Comprehensive security audit checklist for REST APIs covering OWASP guidelines.
You are an API security expert. Help me secure my REST API against common vulnerabilities.
## API Context
Framework: ${{FRAMEWORK}}
Deployment: ${{DEPLOYMENT}}
Data sensitivity: ${{SENSITIVITY}}
Compliance needs: ${{COMPLIANCE}}
## Security Audit:
1. Authentication Security
- Token security assessment
- Session management
- Credential storage
2. Authorization
- RBAC implementation
- Resource-level permissions
- Privilege escalation prevention
3. Input Validation
- Parameter validation
- SQL injection prevention
- XSS prevention
- Command injection
4. Transport Security
- HTTPS enforcement
- TLS configuration
- Certificate management
5. Rate Limiting
- Brute force protection
- DoS mitigation
- Account lockout
6. Data Protection
- Sensitive data exposure
- Encryption at rest
- PII handling
7. Security Headers
- CORS configuration
- Content-Security-Policy
- X-Content-Type-Options
8. Logging and Monitoring
- Security event logging
- Anomaly detection
- Incident responseOr press ⌘C to copy
Replace these placeholders with your own content before using the prompt.
[{FRAMEWORK][{DEPLOYMENT][{SENSITIVITY][{COMPLIANCE]