This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

What's Apigee's recommended best practices/views on sanitization in a context of security and API management?

Posted on 07-24-2016 07:43 AM
anilsr
Staff
Reply posted on --/--/---- --:-- AM

Should the libraries like https://github.com/owasp/json-sanitizer be mandatory or optional? Is there an overlap between JSON sanitization and JSON Threat protection? Anyone using sanitization policies? Any other relevant considerations?

~~Q:S:S~~

1 1 388
Topic Labels
1 REPLY 1

Posted on --/--/---- --:-- AM
davissean
Staff
Reply posted on --/--/---- --:-- AM
@Yuriy

may disagree, but I feel the performance overhead of a policy like this may outweigh the benefits. I would not recommend this for all APIs, but only those with specific security concerns. It is likely that this could be implemented in the backend, so the performance of the API tier would not be affected.