- Login / Sign Out – Manages secure user session creation and termination using protected endpoints and proper session handling.
- Authentication / Authorization – Verifies user identity and enforces permission‑based access to protected resources.
- SSO / JWT / OAuth – Supports federated identity and delegated access through industry‑standard authentication protocols.
- Encrypted Password Storage – Protects stored credentials using strong hashing algorithms such as bcrypt, scrypt, or Argon2.
- Multi‑Factor Authentication (MFA) – Adds an additional verification factor to significantly reduce unauthorized access risk.
- API Token‑Based Security – Secures API endpoints using signed tokens, rotation policies, and strict access scopes.
- API Security - Prefer JWT when you have login and user identity. Use API keys later for machine-to-machine or internal callers if needed.
- Connection String - Production: Use environment variables or a secret store (e.g. Azure Key Vault, AWS Secrets Manager) and avoid putting the real connection string in committed config files.
- HTTPS / TLS Encryption – Encrypts all data in transit to prevent eavesdropping, tampering, or man‑in‑the‑middle attacks.
- SQL Injection Protection – Prevents malicious query manipulation using parameterized queries, ORM safeguards, and strict input validation.
- NoSQL Injection Protection – Blocks injection attacks targeting document databases by validating types and sanitizing query operators.
- Command Injection Protection – Prevents attackers from executing system‑level commands by sanitizing inputs and avoiding unsafe shell calls.
- File Upload Validation – Ensures uploaded files are scanned, validated, and stored safely to prevent malware or arbitrary code execution.
- Rate Limiting & Throttling – Reduces brute‑force and abuse risks by limiting request frequency per user or IP.
- Cross‑Site Scripting (XSS) Protection – Prevents script injection by escaping output, sanitizing input, and enforcing Content Security Policy (CSP).
- Cross‑Site Request Forgery (CSRF) Protection – Blocks unauthorized state‑changing requests using anti‑CSRF tokens and same‑site cookies.
- CORS (Cross‑Origin Resource Sharing) Configuration – Controls which external origins can access APIs to prevent unauthorized cross‑domain requests.
- Clickjacking Protection – Prevents UI overlay attacks using frame‑busting headers like X‑Frame‑Options or frame‑ancestors in CSP.
- HTML Injection Protection – Sanitizes user‑generated content to prevent malicious markup from being rendered in the browser.
- CSS Injection Protection – Blocks style‑based attacks by sanitizing CSS inputs and preventing dynamic style injection.
- DOM‑Based XSS Protection – Secures client‑side JavaScript by avoiding unsafe DOM APIs and validating all dynamic content.
- Audit Logging & Monitoring – Records security‑relevant events to detect anomalies and support incident investigation.
- Secure Session Management – Uses secure cookies, short‑lived tokens, and anti‑CSRF protections to prevent session hijacking.
- Vulnerability Scanning & Patching – Continuously identifies and remediates security flaws in code, dependencies, and infrastructure.