This is probably the first Open Source (MIT) book on Headless Application Security. Everyone is invited to contribute! Single Page Applications, JAM Stack, Headless - the features these architectures provide sound all too good. We've been told the apps can be now developed at two different speeds - so we can experiment with new shiny frontend features. The applications are faster than ever and even include some native-like features - so-called Progressive Web Apps :-)
With all the buzz-words and feature/benefit-oriented discussion at some point we thought: there is too little discussion about the best practices. Especially regarding the Security. The frontend applications are very often developed by the frontend-teams that didn't have to to worry so much about the security and security before. With this paradigm shift - more and more business logic - especially including integrations with third-party systems is taking place in the frontend.
The times where you needed to worry about SQL Injection are probably gone. Now you query some API from Amazon, Azure, Firebase, Elastic or MongoDB. No problem. However there is a whole new set of issues and vulnerabilities we need to aware off. Including - API authorization, session handling, exposing sensitive information, SSR caching and so on.
This e-book is all about it. To show the best practices how to secure your API-first/Headless applications. It's been started by Vue Storefront Community. We hope it will be continued by the contributors. We'd like to gather the best practices from many different Open Source projects, in one single place, with actionable examples of DO's and DONT's. Everyone is invited to contribute!
CTO at Divante and Co-founder of Vue Storefront. 15+ years of professional Software Engineering and Project Management experience. Still coding in spare time.
I've also tried my hand in writing with the book "E-Commerce technology for managers". My career started as a software developer and co-creator of about 30 commercial desktop and web applications.
We're looking for contributors
Vue Storefront - PWA for eCommerce. 100% offline, platform agnostic, headless, Magento 2 supported. Always Open Source, MIT license. Join us as contributor (contributors@vuestorefront.io). Check out our new blog: https://blog.vuestorefront.io/