Underprotected APIs pattern: bulkheading to limit the size of hacks pattern: communicate with most secure possbile
- public-facing API: TLS
- pattern: configure to reject protocol downgrades
- pattern: keep root Certificate Authority (CA) files up to date
- business-to-business: bi-directional certificates
pattern: verify with generative testing library that your parser (JSON / XML / …) is hardened against malicious input pattern: fuzz-testing APIs & check failure responses rejects safely
(src: