.py script which will check the Security response headers mentioned in OWASP Secure Headers Project are present and contains the required value.

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages