We value your privacy. We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies. Read our Privacy Policy for more information.
PreferencesAccept
Methodology

Our divide-and-conquer approach for dealing with API security

Friday, September 6, 2024
No items found.

In order to maintain security across the REST APIs we build, we use a “divide and conquer” approach. We break down request handling into five sequential steps for nearly all endpoints:

1. Input validation
2. Authentication
3. Authorization
4. Execution
5. Output sanitization

To efficiently ensure security, we examine each of these steps individually and leverage existing frameworks like NestJS, Django and Symfony.

The core setup is reviewed annually for each product in our portfolio during our security training sessions to discuss changes and approaches across teams, products, and languages. Additionally, we conduct a quarterly review of each system using a comprehensive security checklist.

Security has become a cornerstone in our product development operations. Always curious to hear about your best practices!

#digitalstudio #productdevelopment #APIsecurity #cybersecurity

No items found.

See also

Assisting this startup with their cloud architecture, leveraging infrastructure-as-code (IaC)

Assisting this startup with their cloud architecture, leveraging infrastructure-as-code (IaC)

We recently had the pleasure of supporting ReqCon in enhancing their cloud infrastructure with a tailored Infrastructure-as-Code approach. Our short but impactful engagement focused on improving scalability, maintainability, and deployment efficiency—laying solid foundations for their next stage of growth. Always proud to empower ambitious teams with the right tech foundations
Cutting down on AI model usage costs by 40% with monitoring and evaluation

Cutting down on AI model usage costs by 40% with monitoring and evaluation

For one of our clients we recently built an agentic workflow with 10+ distinct chained LLM calls. After the initial build, the latency of the agent was large and the output accuracy insufficient. We solved this problem by implementing diligent monitoring and evaluation metrics for each step in the workflow, using Helicone (YC W23) as a useful tool in this process.
Building an AI agent to transform unstructured documents into SQL insights

Building an AI agent to transform unstructured documents into SQL insights

For one of our clients, we recently built an agentic pipeline that automates data ingestion from unstructured proprietary documents into structured schemas, with automated value alignment and continuous human-in-the-loop validation. As part of our tech toolkit, we've found Mastra to be a useful framework for agent development in Typescript. We recommend checking it out!

Let's build. Together!

We’ll be happy to hear more about your latest product development initiatives. Let’s discover how we can help!
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Are you looking for an entrepreneurial product development partner? Never hesitate to schedule a virtual coffee.

Egwin Avau
Founder & CEO
Schedule a call
Koen Verschooten
Operations manager
Schedule a call