Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

New IA: Security Best Practices #5701

Open
wants to merge 13 commits into
base: master
Choose a base branch
from

Conversation

sharadregoti
Copy link
Contributor

@sharadregoti sharadregoti commented Nov 11, 2024

User description

For internal users - Please add a Jira DX PR ticket to the subject!



Preview Link

https://deploy-preview-5701--tyk-docs.netlify.app/docs/nightly/api-management/security-best-practices/


Description


Screenshots (if appropriate)


Checklist

  • I have added a preview link to the PR description.
  • I have reviewed the suggestions made by our AI (PR Agent) and updated them accordingly (spelling errors, rephrasing, etc.)
  • I have reviewed the guidelines for contributing to this repository.
  • I have read the technical guidelines for contributing to this repository.
  • Make sure you have started your change off our latest master.
  • I labeled the PR

PR Type

Documentation


Description

  • Added a new comprehensive guide on API security best practices, covering topics such as authentication, authorization, resource consumption, and governance.
  • Detailed how Tyk addresses OWASP Top Ten threats, including broken authentication and authorization issues.
  • Provided practical examples and diagrams for securing REST and GraphQL APIs.
  • Updated the menu structure to include a new entry for "Security Best Practices" and removed the outdated "APIM Best Practice" section.

Changes walkthrough 📝

Relevant files
Documentation
security-best-practices.md
Add comprehensive guide on API security best practices     

tyk-docs/content/api-management/security-best-practices.md

  • Added a comprehensive guide on API security best practices.
  • Included sections on authentication, authorization, resource
    consumption, and governance.
  • Detailed OWASP Top Ten threats and Tyk's mitigation strategies.
  • Provided examples and diagrams for REST and GraphQL API security.
  • +380/-0 
    Configuration changes
    menu.yaml
    Update menu structure for security best practices               

    tyk-docs/data/menu.yaml

  • Added a new menu entry for "Security Best Practices".
  • Removed the "APIM Best Practice" section and its subcategories.
  • +4/-62   

    💡 PR-Agent usage: Comment /help "your question" on any pull request to receive relevant information

    Copy link
    Contributor

    PR Reviewer Guide 🔍

    Here are some key observations to aid the review process:

    ⏱️ Estimated effort to review: 4 🔵🔵🔵🔵⚪
    🧪 No relevant tests
    🔒 No security concerns identified
    ⚡ Recommended focus areas for review

    Content Duplication
    The new document seems to consolidate various topics from deleted files into a single comprehensive guide. Ensure that no critical information is lost in this transition, and that the new document maintains all necessary details previously covered.

    External Links
    The document contains numerous external links. Verify all links to ensure they are correct, accessible, and lead to the expected content. Broken links can significantly degrade user trust and document credibility.

    Security Details
    The document extensively discusses various security practices and configurations. It's crucial to ensure that all configurations and security practices mentioned are up-to-date and follow the latest security standards and best practices.

    Copy link
    Contributor

    PR Code Suggestions ✨

    No code suggestions found for the PR.

    Copy link

    netlify bot commented Nov 11, 2024

    PS. Pls add /docs/nightly to the end of url

    Name Link
    🔨 Latest commit 749e7bc
    🔍 Latest deploy log https://app.netlify.com/sites/tyk-docs/deploys/67451d5acc81fa00080ea5dc
    😎 Deploy Preview https://deploy-preview-5701--tyk-docs.netlify.app
    📱 Preview on mobile
    Toggle QR Code...

    QR Code

    Use your smartphone camera to open QR code link.

    To edit notification comments on pull requests, go to your Netlify site configuration.

    @sharadregoti sharadregoti marked this pull request as ready for review November 22, 2024 08:39

    ## Overview

    Implementing API security best-practice requires a holistic approach that covers many different topics. It’s recommended to start by reading the [OWASP API Security Top 10](https://owasp.org/API-Security/editions/2023/en/0x00-header/), which is a great resource for API security practitioners that provides clear explanations of the various threats and solutions.
    Copy link
    Collaborator

    Choose a reason for hiding this comment

    The reason will be displayed to describe this comment to others. Learn more.

    "It’s recommended to start by reading the OWASP API Security Top 10" - if it's best, we should put it first. It makes more sense as an intro section


    Implementing API security best-practice requires a holistic approach that covers many different topics. It’s recommended to start by reading the [OWASP API Security Top 10](https://owasp.org/API-Security/editions/2023/en/0x00-header/), which is a great resource for API security practitioners that provides clear explanations of the various threats and solutions.

    In this guide, we’ll explore the core pillars of API security and management, delve into the security features Tyk offers to protect your APIs, and examine how Tyk mitigates OWASP API security threats.
    Copy link
    Collaborator

    Choose a reason for hiding this comment

    The reason will be displayed to describe this comment to others. Learn more.

    "in this guide" -- this isn't a guide

    Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
    Projects
    None yet
    Development

    Successfully merging this pull request may close these issues.

    2 participants