From 5d604b23e490c95051982ef4f7e6899b0ef08d0f Mon Sep 17 00:00:00 2001
From: Matheus Fidelis <msfidelis@users.noreply.github.com>
Date: Thu, 13 Jul 2017 08:27:52 -0300
Subject: [PATCH 001/149] Update README.md

Add Monitoring session.
---
 README.md | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/README.md b/README.md
index a78cfef..bea2334 100644
--- a/README.md
+++ b/README.md
@@ -60,6 +60,13 @@ Checklist of the most important security countermeasures when designing, testing
 - [ ] Ensure that all components of your services are statically scanned by AV software before push to production, including vendor libraries and other dependencies.
 - [ ] Design a rollback solution for deployments.
 
+## Monitoring
+- [ ] Use centralized loggins for all services and components.
+- [ ] Use agents to monitoring all trafic, errors, requests and responses.
+- [ ] Use alerts for SMS, Slack, Email, Telegram, Kibana, Cloudwatch e etc.
+- [ ] Check if you don't log sensetive data like Credid Cards, Passwords and PIN's.
+- [ ] Use an IDS or/and IPS system to monitoring your API requests and instances. 
+
 
 ------------------------------------------------------------------------------
 

From 54f906bd585d896e83d4f9f76dd965bda402a5a5 Mon Sep 17 00:00:00 2001
From: Ippei Ogiwara <ogiwara@gmail.com>
Date: Sat, 15 Jul 2017 18:08:33 +0900
Subject: [PATCH 002/149] start translating into Japanese

---
 README-ja.md | 67 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 67 insertions(+)
 create mode 100644 README-ja.md

diff --git a/README-ja.md b/README-ja.md
new file mode 100644
index 0000000..cc5681b
--- /dev/null
+++ b/README-ja.md
@@ -0,0 +1,67 @@
+[中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국의](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md)
+
+# APIセキュリティチェックリスト
+APIを設計、テスト、リリースするときの最も重要なセキュリティ対策のチェックリスト
+
+------------------------------------------------------------------------------
+## 認証
+- [ ] Don't use `Basic Auth` Use standard authentication (e.g. JWT, OAuth).
+- [ ] Don't reinvent the wheel in `Authentication`, `token generating`, `password storing` use the standards.
+- [ ] Use `Max Retry` and jail features in Login.
+- [ ] Use encryption on all sensitive data. 
+
+### JWT (JSON Web Token)
+- [ ] Use random complicated key (`JWT Secret`) to make brute forcing token very hard.
+- [ ] Don't extract the algorithm from the payload. Force algorithm in the backend (`HS256` or `RS256`).
+- [ ] Make token expiration (`TTL`, `RTTL`) as short as possible.
+- [ ] Don't store sensitive data in the JWT payload, it can be decoded [easily](https://jwt.io/#debugger-io).
+
+### OAuth
+- [ ] Always validate `redirect_uri` on server side to allow only whitelisted URLs.
+- [ ] Always try to exchange for code not tokens (don't allow `response_type=token`).
+- [ ] Use `state` parameter with a random hash to prevent CSRF on OAuth authentication process.
+- [ ] Define default scope, and validate scope parameter for each application.
+
+## アクセス
+- [ ] Limit requests (Throttling) to avoid DDoS / Bruteforce attacks.
+- [ ] Use HTTPS on server side to avoid MITM (Man In The Middle Attack).
+- [ ] Use `HSTS` header with SSL to avoid SSL Strip attack.
+
+## 入力
+- [ ] Use proper HTTP method according to operation, `GET (read)`, `POST (create)`, `PUT/PATCH (replace/update)` and `DELETE (to delete a record)` and respond with `405 Method Not Allowed` if requested method don't exists in resource.
+- [ ] Validate `content-type` on request Accept header (Content Negotiation) to allow only your supported format (e.g. `application/xml`, `application/json`... etc) and respond with `406 Not Acceptable` response if not matched.
+- [ ] Validate `content-type` of posted data as you accept (e.g. `application/x-www-form-urlencoded`, `multipart/form-data ,application/json`... etc ).
+- [ ] Validate User input to avoid common vulnerabilities (e.g. `XSS`, `SQL-Injection` , `Remote Code Execution`... etc).
+- [ ] Don't use any sensitive data (`credentials` , `Passwords`, `security tokens`, or `API keys`) in the URL, but use standard Authorization header.
+- [ ] Use a API Gateway service to enable caching, Rate Limit, Spike Arrest and deploy API's resourses dynamically
+
+## 処理
+- [ ] Check if all the endpoints are protected behind authentication to avoid broken authentication process.
+- [ ] User own resource id should be avoided. Use `/me/orders` instead of `/user/654321/orders`
+- [ ] Don't use auto increment id's use `UUID` instead.
+- [ ] If you are parsing XML files, make sure entity parsing is not enabled to avoid `XXE` (XML external entity attack).
+- [ ] If you are parsing XML files, make sure entity expansion is not enabled to avoid `Billion Laughs/XML bomb` via exponential entity expansion attack.
+- [ ] Use CDN for file uploads.
+- [ ] If you are dealing with huge amount of data, use Workers and Queues to process as much as possible in background and return response fast to avoid HTTP Blocking.
+- [ ] Do not forget to turn the DEBUG mode OFF.
+
+## 出力
+- [ ] Send `X-Content-Type-Options: nosniff` header.
+- [ ] Send `X-Frame-Options: deny` header.
+- [ ] Send `Content-Security-Policy: default-src 'none'` header.
+- [ ] Remove fingerprinting headers - `X-Powered-By`, `Server`, `X-AspNet-Version` etc.
+- [ ] Force `content-type` for your response, if you return `application/json` then your response `content-type` is `application/json`.
+- [ ] Don't return sensitive data like `credentials`, `Passwords`, `security tokens`.
+- [ ] Return the proper status code according to the operation completed. (e.g. `200 OK`, `400 Bad Request`, `401 Unauthorized`, `405 Method Not Allowed` ... etc).
+
+## CI & CD (継続的インテグレーションと継続的デリバリー)
+- [ ] 設計と実装をユニットテスト、インテグレーションテストのカバレッジで監査する
+- [ ] コードレビューのプロセスを採用し、自身による承認を無視する
+- [ ] プロダクションへプッシュする前に、ベンダのライブラリ、その他の依存関係を含め、サービスの全ての要素がアンチウィルスソフトウェアで静的スキャンを確実に実施する
+- [ ] デプロイについてロールバックソリューションを開発する
+
+
+------------------------------------------------------------------------------
+
+# コントリビューション
+このリポジトリをforkして、変更し、プルリクエストを送信し、自由にコントリビューションしてください。何か質問があれば `team@shieldfy.io` まで電子メールを送ってください。

From 75594d506c439da39e074ec20ede1500ab738ebd Mon Sep 17 00:00:00 2001
From: Ippei Ogiwara <ogiwara@gmail.com>
Date: Sun, 16 Jul 2017 22:15:47 +0900
Subject: [PATCH 003/149] add localize to Authentication, JWT, OAuth, Access

---
 README-ja.md | 28 ++++++++++++++--------------
 1 file changed, 14 insertions(+), 14 deletions(-)

diff --git a/README-ja.md b/README-ja.md
index cc5681b..78d78dc 100644
--- a/README-ja.md
+++ b/README-ja.md
@@ -5,27 +5,27 @@ APIを設計、テスト、リリースするときの最も重要なセキュ
 
 ------------------------------------------------------------------------------
 ## 認証
-- [ ] Don't use `Basic Auth` Use standard authentication (e.g. JWT, OAuth).
-- [ ] Don't reinvent the wheel in `Authentication`, `token generating`, `password storing` use the standards.
-- [ ] Use `Max Retry` and jail features in Login.
-- [ ] Use encryption on all sensitive data. 
+- [ ] Basic認証を利用せず、標準的な認証を利用する (例: JWT、OAuth)
+- [ ] 「認証」、「トークンの生成」、「パスワードの保管」の車輪の再発明を行わず、標準のものを利用する
+- [ ] ログインでは「最大再試行回数(Max Retry)」とjail機能を利用する
+- [ ] 全ての機密データは暗号化する
 
 ### JWT (JSON Web Token)
-- [ ] Use random complicated key (`JWT Secret`) to make brute forcing token very hard.
-- [ ] Don't extract the algorithm from the payload. Force algorithm in the backend (`HS256` or `RS256`).
-- [ ] Make token expiration (`TTL`, `RTTL`) as short as possible.
-- [ ] Don't store sensitive data in the JWT payload, it can be decoded [easily](https://jwt.io/#debugger-io).
+- [ ] ランダムで複雑なキー (`JWT Secret`) を利用し、トークンに対するブルートフォース攻撃を困難にする
+- [ ] ペイロードからアルゴリズムを取り出さない。バックエンドでアルゴリズムを強制する。(`HS256` か `RS256`)
+- [ ] トークンの有効期限 (`TTL`, `RTTL`) を可能な限り短くする。
+- [ ] 機密データをJWTペイロードに格納しない。それは[簡単に](https://jwt.io/#debugger-io)復号できる。
 
 ### OAuth
-- [ ] Always validate `redirect_uri` on server side to allow only whitelisted URLs.
+- [ ] 常に `redirect_uri` をサーバ側でホワイトリストされたURLのみを許可するよう検証する。
 - [ ] Always try to exchange for code not tokens (don't allow `response_type=token`).
-- [ ] Use `state` parameter with a random hash to prevent CSRF on OAuth authentication process.
-- [ ] Define default scope, and validate scope parameter for each application.
+- [ ] `state` パラメータをランダムなハッシュと共に利用し、OAuth認証プロセスでのCSRFを防ぐ。
+- [ ] デフォルトのscopeを定義し、アプリケーション毎にscopeパラメータを検証する。
 
 ## アクセス
-- [ ] Limit requests (Throttling) to avoid DDoS / Bruteforce attacks.
-- [ ] Use HTTPS on server side to avoid MITM (Man In The Middle Attack).
-- [ ] Use `HSTS` header with SSL to avoid SSL Strip attack.
+- [ ] DDoS / ブルートフォース攻撃を防ぐためリクエストの制限 (スロットリング) を行う。
+- [ ] HTTPSをサーバ側で利用しMITM (Man In The Middle Attack) を回避する。
+- [ ] `HSTS`ヘッダをSSLと共に利用し、SSL Strip攻撃を回避する。
 
 ## 入力
 - [ ] Use proper HTTP method according to operation, `GET (read)`, `POST (create)`, `PUT/PATCH (replace/update)` and `DELETE (to delete a record)` and respond with `405 Method Not Allowed` if requested method don't exists in resource.

From 20e0d6209e6370942c3a20066d6263a31989aee7 Mon Sep 17 00:00:00 2001
From: Mohamed Oun <mohamed3on@gmail.com>
Date: Tue, 18 Jul 2017 18:54:09 +0200
Subject: [PATCH 004/149] Add links for more info.

---
 README.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 82945a3..6ccaad2 100644
--- a/README.md
+++ b/README.md
@@ -5,8 +5,8 @@ Checklist of the most important security countermeasures when designing, testing
 
 ------------------------------------------------------------------------------
 ## Authentication
-- [ ] Don't use `Basic Auth` Use standard authentication (e.g. JWT, OAuth).
-- [ ] Don't reinvent the wheel in `Authentication`, `token generating`, `password storing`. Use the standards.
+- [ ] Don't use `Basic Auth` Use standard authentication (e.g. [JWT](https://jwt.io/), [OAuth](https://oauth.net/)).
+- [ ] Don't reinvent the wheel in `Authentication`, `token generation`, `password storage`. Use the standards.
 - [ ] Use `Max Retry` and jail features in Login.
 - [ ] Use encryption on all sensitive data.
 
@@ -41,7 +41,7 @@ Checklist of the most important security countermeasures when designing, testing
 - [ ] Don't auto-increment IDs. Use `UUID` instead.
 - [ ] If you are parsing XML files, make sure entity parsing is not enabled to avoid `XXE` (XML external entity attack).
 - [ ] If you are parsing XML files, make sure entity expansion is not enabled to avoid `Billion Laughs/XML bomb` via exponential entity expansion attack.
-- [ ] Use CDN for file uploads.
+- [ ] Use a CDN for file uploads.
 - [ ] If you are dealing with huge amount of data, use Workers and Queues to process as much as possible in background and return response fast to avoid HTTP Blocking.
 - [ ] Do not forget to turn the DEBUG mode OFF.
 

From 0cdb47ae5b99f4c9d62e4ddff75c3f2c35fa842c Mon Sep 17 00:00:00 2001
From: Christian Illies <kloener@gmx.net>
Date: Wed, 19 Jul 2017 10:26:45 +0200
Subject: [PATCH 005/149] Create README-de.md

---
 README-de.md | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 README-de.md

diff --git a/README-de.md b/README-de.md
new file mode 100644
index 0000000..8b13789
--- /dev/null
+++ b/README-de.md
@@ -0,0 +1 @@
+

From 593fa75be4dacde24558c1659525b4f91e0fcaf3 Mon Sep 17 00:00:00 2001
From: Christian Illies <handspiel@MacBook-CI-Pro.lan.evermind.de>
Date: Wed, 19 Jul 2017 10:36:30 +0200
Subject: [PATCH 006/149] WIP translated first block in readme

---
 README-de.md | 67 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 67 insertions(+)

diff --git a/README-de.md b/README-de.md
index 8b13789..cde9b1e 100644
--- a/README-de.md
+++ b/README-de.md
@@ -1 +1,68 @@
+[中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md)
 
+# API Security Checkliste
+Checkliste für die wichtigsten Sicherheitsmaßnahmen beim Designen, Testen und Veröffentlichen deiner API.
+
+------------------------------------------------------------------------------
+## Authentifizierung
+- [ ] Verwende kein `Basic Auth`. Nutze standardisierte Authentifizierungsmethoden (bspw. JWT, OAuth).
+- [ ] Don't reinvent the wheel in `Authentication`, `token generating`, `password storing`. Use the standards.
+- [ ] Erfinde das Rad nicht neu für `Authentication`, `Tokengenerierung` oder `Passwort speichern`. Nutze hierfür existierende Standards.
+- [ ] Nutze eine `limitierte Anzahl von Anmeldeversuche` und Aussperrfunktionen (Ban, IP-Block, Permanent) im Loginprozess.
+- [ ] Nutze Verschlüsselung für alle sensitiven Daten.
+
+### JWT (JSON Web Token)
+- [ ] Use a random complicated key (`JWT Secret`) to make brute forcing the token very hard.
+- [ ] Don't extract the algorithm from the payload. Force the algorithm in the backend (`HS256` or `RS256`).
+- [ ] Make token expiration (`TTL`, `RTTL`) as short as possible.
+- [ ] Don't store sensitive data in the JWT payload, it can be decoded [easily](https://jwt.io/#debugger-io).
+
+### OAuth
+- [ ] Always validate `redirect_uri` server-side to allow only whitelisted URLs.
+- [ ] Always try to exchange for code and not tokens (don't allow `response_type=token`).
+- [ ] Use `state` parameter with a random hash to prevent CSRF on the OAuth authentication process.
+- [ ] Define the default scope, and validate scope parameters for each application.
+
+## Access
+- [ ] Limit requests (Throttling) to avoid DDoS / brute-force attacks.
+- [ ] Use HTTPS on server side to avoid MITM (Man In The Middle Attack).
+- [ ] Use `HSTS` header with SSL to avoid SSL Strip attack.
+
+## Input
+- [ ] Use the proper HTTP method according to the operation: `GET (read)`, `POST (create)`, `PUT/PATCH (replace/update)`, and `DELETE (to delete a record)`, and respond with `405 Method Not Allowed` if the requested method isn't appropriate for the requested resource.
+- [ ] Validate `content-type` on request Accept header (Content Negotiation) to allow only your supported format (e.g. `application/xml`, `application/json`, etc) and respond with `406 Not Acceptable` response if not matched.
+- [ ] Validate `content-type` of posted data as you accept (e.g. `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json`, etc).
+- [ ] Validate User input to avoid common vulnerabilities (e.g. `XSS`, `SQL-Injection`, `Remote Code Execution`, etc).
+- [ ] Don't use any sensitive data (`credentials`, `Passwords`, `security tokens`, or `API keys`) in the URL, but use standard Authorization header.
+- [ ] Use an API Gateway service to enable caching, Rate Limit policies (e.g. `Quota`, `Spike Arrest`, `Concurrent Rate Limit`) and deploy APIs resources dynamically.
+
+## Processing
+- [ ] Check if all the endpoints are protected behind authentication to avoid broken authentication process.
+- [ ] User own resource ID should be avoided. Use `/me/orders` instead of `/user/654321/orders`.
+- [ ] Don't auto-increment IDs. Use `UUID` instead.
+- [ ] If you are parsing XML files, make sure entity parsing is not enabled to avoid `XXE` (XML external entity attack).
+- [ ] If you are parsing XML files, make sure entity expansion is not enabled to avoid `Billion Laughs/XML bomb` via exponential entity expansion attack.
+- [ ] Use CDN for file uploads.
+- [ ] If you are dealing with huge amount of data, use Workers and Queues to process as much as possible in background and return response fast to avoid HTTP Blocking.
+- [ ] Do not forget to turn the DEBUG mode OFF.
+
+## Output
+- [ ] Send `X-Content-Type-Options: nosniff` header.
+- [ ] Send `X-Frame-Options: deny` header.
+- [ ] Send `Content-Security-Policy: default-src 'none'` header.
+- [ ] Remove fingerprinting headers - `X-Powered-By`, `Server`, `X-AspNet-Version` etc.
+- [ ] Force `content-type` for your response, if you return `application/json` then your response `content-type` is `application/json`.
+- [ ] Don't return sensitive data like `credentials`, `Passwords`, `security tokens`.
+- [ ] Return the proper status code according to the operation completed. (e.g. `200 OK`, `400 Bad Request`, `401 Unauthorized`, `405 Method Not Allowed`, etc).
+
+## CI & CD
+- [ ] Audit your design and implementation with unit/integration tests coverage.
+- [ ] Use a code review process and disregard self-approval.
+- [ ] Ensure that all components of your services are statically scanned by AV software before push to production, including vendor libraries and other dependencies.
+- [ ] Design a rollback solution for deployments.
+
+
+------------------------------------------------------------------------------
+
+# Contribution
+Feel free to contribute by forking this repository, making some changes, and submitting pull requests. For any questions drop us an email at `team@shieldfy.io`.

From 8e32405af2063a7acecdd906d83755f864b21272 Mon Sep 17 00:00:00 2001
From: Christian Illies <handspiel@MacBook-CI-Pro.lan.evermind.de>
Date: Wed, 19 Jul 2017 10:37:44 +0200
Subject: [PATCH 007/149] german translation added

---
 README-de.md    | 81 ++++++++++++++++++++++++-------------------------
 README-es.md    |  2 +-
 README-fr.md    |  2 +-
 README-id.md    |  2 +-
 README-it.md    |  2 +-
 README-jp.md    |  2 +-
 README-ko.md    |  2 +-
 README-nl.md    |  2 +-
 README-pt_BR.md |  2 +-
 README-ru.md    |  2 +-
 README-th.md    |  2 +-
 README-uk.md    |  2 +-
 README-zh.md    |  2 +-
 README.md       |  2 +-
 14 files changed, 53 insertions(+), 54 deletions(-)

diff --git a/README-de.md b/README-de.md
index cde9b1e..d73955c 100644
--- a/README-de.md
+++ b/README-de.md
@@ -12,57 +12,56 @@ Checkliste für die wichtigsten Sicherheitsmaßnahmen beim Designen, Testen und
 - [ ] Nutze Verschlüsselung für alle sensitiven Daten.
 
 ### JWT (JSON Web Token)
-- [ ] Use a random complicated key (`JWT Secret`) to make brute forcing the token very hard.
-- [ ] Don't extract the algorithm from the payload. Force the algorithm in the backend (`HS256` or `RS256`).
-- [ ] Make token expiration (`TTL`, `RTTL`) as short as possible.
-- [ ] Don't store sensitive data in the JWT payload, it can be decoded [easily](https://jwt.io/#debugger-io).
+- [ ] Verwende einen per Zufall generierten, komplizierten Schlüssel (`JWT Secret`), um Brute Force Attacken gegen diesen so schwer wie möglich zu machen.
+- [ ] Verwende den Algorithmus des Payloads ausschließlich über das Backend, sodass dieser geheim bleibt (`HS256` or `RS256`).
+- [ ] Lege einen möglichst kurzen Gültigkeitszeitraum für den Token fest (`TTL`, `RTTL`).
+- [ ] Speichere keine sensitiven Daten im JWT Payload, denn dieser kann [einfach entkodiert werden](https://jwt.io/#debugger-io).
 
 ### OAuth
-- [ ] Always validate `redirect_uri` server-side to allow only whitelisted URLs.
-- [ ] Always try to exchange for code and not tokens (don't allow `response_type=token`).
-- [ ] Use `state` parameter with a random hash to prevent CSRF on the OAuth authentication process.
-- [ ] Define the default scope, and validate scope parameters for each application.
+- [ ] Überprüfe stets die `redirect_uri` serverseitig und erlaube nur URLs aus einer Whitelist.
+- [ ] Frage immer mit einem Access-Code (vom initialen Request) einen Access-Token ab (verbiete `response_type=token`).
+- [ ] Nutze den `state` Parameter immer mit einem zufälligem Hash, um CSRF auf den OAuth Authentifizierungsprozess zu verhindern.
+- [ ] Definiere einen Standard-Scope und validiere alle Scope Parameter für jede Applikation.
 
-## Access
-- [ ] Limit requests (Throttling) to avoid DDoS / brute-force attacks.
-- [ ] Use HTTPS on server side to avoid MITM (Man In The Middle Attack).
-- [ ] Use `HSTS` header with SSL to avoid SSL Strip attack.
+## Zugriff
+- [ ] Limitiere alle Requests (Throttling), um DDoS / Brute-Force Attacken zu verhindern.
+- [ ] Nutze HTTPS serverseitig, um MITM (Man In The Middle Attack) zu verhindern.
+- [ ] Setze `HSTS` (HTTP Strict Transport Security) im Header bei SSL, um SSLStrip Attacken zu verhindern.
 
 ## Input
-- [ ] Use the proper HTTP method according to the operation: `GET (read)`, `POST (create)`, `PUT/PATCH (replace/update)`, and `DELETE (to delete a record)`, and respond with `405 Method Not Allowed` if the requested method isn't appropriate for the requested resource.
-- [ ] Validate `content-type` on request Accept header (Content Negotiation) to allow only your supported format (e.g. `application/xml`, `application/json`, etc) and respond with `406 Not Acceptable` response if not matched.
-- [ ] Validate `content-type` of posted data as you accept (e.g. `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json`, etc).
-- [ ] Validate User input to avoid common vulnerabilities (e.g. `XSS`, `SQL-Injection`, `Remote Code Execution`, etc).
-- [ ] Don't use any sensitive data (`credentials`, `Passwords`, `security tokens`, or `API keys`) in the URL, but use standard Authorization header.
-- [ ] Use an API Gateway service to enable caching, Rate Limit policies (e.g. `Quota`, `Spike Arrest`, `Concurrent Rate Limit`) and deploy APIs resources dynamically.
+- [ ] Nutze für Requests die passenden HTTP Methoden: `GET (Lesen)`, `POST (Erzeugen)`, `PUT/PATCH (Ersetzen/Aktualisieren)`, and `DELETE (Datensatz löschen)`, und gib `405 Method Not Allowed`, wenn die angeforderte Methode nicht auf die Ressource passt.
+- [ ] Validiere den `content-type` im "Accept" Header der Anfrage und erlaube nur unterstützte Formate (wie `application/xml`, `application/json`, etc.). Gib den Response `406 Not Acceptable` zurück, wenn keine der übergebenen Content-Typen unterstützt wird.
+- [ ] Validiere den `Content-Type`  im Header der Anfrage für übertragene Daten (bspw. POST oder PUT) wie bspw. `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json`, usw.
+- [ ] Validiere immer alle Eingaben im Request und allen Parametern um allgemeine Angriffsmöglichkeiten zu verhindern (bspw. `XSS`, `SQL-Injection`, `Remote Code Execution`, etc.).
+- [ ] Verwende niemals sensitive Daten (`Anmeldedaten`, `Passwörter`, `Security Tokens`, oder `API-Schlüssel`) in der URL, aber nutze den standardisierten "Authorization" Header.
+- [ ] Nutze ein API Gateway Service für Caching, Rate Limit Regeln (bspw. `Quota`, `Spike Arrest`, `Concurrent Rate Limit`) und der Bereitstellung dynamischer API Ressourcen.
 
-## Processing
-- [ ] Check if all the endpoints are protected behind authentication to avoid broken authentication process.
-- [ ] User own resource ID should be avoided. Use `/me/orders` instead of `/user/654321/orders`.
-- [ ] Don't auto-increment IDs. Use `UUID` instead.
-- [ ] If you are parsing XML files, make sure entity parsing is not enabled to avoid `XXE` (XML external entity attack).
-- [ ] If you are parsing XML files, make sure entity expansion is not enabled to avoid `Billion Laughs/XML bomb` via exponential entity expansion attack.
-- [ ] Use CDN for file uploads.
-- [ ] If you are dealing with huge amount of data, use Workers and Queues to process as much as possible in background and return response fast to avoid HTTP Blocking.
-- [ ] Do not forget to turn the DEBUG mode OFF.
+## Verarbeitung
+- [ ] Überprüfe, ob alle Endpunkte mit einer Authentifizierung geschützt sind.
+- [ ] Nutzereigene Ressourcen-Ids sollten vermieden werden. Verwende `/me/orders` statt `/user/654321/orders`.
+- [ ] Verwende keine automatisch hochzählende IDs, sondern `UUID`, damit Ressourcen nicht einfach erraten werden können.
+- [ ] Beim Verarbeiten einer XML-Datei, sollte Entitätsverarbeitung deaktiviert sein, um `XXE` (XML External Entity Attacken) zu verhindern.
+- [ ] Beim Verarbeiten einer XML-Datei, sollte Entitätsexpansion deaktiviert sein, um `Billion Laughs/XML Bombe` zu verhindern.
+- [ ] Nutze CDN für Dateiuploads.
+- [ ] Wenn du eine große Menge an Daten verarbeiten musst, nutze Worker und Queues, um so viel wie möglich im Hintergrund zu verarbeiten und schnelle Antwortzeiten zu gewährleisten.
+- [ ] Vergiss nicht den DEBUG Modus zu deaktivieren.
 
 ## Output
-- [ ] Send `X-Content-Type-Options: nosniff` header.
-- [ ] Send `X-Frame-Options: deny` header.
-- [ ] Send `Content-Security-Policy: default-src 'none'` header.
-- [ ] Remove fingerprinting headers - `X-Powered-By`, `Server`, `X-AspNet-Version` etc.
-- [ ] Force `content-type` for your response, if you return `application/json` then your response `content-type` is `application/json`.
-- [ ] Don't return sensitive data like `credentials`, `Passwords`, `security tokens`.
-- [ ] Return the proper status code according to the operation completed. (e.g. `200 OK`, `400 Bad Request`, `401 Unauthorized`, `405 Method Not Allowed`, etc).
-
-## CI & CD
-- [ ] Audit your design and implementation with unit/integration tests coverage.
-- [ ] Use a code review process and disregard self-approval.
-- [ ] Ensure that all components of your services are statically scanned by AV software before push to production, including vendor libraries and other dependencies.
-- [ ] Design a rollback solution for deployments.
+- [ ] Sende `X-Content-Type-Options: nosniff` im Header.
+- [ ] Sende `X-Frame-Options: deny` im Header.
+- [ ] Sende `Content-Security-Policy: default-src 'none'` im Header.
+- [ ] Entferne Header wie `X-Powered-By`, `Server`, `X-AspNet-Version` etc., um eventuell veraltete Softwareversionen nicht zu verraten.
+- [ ] Sende immer einen `Content-Type` bei Antworten. Wenn du ein JSON lieferst gib als `Content-Type` `application/json` an.
+- [ ] Gib niemals sensitive Daten zurück wie `Anmeldedaten`, `Passwörter` oder `Sicherheitsschlüssel`.
+- [ ] Verwende immer einen passenden HTTP Statuscode je nach Status der Operation (bspw. `200 OK`, `400 Bad Request`, `401 Unauthorized`, `405 Method Not Allowed`, etc.).
 
+## Kontinuierliche Integration (CI) & Continuous Delivery (CD)
+- [ ] Nutze Unit- und Integrationstest und deren Abdeckung (Test Coverage), um deine Implementierungen und Design zu kontrollieren.
+- [ ] Nutze einen Code Review Prozess, aber bleib sachlich.
+- [ ] Stelle sicher, dass alle verwendeten Komponenten (Bibliotheken und alle anderen Abhängigkeiten) noch einmal statich von einer Anti-Virus Software überprüft wurden bevor diese in die Produktionsumgebung gehen.
+- [ ] Stelle sicher, dass du im Fehlerfall auch schnell wieder den vorherigen Stand einspielen kannst (Rollback).
 
 ------------------------------------------------------------------------------
 
 # Contribution
-Feel free to contribute by forking this repository, making some changes, and submitting pull requests. For any questions drop us an email at `team@shieldfy.io`.
+Du kannst gerne etwas beisteuern, indem du einen Fork dieses Repositorys erstellst, Änderungen vornimmst und dann einen Pull Request anlegst. Bei Fragen schick uns eine E-Mail an `team@shieldfy.io`.
diff --git a/README-es.md b/README-es.md
index 4953e4b..5db464c 100644
--- a/README-es.md
+++ b/README-es.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md)
+[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md)
 
 # Lista de seguridad en APIs
 Lista de las contramedidas de seguridad más importantes en cuanto al diseño, testing y publicación de tu API.
diff --git a/README-fr.md b/README-fr.md
index cc8a81c..215e589 100644
--- a/README-fr.md
+++ b/README-fr.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md)
+[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md)
 
 # API Security Checklist
 Checklist des points de sécurité les plus importants lors de la conception, du test et de la mise en production de votre API.
diff --git a/README-id.md b/README-id.md
index 38231f7..9718d43 100644
--- a/README-id.md
+++ b/README-id.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md)
+[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md)
 
 # Checklist Keamanan API
 Checklist penanggulangan keamanan yang paling penting ketika merancang, menguji, dan melepaskan API ke khalayak
diff --git a/README-it.md b/README-it.md
index 7ef3876..3451aff 100644
--- a/README-it.md
+++ b/README-it.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [日本語](./README-jp.md)
+[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md)
 
 # Checklist per la sicurezza delle API
 Una checklist per le più importanti contromisure da mettere in pratica quando strutturiamo, testiamo e rilasciamo le nostre API.
diff --git a/README-jp.md b/README-jp.md
index 9ed06f0..02d2749 100644
--- a/README-jp.md
+++ b/README-jp.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md)
+[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [Deutsch](./README-de.md)
 
 # API Security Checklist
 これはAPIの設計, テスト, リリース時における、重要なセキュリティ対策チェックリストです。
diff --git a/README-ko.md b/README-ko.md
index 2e0f7ad..333038f 100644
--- a/README-ko.md
+++ b/README-ko.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md)
+[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md)
 
 # API 보안 체크리스트
 API를 설계하고 테스트하고 배포할 때 고려해야 할 중요한 보안 대책 체크리스트입니다.
diff --git a/README-nl.md b/README-nl.md
index 64fd043..7f52ed1 100644
--- a/README-nl.md
+++ b/README-nl.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md)
+[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md)
 
 # API Security Checklist
 Checklist met de belangrijkste tegenmaatregelen bij het ontwerpen, testen en uitbrengen van een API.
diff --git a/README-pt_BR.md b/README-pt_BR.md
index 1251d14..dffc92c 100644
--- a/README-pt_BR.md
+++ b/README-pt_BR.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [中文版](./README-zh.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md)
+[English](./README.md) | [中文版](./README-zh.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md)
 
 # API Security Checklist
 Lista das mais importantes medidas de segurança para o desenvolvimento, teste e publicação da sua API.
diff --git a/README-ru.md b/README-ru.md
index f3f0ac4..2245ca4 100644
--- a/README-ru.md
+++ b/README-ru.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md)
+[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md)
 
 # Контрольный список безопасности API
 Контрольный список наиболее важных контрмер безопасности при разработке, тестировании и выпуске вашего API.
diff --git a/README-th.md b/README-th.md
index 3ce8253..628e061 100644
--- a/README-th.md
+++ b/README-th.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md)
+[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md)
 
 # API Security Checklist
 Checklist ที่ต้องให้ความสำคัญเมื่อมีการสร้าง API ในช่วงการออกแบบ ทดสอบระบบ และการปล่อยให้คนนอกใช้
diff --git a/README-uk.md b/README-uk.md
index 405e4be..a087fdf 100644
--- a/README-uk.md
+++ b/README-uk.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md)
+[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md)
 
 # Контрольний список безпеки API
 Контрольний список найбільш важливих контрзаходів безпеки при розробці, тестуванні та випуску вашого API.
diff --git a/README-zh.md b/README-zh.md
index d6a26f7..84e028a 100644
--- a/README-zh.md
+++ b/README-zh.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md)
+[English](./README.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md)
 
 # 开发安全的 API 所需要核对的清单
 以下是当你在设计, 测试以及发布你的 API 的时候所需要核对的重要安全措施.
diff --git a/README.md b/README.md
index 40838b0..208ecdc 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,4 @@
-[中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md)
+[中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md)
 
 # API Security Checklist
 Checklist of the most important security countermeasures when designing, testing, and releasing your API.

From 7e4c4ff7e7eb63331a4a0e79e3946159bed3cdc8 Mon Sep 17 00:00:00 2001
From: Christian Illies <handspiel@MacBook-CI-Pro.local>
Date: Thu, 20 Jul 2017 10:57:34 +0200
Subject: [PATCH 008/149] removed (english) line

---
 README-de.md | 1 -
 1 file changed, 1 deletion(-)

diff --git a/README-de.md b/README-de.md
index d73955c..58dd62c 100644
--- a/README-de.md
+++ b/README-de.md
@@ -6,7 +6,6 @@ Checkliste für die wichtigsten Sicherheitsmaßnahmen beim Designen, Testen und
 ------------------------------------------------------------------------------
 ## Authentifizierung
 - [ ] Verwende kein `Basic Auth`. Nutze standardisierte Authentifizierungsmethoden (bspw. JWT, OAuth).
-- [ ] Don't reinvent the wheel in `Authentication`, `token generating`, `password storing`. Use the standards.
 - [ ] Erfinde das Rad nicht neu für `Authentication`, `Tokengenerierung` oder `Passwort speichern`. Nutze hierfür existierende Standards.
 - [ ] Nutze eine `limitierte Anzahl von Anmeldeversuche` und Aussperrfunktionen (Ban, IP-Block, Permanent) im Loginprozess.
 - [ ] Nutze Verschlüsselung für alle sensitiven Daten.

From 7e40ed01a3d30e2d15044d04aa9a0d021bec9de8 Mon Sep 17 00:00:00 2001
From: Caleb Mazalevskis <maikuolan@gmail.com>
Date: Thu, 20 Jul 2017 17:28:18 +0800
Subject: [PATCH 009/149] Sync

---
 README-de.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README-de.md b/README-de.md
index 58dd62c..01fb857 100644
--- a/README-de.md
+++ b/README-de.md
@@ -1,4 +1,4 @@
-[中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md)
+[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md)
 
 # API Security Checkliste
 Checkliste für die wichtigsten Sicherheitsmaßnahmen beim Designen, Testen und Veröffentlichen deiner API.

From 34a9c925b9e41c0e9518b52ef4ef0fbd5d0db953 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andi=20R=C3=BCckauer?= <arueckauer@gmail.com>
Date: Fri, 21 Jul 2017 21:09:29 +0200
Subject: [PATCH 010/149] Corrected spelling mistake

---
 README-de.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README-de.md b/README-de.md
index 01fb857..5f0ccc1 100644
--- a/README-de.md
+++ b/README-de.md
@@ -57,7 +57,7 @@ Checkliste für die wichtigsten Sicherheitsmaßnahmen beim Designen, Testen und
 ## Kontinuierliche Integration (CI) & Continuous Delivery (CD)
 - [ ] Nutze Unit- und Integrationstest und deren Abdeckung (Test Coverage), um deine Implementierungen und Design zu kontrollieren.
 - [ ] Nutze einen Code Review Prozess, aber bleib sachlich.
-- [ ] Stelle sicher, dass alle verwendeten Komponenten (Bibliotheken und alle anderen Abhängigkeiten) noch einmal statich von einer Anti-Virus Software überprüft wurden bevor diese in die Produktionsumgebung gehen.
+- [ ] Stelle sicher, dass alle verwendeten Komponenten (Bibliotheken und alle anderen Abhängigkeiten) noch einmal statisch von einer Anti-Virus Software überprüft wurden bevor diese in die Produktionsumgebung gehen.
 - [ ] Stelle sicher, dass du im Fehlerfall auch schnell wieder den vorherigen Stand einspielen kannst (Rollback).
 
 ------------------------------------------------------------------------------

From bf12084bf0d9af4c8f60527caa7628289f95071d Mon Sep 17 00:00:00 2001
From: Ippei Ogiwara <ogiwara@gmail.com>
Date: Sat, 22 Jul 2017 18:46:48 +0900
Subject: [PATCH 011/149] translate input section

---
 README-ja.md | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/README-ja.md b/README-ja.md
index 78d78dc..42264c9 100644
--- a/README-ja.md
+++ b/README-ja.md
@@ -28,12 +28,12 @@ APIを設計、テスト、リリースするときの最も重要なセキュ
 - [ ] `HSTS`ヘッダをSSLと共に利用し、SSL Strip攻撃を回避する。
 
 ## 入力
-- [ ] Use proper HTTP method according to operation, `GET (read)`, `POST (create)`, `PUT/PATCH (replace/update)` and `DELETE (to delete a record)` and respond with `405 Method Not Allowed` if requested method don't exists in resource.
-- [ ] Validate `content-type` on request Accept header (Content Negotiation) to allow only your supported format (e.g. `application/xml`, `application/json`... etc) and respond with `406 Not Acceptable` response if not matched.
-- [ ] Validate `content-type` of posted data as you accept (e.g. `application/x-www-form-urlencoded`, `multipart/form-data ,application/json`... etc ).
-- [ ] Validate User input to avoid common vulnerabilities (e.g. `XSS`, `SQL-Injection` , `Remote Code Execution`... etc).
-- [ ] Don't use any sensitive data (`credentials` , `Passwords`, `security tokens`, or `API keys`) in the URL, but use standard Authorization header.
-- [ ] Use a API Gateway service to enable caching, Rate Limit, Spike Arrest and deploy API's resourses dynamically
+- [ ] 操作に準じて適切なHTTPメソッドを利用する、`GET (読み込み)`、`POST (作成)`、`PUT/PATCH (置き換え/更新)`、`DELETE (単一レコードの削除)。もし要求されたメソッドがリソースに存在しない場合は `405 Method Not Allowed` を返却する
+- [ ] リクエストのAcceptヘッダ (Content Negotiation) の `content-type` を検証し、サポートしているフォーマットのみを許可し (例: `application/xml`、`application/json` 等)、もし合致しなければ `406 Not Acceptable` レスポンスを応答する。
+- [ ] 受け取るPOSTされたデータの`content-type` を検証する (例: `application/x-www-form-urlencoded`、`multipart/form-data ,application/json` 等)。
+- [ ] 一般的な脆弱性を避けるためユーザ入力を検証する (例: `XSS`, `SQLインジェクション` , `リモートコード実行` 等)。
+- [ ] URL中で機密データ (`クレデンシャル`、`パスワード`、`セキュリティトークン`) を利用せず、標準的な認証ヘッダで利用する
+- [ ] キャッシュ、レート制限、スパイク阻止、そしてAPIリソースのデプロイを動的に行うため、APIゲートウェイサービスを利用する
 
 ## 処理
 - [ ] Check if all the endpoints are protected behind authentication to avoid broken authentication process.

From d11c419aaf2fe05b6157457c79d5d4bd7e841bb6 Mon Sep 17 00:00:00 2001
From: Ippei Ogiwara <ogiwara@gmail.com>
Date: Sun, 23 Jul 2017 16:20:41 +0900
Subject: [PATCH 012/149] add Japanese translation

---
 README-ja.md | 46 +++++++++++++++++++++++-----------------------
 1 file changed, 23 insertions(+), 23 deletions(-)

diff --git a/README-ja.md b/README-ja.md
index 42264c9..a4f2fdd 100644
--- a/README-ja.md
+++ b/README-ja.md
@@ -18,7 +18,7 @@ APIを設計、テスト、リリースするときの最も重要なセキュ
 
 ### OAuth
 - [ ] 常に `redirect_uri` をサーバ側でホワイトリストされたURLのみを許可するよう検証する。
-- [ ] Always try to exchange for code not tokens (don't allow `response_type=token`).
+- [ ] 常に token ではなく code を交換するよう試行する (`response_type=token` を許可しない)。
 - [ ] `state` パラメータをランダムなハッシュと共に利用し、OAuth認証プロセスでのCSRFを防ぐ。
 - [ ] デフォルトのscopeを定義し、アプリケーション毎にscopeパラメータを検証する。
 
@@ -28,37 +28,37 @@ APIを設計、テスト、リリースするときの最も重要なセキュ
 - [ ] `HSTS`ヘッダをSSLと共に利用し、SSL Strip攻撃を回避する。
 
 ## 入力
-- [ ] 操作に準じて適切なHTTPメソッドを利用する、`GET (読み込み)`、`POST (作成)`、`PUT/PATCH (置き換え/更新)`、`DELETE (単一レコードの削除)。もし要求されたメソッドがリソースに存在しない場合は `405 Method Not Allowed` を返却する
+- [ ] 操作に準じて適切なHTTPメソッドを利用する、`GET (読み込み)`、`POST (作成)`、`PUT/PATCH (置き換え/更新)`、`DELETE (単一レコードの削除)。もし要求されたメソッドがリソースに存在しない場合は `405 Method Not Allowed` を返却する。
 - [ ] リクエストのAcceptヘッダ (Content Negotiation) の `content-type` を検証し、サポートしているフォーマットのみを許可し (例: `application/xml`、`application/json` 等)、もし合致しなければ `406 Not Acceptable` レスポンスを応答する。
 - [ ] 受け取るPOSTされたデータの`content-type` を検証する (例: `application/x-www-form-urlencoded`、`multipart/form-data ,application/json` 等)。
 - [ ] 一般的な脆弱性を避けるためユーザ入力を検証する (例: `XSS`, `SQLインジェクション` , `リモートコード実行` 等)。
-- [ ] URL中で機密データ (`クレデンシャル`、`パスワード`、`セキュリティトークン`) を利用せず、標準的な認証ヘッダで利用する
-- [ ] キャッシュ、レート制限、スパイク阻止、そしてAPIリソースのデプロイを動的に行うため、APIゲートウェイサービスを利用する
+- [ ] URL中で機密データ (`クレデンシャル`、`パスワード`、`セキュリティトークン`) を利用せず、標準的な認証ヘッダで利用する。
+- [ ] キャッシュ、レート制限、スパイク阻止、そしてAPIリソースのデプロイを動的に行うため、APIゲートウェイサービスを利用する。
 
 ## 処理
-- [ ] Check if all the endpoints are protected behind authentication to avoid broken authentication process.
-- [ ] User own resource id should be avoided. Use `/me/orders` instead of `/user/654321/orders`
-- [ ] Don't use auto increment id's use `UUID` instead.
-- [ ] If you are parsing XML files, make sure entity parsing is not enabled to avoid `XXE` (XML external entity attack).
-- [ ] If you are parsing XML files, make sure entity expansion is not enabled to avoid `Billion Laughs/XML bomb` via exponential entity expansion attack.
-- [ ] Use CDN for file uploads.
-- [ ] If you are dealing with huge amount of data, use Workers and Queues to process as much as possible in background and return response fast to avoid HTTP Blocking.
-- [ ] Do not forget to turn the DEBUG mode OFF.
+- [ ] 壊れた認証プロセスを回避するため、全てのエンドポイントが認証の背後で保護されているかを確認する。
+- [ ] ユーザ所有リソースのIDの利用は避ける。`/user/654321/orders` の代わりに `/me/orders` を利用する。
+- [ ] オートインクリメントのIDを利用せず、代わりに`UUID`を利用する。
+- [ ] XMLファイルをパースする場合は、`XXE` (XML external entity attack) を回避するため entity parsing が有効でないことを確認する。
+- [ ] XMLファイルをパースする場合は、exponential entity expansion attack による `Billion Laughs/XML bomb` 攻撃を回避するため entity expansion が有効でないことを確認する。
+- [ ] ファイルアップロードにCDNを利用する。
+- [ ] 非常に多量のデータを扱う場合は、ワーカーとキューを利用して可能な限りバックグラウンドで処理をするようにし、早く応答を返却し、HTTP Blockingを避ける。
+- [ ] DEBUGモードをオフにするのを忘れない。
 
 ## 出力
-- [ ] Send `X-Content-Type-Options: nosniff` header.
-- [ ] Send `X-Frame-Options: deny` header.
-- [ ] Send `Content-Security-Policy: default-src 'none'` header.
-- [ ] Remove fingerprinting headers - `X-Powered-By`, `Server`, `X-AspNet-Version` etc.
-- [ ] Force `content-type` for your response, if you return `application/json` then your response `content-type` is `application/json`.
-- [ ] Don't return sensitive data like `credentials`, `Passwords`, `security tokens`.
-- [ ] Return the proper status code according to the operation completed. (e.g. `200 OK`, `400 Bad Request`, `401 Unauthorized`, `405 Method Not Allowed` ... etc).
+- [ ] `X-Content-Type-Options: nosniff` ヘッダを送信する。
+- [ ] `X-Frame-Options: deny` ヘッダを送信する。
+- [ ] `Content-Security-Policy: default-src 'none'` ヘッダを送信する。
+- [ ] フィンガープリントヘッダを削除する - `X-Powered-By`, `Server`, `X-AspNet-Version` 等。
+- [ ] `content-type` を応答で強制する。もし `application/json` を返却するのなら、レスポンスの `content-type` は `application/json` にする。
+- [ ] `認証情報`、`パスワード`、`セキュリティトークン` といった機密データを返却しない。
+- [ ] 完了した操作に一致した適切なステータスコードを返却する (例: `200 OK`、`400 Bad Request`、`401 Unauthorized`、`405 Method Not Allowed` ... 等)。
 
 ## CI & CD (継続的インテグレーションと継続的デリバリー)
-- [ ] 設計と実装をユニットテスト、インテグレーションテストのカバレッジで監査する
-- [ ] コードレビューのプロセスを採用し、自身による承認を無視する
-- [ ] プロダクションへプッシュする前に、ベンダのライブラリ、その他の依存関係を含め、サービスの全ての要素がアンチウィルスソフトウェアで静的スキャンを確実に実施する
-- [ ] デプロイについてロールバックソリューションを開発する
+- [ ] 設計と実装をユニットテスト、インテグレーションテストのカバレッジで監査する。
+- [ ] コードレビューのプロセスを採用し、自身による承認を無視する。
+- [ ] プロダクションへプッシュする前に、ベンダのライブラリ、その他の依存関係を含め、サービスの全ての要素がアンチウィルスソフトウェアで静的スキャンを確実に実施する。
+- [ ] デプロイについてロールバックソリューションを開発する。
 
 
 ------------------------------------------------------------------------------

From 0a646e0f5144905605a9c1ac131804c99d9f0ed7 Mon Sep 17 00:00:00 2001
From: "S.Holzhauer" <stijnholzhauer+gitlab@gmail.com>
Date: Sun, 23 Jul 2017 11:36:27 +0200
Subject: [PATCH 013/149] Updating Dutch translation to include latest
 additions

---
 README-nl.md | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/README-nl.md b/README-nl.md
index 7f52ed1..a883c3c 100644
--- a/README-nl.md
+++ b/README-nl.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md)
+[中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md)
 
 # API Security Checklist
 Checklist met de belangrijkste tegenmaatregelen bij het ontwerpen, testen en uitbrengen van een API.
@@ -7,6 +7,8 @@ Checklist met de belangrijkste tegenmaatregelen bij het ontwerpen, testen en uit
 ## Authenticatie
 - [ ] Gebruik geen `Basic Auth` Gebruik industrie standaarden (v.b. JWT, OAuth).
 - [ ] Vind het wiel niet opnieuw uit voor `Authenticatie`, `Genereren van Tokens` en `Opslaan van Wachtwoorden`. Gebruik de standaarden.
+- [ ] Gebruik `Max Retry` en Jail features in de login.
+- [ ] Encrypt alle gevoelige data.
 
 ### JWT (JSON Web Token)
 - [ ] Gebruik random ingewikkelde keys (`JWT Secret`) om brute forcing lastiger te maken.
@@ -31,6 +33,7 @@ Checklist met de belangrijkste tegenmaatregelen bij het ontwerpen, testen en uit
 - [ ] Valideer de `content-type` header van gestuurde data (e.g. `application/x-www-form-urlencoded`, `multipart/form-data ,application/json` ... etc ).
 - [ ] Valideer de gebruiker invoer om veel voorkomende kwetsbaarheden te voorkomen (v.b. `XSS`, `SQL-Injection`, `Remote Code Execution` ... etc).
 - [ ] Gebruik geen gevoelige data (`credentials`, `Wachtwoorden`, `security tokens`, of `API keys`) in de URL, maar gebruik de standaard Authorization header.
+- [ ] Gebruik een API Gateway service voor caching, policies (b.v. `Quota`, `Spike Arrest`, `Concurrent Rate Limit`) en voor het dynamisch deployen van API middelen.
 
 ## Processing
 - [ ] Controleer dat alle endpoints zijn beschermd achter de authenticatie om het omzeilen van authenticatie te voorkomen.
@@ -51,6 +54,11 @@ Checklist met de belangrijkste tegenmaatregelen bij het ontwerpen, testen en uit
 - [ ] Stuur geen gevoelige data terug: `Gebruikersnamen`, `Wachtwoorden`, `security tokens`.
 - [ ] Geef de correcte HTTP antwoord code terug op basis van de uitgevoerde operatie (v.b. `200 OK`, `400 Bad Request`, `401 Unauthorized`, `405 Method Not Allowed` ... etc).
 
+## CI & CD
+- [ ] Controleer het ontwerp en de implementatie met unit/integration test dekking.
+- [ ] Gebruik een code review traject en controleer niet zelf je eigen code.
+- [ ] Scan de API voor het naar productie zetten door AV software, niet alleen eigen code maar ook de libraries en andere gebruikte dependencies.
+- [ ] Ontwikkel een terugrol oplossing.
 
 ------------------------------------------------------------------------------
 

From 4738d13d7d1eecdcd3f0e51717eff9b7960b90ac Mon Sep 17 00:00:00 2001
From: Emerson Santiago <emerson-1806@hotmail.com>
Date: Tue, 25 Jul 2017 13:50:41 -0300
Subject: [PATCH 014/149] Fix spelling errors

---
 README-pt_BR.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README-pt_BR.md b/README-pt_BR.md
index dffc92c..320cbb2 100644
--- a/README-pt_BR.md
+++ b/README-pt_BR.md
@@ -58,7 +58,7 @@ Lista das mais importantes medidas de segurança para o desenvolvimento, teste e
 - [ ] Monitore a especificação e implementação do escopo da sua API através de testes unitários e de integração.
 - [ ] Use um processo de revisão de código, ignorando sistemas de auto-aprovação.
 - [ ] Certifique-se de que todos os componentes de seus serviços sejam validados por _softwares_ AV (anti-vírus, anti-_malware_) antes de enviar para produção, incluindo as dependências de terceiros utilizadas.
-- [ ] Implemente funcionaliade de reversão de _deploy_ (_rollback_).
+- [ ] Implemente funcionalidade de reversão de _deploy_ (_rollback_).
 
 
 ------------------------------------------------------------------------------

From cf6942a3e006f2395451f303563404306d089b8e Mon Sep 17 00:00:00 2001
From: EhlimanSen <ehlimansen@gmail.com>
Date: Thu, 27 Jul 2017 16:03:11 +0300
Subject: [PATCH 015/149] =?UTF-8?q?Belirli=20yerler=20t=C3=BCrk=C3=A7eye?=
 =?UTF-8?q?=20=C3=A7evirildi.?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 README-tr.md | 67 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 67 insertions(+)
 create mode 100644 README-tr.md

diff --git a/README-tr.md b/README-tr.md
new file mode 100644
index 0000000..49eb287
--- /dev/null
+++ b/README-tr.md
@@ -0,0 +1,67 @@
+[中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md)
+
+# API Güvenlik Kontrol Listesi
+API'nizi tasarlarken, test ederken ve yayınlarken en önemli güvenlik önlemlerinin kontrol listesi.
+
+------------------------------------------------------------------------------
+## Authentication (Kimlik doğrulama) 
+- [ ] `Basic Auth` kullanmayın. Standard authentication kullanın (ör. [JWT](https://jwt.io/), [OAuth](https://oauth.net/)).
+- [ ] `Authentication`, `token generation`, `password storage` için tekerleği yeniden icat etmeyin. Standartları kullanın.
+- [ ] `Max Retry` kullanarak giriş hakkını sınırlayın.
+- [ ] Tüm hassas verilere şifreleme kullanın.
+
+### JWT (JSON Web Token)
+- [ ] Brute forcing yönetimi ile oluşturulan token'in çözülmemesi için (`JWT Secret`) gibi rasgele, karmaşık ve zor bir anahtar kullanın.
+- [ ] Don't extract the algorithm from the payload. Force the algorithm in the backend (`HS256` or `RS256`).
+- [ ] Token'in son kullanma tarihini (`TTL`, `RTTL`) olabildiğince kısa yapın.
+- [ ] Hassas verilerinizi JWT payload'a koymayın, decode edilebilir. [Basit olarak](https://jwt.io/#debugger-io).
+
+### OAuth
+- [ ] Yalnızca beyaz listeye eklenen URL'lere izin vermek için sunucu tarafındaki `redirect_uri` daima doğrulayın.
+- [ ] Always try to exchange for code and not tokens (don't allow `response_type=token`).
+- [ ] Use `state` parameter with a random hash to prevent CSRF on the OAuth authentication process.
+- [ ] Define the default scope, and validate scope parameters for each application.
+
+## Access
+- [ ] DDoS / brute-force saldırılarından korunmak için istekleri sınırlamalısınız.
+- [ ] MITM (Man In The Middle Attack) korunmak için sunucu tarafında HTTPS kullanın.
+- [ ] SSL Strip saldırılarından korunmak için `HSTS` header'ı SSL ile kullan.
+
+## Input
+- [ ] Use the proper HTTP method according to the operation: `GET (read)`, `POST (create)`, `PUT/PATCH (replace/update)`, and `DELETE (to delete a record)`, and respond with `405 Method Not Allowed` if the requested method isn't appropriate for the requested resource.
+- [ ] Validate `content-type` on request Accept header (Content Negotiation) to allow only your supported format (ör. `application/xml`, `application/json`, v.b.) and respond with `406 Not Acceptable` response if not matched.
+- [ ] Validate `content-type` of posted data as you accept (ör. `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json`, v.b.).
+- [ ] Validate User input to avoid common vulnerabilities (ör. `XSS`, `SQL-Injection`, `Remote Code Execution`, v.b.).
+- [ ] Don't use any sensitive data (`credentials`, `Passwords`, `security tokens`, or `API keys`) in the URL, but use standard Authorization header.
+- [ ] Use an API Gateway service to enable caching, Rate Limit policies (ör. `Quota`, `Spike Arrest`, `Concurrent Rate Limit`) and deploy APIs resources dynamically.
+
+## Processing 
+- [ ] Check if all the endpoints are protected behind authentication to avoid broken authentication process.
+- [ ] User own resource ID should be avoided. Use `/me/orders` instead of `/user/654321/orders`.
+- [ ] Don't auto-increment IDs. Use `UUID` instead.
+- [ ] If you are parsing XML files, make sure entity parsing is not enabled to avoid `XXE` (XML external entity attack).
+- [ ] If you are parsing XML files, make sure entity expansion is not enabled to avoid `Billion Laughs/XML bomb` via exponential entity expansion attack.
+- [ ] Dosya yüklemeleri için bir CDN kullanın.
+- [ ] If you are dealing with huge amount of data, use Workers and Queues to process as much as possible in background and return response fast to avoid HTTP Blocking.
+- [ ] DEBUG modunu kapatmayı unutmayın!.
+
+## Output 
+- [ ] `X-Content-Type-Options: nosniff` header'ı gönder.
+- [ ] `X-Frame-Options: deny` header'ı gönder.
+- [ ] `Content-Security-Policy: default-src 'none'` header'ı gönder.
+- [ ] Parmak izi başlıklarını kaldırın - `X-Powered-By`, `Server`, `X-AspNet-Version` v.b.
+- [ ] Force `content-type` for your response, if you return `application/json` then your response `content-type` is `application/json`.
+- [ ] Hassas verilerinizi geri göndermeyin `credentials`, `Passwords`, `security tokens`.
+- [ ] İşlem tamamlandıktan sonra uygun durum kodunu döndürür. (ör. `200 OK`, `400 Bad Request`, `401 Unauthorized`, `405 Method Not Allowed`, v.b.).
+
+## CI & CD
+- [ ] unit/integration testi kapsamı ile tasarımınızı ve uygulamanızı denetleyin.
+- [ ] Bir kod inceleme işlemi kullanın ve kendi onayınızı dikkate almayın.
+- [ ] Vendor kitaplıkları ve diğer bağımlılıklar da dahil olmak üzere, oluşturmaya başlamadan önce hizmetlerinizin tüm bileşenlerinin AntiVirus yazılımıyla statik olarak tarandığından emin olun.
+- [ ] Dağıtımlar için bir geri yükleme çözümü tasarlayın.
+
+
+------------------------------------------------------------------------------
+
+# Destek
+Bu depoyu forklayarak, bazı değişiklikler yaparak ve pull requests göndererek katkıda bulunmaktan çekinmeyin. Herhangi bir sorunuz için bize bir e-posta bırakın: `team@shieldfy.io`.

From e281d6e483523dc17fb181885bbb1a1862a36909 Mon Sep 17 00:00:00 2001
From: EhlimanSen <ehlimansen@gmail.com>
Date: Thu, 27 Jul 2017 16:06:17 +0300
Subject: [PATCH 016/149] T

---
 README-de.md    | 2 +-
 README-es.md    | 2 +-
 README-fr.md    | 2 +-
 README-id.md    | 2 +-
 README-it.md    | 2 +-
 README-ja.md    | 2 +-
 README-jp.md    | 2 +-
 README-ko.md    | 2 +-
 README-nl.md    | 2 +-
 README-pt_BR.md | 2 +-
 README-ru.md    | 2 +-
 README-th.md    | 2 +-
 README-uk.md    | 2 +-
 README-zh.md    | 2 +-
 README.md       | 2 +-
 15 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/README-de.md b/README-de.md
index 5f0ccc1..cbbdcef 100644
--- a/README-de.md
+++ b/README-de.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md)
+[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Türkçe](./README-tr.md)
 
 # API Security Checkliste
 Checkliste für die wichtigsten Sicherheitsmaßnahmen beim Designen, Testen und Veröffentlichen deiner API.
diff --git a/README-es.md b/README-es.md
index 5db464c..113ad56 100644
--- a/README-es.md
+++ b/README-es.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md)
+[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md)
 
 # Lista de seguridad en APIs
 Lista de las contramedidas de seguridad más importantes en cuanto al diseño, testing y publicación de tu API.
diff --git a/README-fr.md b/README-fr.md
index 215e589..0741bb4 100644
--- a/README-fr.md
+++ b/README-fr.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md)
+[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md)
 
 # API Security Checklist
 Checklist des points de sécurité les plus importants lors de la conception, du test et de la mise en production de votre API.
diff --git a/README-id.md b/README-id.md
index 9718d43..bfc631f 100644
--- a/README-id.md
+++ b/README-id.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md)
+[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md)
 
 # Checklist Keamanan API
 Checklist penanggulangan keamanan yang paling penting ketika merancang, menguji, dan melepaskan API ke khalayak
diff --git a/README-it.md b/README-it.md
index 3451aff..fe84cf3 100644
--- a/README-it.md
+++ b/README-it.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md)
+[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md)
 
 # Checklist per la sicurezza delle API
 Una checklist per le più importanti contromisure da mettere in pratica quando strutturiamo, testiamo e rilasciamo le nostre API.
diff --git a/README-ja.md b/README-ja.md
index a4f2fdd..9ce3929 100644
--- a/README-ja.md
+++ b/README-ja.md
@@ -1,4 +1,4 @@
-[中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국의](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md)
+[中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국의](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [Türkçe](./README-tr.md)
 
 # APIセキュリティチェックリスト
 APIを設計、テスト、リリースするときの最も重要なセキュリティ対策のチェックリスト
diff --git a/README-jp.md b/README-jp.md
index 02d2749..f01fbd3 100644
--- a/README-jp.md
+++ b/README-jp.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [Deutsch](./README-de.md)
+[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md)
 
 # API Security Checklist
 これはAPIの設計, テスト, リリース時における、重要なセキュリティ対策チェックリストです。
diff --git a/README-ko.md b/README-ko.md
index 333038f..3de676c 100644
--- a/README-ko.md
+++ b/README-ko.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md)
+[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md)
 
 # API 보안 체크리스트
 API를 설계하고 테스트하고 배포할 때 고려해야 할 중요한 보안 대책 체크리스트입니다.
diff --git a/README-nl.md b/README-nl.md
index a883c3c..ab3b72b 100644
--- a/README-nl.md
+++ b/README-nl.md
@@ -1,4 +1,4 @@
-[中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md)
+[中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md)
 
 # API Security Checklist
 Checklist met de belangrijkste tegenmaatregelen bij het ontwerpen, testen en uitbrengen van een API.
diff --git a/README-pt_BR.md b/README-pt_BR.md
index 320cbb2..df1074a 100644
--- a/README-pt_BR.md
+++ b/README-pt_BR.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [中文版](./README-zh.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md)
+[English](./README.md) | [中文版](./README-zh.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md)
 
 # API Security Checklist
 Lista das mais importantes medidas de segurança para o desenvolvimento, teste e publicação da sua API.
diff --git a/README-ru.md b/README-ru.md
index 2245ca4..c04f0e9 100644
--- a/README-ru.md
+++ b/README-ru.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md)
+[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md)
 
 # Контрольный список безопасности API
 Контрольный список наиболее важных контрмер безопасности при разработке, тестировании и выпуске вашего API.
diff --git a/README-th.md b/README-th.md
index 628e061..ee25221 100644
--- a/README-th.md
+++ b/README-th.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md)
+[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md)
 
 # API Security Checklist
 Checklist ที่ต้องให้ความสำคัญเมื่อมีการสร้าง API ในช่วงการออกแบบ ทดสอบระบบ และการปล่อยให้คนนอกใช้
diff --git a/README-uk.md b/README-uk.md
index a087fdf..84c9ada 100644
--- a/README-uk.md
+++ b/README-uk.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md)
+[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md)
 
 # Контрольний список безпеки API
 Контрольний список найбільш важливих контрзаходів безпеки при розробці, тестуванні та випуску вашого API.
diff --git a/README-zh.md b/README-zh.md
index 84e028a..1f78e03 100644
--- a/README-zh.md
+++ b/README-zh.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md)
+[English](./README.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md)
 
 # 开发安全的 API 所需要核对的清单
 以下是当你在设计, 测试以及发布你的 API 的时候所需要核对的重要安全措施.
diff --git a/README.md b/README.md
index 7308f3a..06b58fa 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,4 @@
-[中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md)
+[中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md)
 
 # API Security Checklist
 Checklist of the most important security countermeasures when designing, testing, and releasing your API.

From 6952b1d1c28a5e2108b621c7d95a241ac000f776 Mon Sep 17 00:00:00 2001
From: EhlimanSen <ehlimansen@gmail.com>
Date: Thu, 27 Jul 2017 16:14:40 +0300
Subject: [PATCH 017/149] =?UTF-8?q?T=C3=BCrk=C3=A7e=20dil=20eklendi?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 README-de.md    | 2 +-
 README-es.md    | 2 +-
 README-it.md    | 2 +-
 README-ja.md    | 2 +-
 README-jp.md    | 2 +-
 README-ko.md    | 2 +-
 README-nl.md    | 2 +-
 README-pt_BR.md | 2 +-
 README-ru.md    | 2 +-
 README-th.md    | 2 +-
 README-uk.md    | 2 +-
 README-zh.md    | 2 +-
 README.md       | 2 +-
 13 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/README-de.md b/README-de.md
index cbbdcef..7eb2cec 100644
--- a/README-de.md
+++ b/README-de.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Türkçe](./README-tr.md)
+[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Türkçe](./README-tr.md) 
 
 # API Security Checkliste
 Checkliste für die wichtigsten Sicherheitsmaßnahmen beim Designen, Testen und Veröffentlichen deiner API.
diff --git a/README-es.md b/README-es.md
index 113ad56..1a617c8 100644
--- a/README-es.md
+++ b/README-es.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md)
+[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) 
 
 # Lista de seguridad en APIs
 Lista de las contramedidas de seguridad más importantes en cuanto al diseño, testing y publicación de tu API.
diff --git a/README-it.md b/README-it.md
index fe84cf3..92ea326 100644
--- a/README-it.md
+++ b/README-it.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md)
+[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) 
 
 # Checklist per la sicurezza delle API
 Una checklist per le più importanti contromisure da mettere in pratica quando strutturiamo, testiamo e rilasciamo le nostre API.
diff --git a/README-ja.md b/README-ja.md
index 9ce3929..0f0b39c 100644
--- a/README-ja.md
+++ b/README-ja.md
@@ -1,4 +1,4 @@
-[中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국의](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [Türkçe](./README-tr.md)
+[中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국의](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [Türkçe](./README-tr.md) 
 
 # APIセキュリティチェックリスト
 APIを設計、テスト、リリースするときの最も重要なセキュリティ対策のチェックリスト
diff --git a/README-jp.md b/README-jp.md
index f01fbd3..dad47d7 100644
--- a/README-jp.md
+++ b/README-jp.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md)
+[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) 
 
 # API Security Checklist
 これはAPIの設計, テスト, リリース時における、重要なセキュリティ対策チェックリストです。
diff --git a/README-ko.md b/README-ko.md
index 3de676c..7312b68 100644
--- a/README-ko.md
+++ b/README-ko.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md)
+[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) 
 
 # API 보안 체크리스트
 API를 설계하고 테스트하고 배포할 때 고려해야 할 중요한 보안 대책 체크리스트입니다.
diff --git a/README-nl.md b/README-nl.md
index ab3b72b..356fce7 100644
--- a/README-nl.md
+++ b/README-nl.md
@@ -1,4 +1,4 @@
-[中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md)
+[中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) 
 
 # API Security Checklist
 Checklist met de belangrijkste tegenmaatregelen bij het ontwerpen, testen en uitbrengen van een API.
diff --git a/README-pt_BR.md b/README-pt_BR.md
index df1074a..08cd6aa 100644
--- a/README-pt_BR.md
+++ b/README-pt_BR.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [中文版](./README-zh.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md)
+[English](./README.md) | [中文版](./README-zh.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) 
 
 # API Security Checklist
 Lista das mais importantes medidas de segurança para o desenvolvimento, teste e publicação da sua API.
diff --git a/README-ru.md b/README-ru.md
index c04f0e9..21d68a5 100644
--- a/README-ru.md
+++ b/README-ru.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md)
+[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) 
 
 # Контрольный список безопасности API
 Контрольный список наиболее важных контрмер безопасности при разработке, тестировании и выпуске вашего API.
diff --git a/README-th.md b/README-th.md
index ee25221..eb411c7 100644
--- a/README-th.md
+++ b/README-th.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md)
+[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) 
 
 # API Security Checklist
 Checklist ที่ต้องให้ความสำคัญเมื่อมีการสร้าง API ในช่วงการออกแบบ ทดสอบระบบ และการปล่อยให้คนนอกใช้
diff --git a/README-uk.md b/README-uk.md
index 84c9ada..7e8ba6f 100644
--- a/README-uk.md
+++ b/README-uk.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md)
+[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) 
 
 # Контрольний список безпеки API
 Контрольний список найбільш важливих контрзаходів безпеки при розробці, тестуванні та випуску вашого API.
diff --git a/README-zh.md b/README-zh.md
index 1f78e03..8974f59 100644
--- a/README-zh.md
+++ b/README-zh.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md)
+[English](./README.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) 
 
 # 开发安全的 API 所需要核对的清单
 以下是当你在设计, 测试以及发布你的 API 的时候所需要核对的重要安全措施.
diff --git a/README.md b/README.md
index 06b58fa..4799c62 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,4 @@
-[中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md)
+[中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) 
 
 # API Security Checklist
 Checklist of the most important security countermeasures when designing, testing, and releasing your API.

From a1487cdca5e5af0d0155f34163c34df9495abdd8 Mon Sep 17 00:00:00 2001
From: EhlimanSen <ehlimansen@gmail.com>
Date: Thu, 27 Jul 2017 16:16:06 +0300
Subject: [PATCH 018/149] =?UTF-8?q?T=C3=BCrk=C3=A7e=20dil=20eklendi?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 README-fr.md | 2 +-
 README-id.md | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/README-fr.md b/README-fr.md
index 0741bb4..cee47cb 100644
--- a/README-fr.md
+++ b/README-fr.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md)
+[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) 
 
 # API Security Checklist
 Checklist des points de sécurité les plus importants lors de la conception, du test et de la mise en production de votre API.
diff --git a/README-id.md b/README-id.md
index bfc631f..04d534c 100644
--- a/README-id.md
+++ b/README-id.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md)
+[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) 
 
 # Checklist Keamanan API
 Checklist penanggulangan keamanan yang paling penting ketika merancang, menguji, dan melepaskan API ke khalayak

From 1ca0bd81003b82a1069c929288ff51cdece86d86 Mon Sep 17 00:00:00 2001
From: Ehliman <ehlimansen@gmail.com>
Date: Sun, 30 Jul 2017 04:03:08 +0300
Subject: [PATCH 019/149] =?UTF-8?q?T=C3=BCrk=C3=A7e=20=C3=A7eviri=20tamaml?=
 =?UTF-8?q?and=C4=B1?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 README-tr.md | 34 ++++++++++++++++++----------------
 1 file changed, 18 insertions(+), 16 deletions(-)

diff --git a/README-tr.md b/README-tr.md
index 49eb287..017a310 100644
--- a/README-tr.md
+++ b/README-tr.md
@@ -12,15 +12,15 @@ API'nizi tasarlarken, test ederken ve yayınlarken en önemli güvenlik önlemle
 
 ### JWT (JSON Web Token)
 - [ ] Brute forcing yönetimi ile oluşturulan token'in çözülmemesi için (`JWT Secret`) gibi rasgele, karmaşık ve zor bir anahtar kullanın.
-- [ ] Don't extract the algorithm from the payload. Force the algorithm in the backend (`HS256` or `RS256`).
+- [ ] Algoritmayı payload üzerinden çekmeyin. Arka planda içinde kullanın. (`HS256` veya `RS256`).
 - [ ] Token'in son kullanma tarihini (`TTL`, `RTTL`) olabildiğince kısa yapın.
 - [ ] Hassas verilerinizi JWT payload'a koymayın, decode edilebilir. [Basit olarak](https://jwt.io/#debugger-io).
 
 ### OAuth
 - [ ] Yalnızca beyaz listeye eklenen URL'lere izin vermek için sunucu tarafındaki `redirect_uri` daima doğrulayın.
-- [ ] Always try to exchange for code and not tokens (don't allow `response_type=token`).
-- [ ] Use `state` parameter with a random hash to prevent CSRF on the OAuth authentication process.
-- [ ] Define the default scope, and validate scope parameters for each application.
+- [ ] Daima kodları değiştirmeyi deneyin tokenları değil (`response_type=token` izin vermeyin).
+- [ ] OAuth kimlik doğrulama işlemi sırasında CSRF'yi önlemek için `state` parametresini rasgele bir hashleyerek kullanın.
+- [ ] Varsayılan kapsamı tanımlayın ve her uygulama için kapsam parametrelerini doğrulayın.
 
 ## Access
 - [ ] DDoS / brute-force saldırılarından korunmak için istekleri sınırlamalısınız.
@@ -28,21 +28,23 @@ API'nizi tasarlarken, test ederken ve yayınlarken en önemli güvenlik önlemle
 - [ ] SSL Strip saldırılarından korunmak için `HSTS` header'ı SSL ile kullan.
 
 ## Input
-- [ ] Use the proper HTTP method according to the operation: `GET (read)`, `POST (create)`, `PUT/PATCH (replace/update)`, and `DELETE (to delete a record)`, and respond with `405 Method Not Allowed` if the requested method isn't appropriate for the requested resource.
-- [ ] Validate `content-type` on request Accept header (Content Negotiation) to allow only your supported format (ör. `application/xml`, `application/json`, v.b.) and respond with `406 Not Acceptable` response if not matched.
-- [ ] Validate `content-type` of posted data as you accept (ör. `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json`, v.b.).
-- [ ] Validate User input to avoid common vulnerabilities (ör. `XSS`, `SQL-Injection`, `Remote Code Execution`, v.b.).
-- [ ] Don't use any sensitive data (`credentials`, `Passwords`, `security tokens`, or `API keys`) in the URL, but use standard Authorization header.
-- [ ] Use an API Gateway service to enable caching, Rate Limit policies (ör. `Quota`, `Spike Arrest`, `Concurrent Rate Limit`) and deploy APIs resources dynamically.
+- [ ] İşleme göre uygun HTTP yöntemini kullanın: `GET (okumak)`, `POST (oluşturmak)`, `PUT/PATCH (değiştirmek/güncellemk)`, ve `DELETE (bir kaydı silmek için)`, eğer istenen yöntem istenen kaynak için uygun değilse `405 Method Not Allowed` mesajı ile cevap verin.
+- [ ] Accept header gelen `content-type` beklediğin ve izin verdiğin formatta olup olmadığını kontrol et. (ör. `application/xml`, `application/json`, v.b.) Format uyuşmuyorsa `406 Not Acceptable` mesajı ile cevap verin.
+- [ ] Gönderilen verileri doğrularken gelen verinin `content-type` de doğrulayın (ör. `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json`, v.b.).
+- [ ] Genel güvenlik açıklarını önlemek için Kullanıcı girişini doğrulayın (ör. `XSS`, `SQL-Injection`, `Remote Code Execution`, v.b.).
+- [ ] URL'de hassas veriler (`credentials`, `Passwords`, `security tokens`, veya `API keys`) kullanmayın, ancak standart Authorization header kullanın.
+- [ ] Önbelleklemeyi etkinleştirmek, hız sınır politikalarını (ör. `Quota`, `Spike Arrest`, `Concurrent Rate Limit`) ve API kaynaklarını dinamik olarak dağıtmak için bir API Gateway hizmeti kullanın. 
+
+
 
 ## Processing 
-- [ ] Check if all the endpoints are protected behind authentication to avoid broken authentication process.
-- [ ] User own resource ID should be avoided. Use `/me/orders` instead of `/user/654321/orders`.
-- [ ] Don't auto-increment IDs. Use `UUID` instead.
-- [ ] If you are parsing XML files, make sure entity parsing is not enabled to avoid `XXE` (XML external entity attack).
-- [ ] If you are parsing XML files, make sure entity expansion is not enabled to avoid `Billion Laughs/XML bomb` via exponential entity expansion attack.
+- [ ] Authentication işleminin sonlandırılmasını önlemek için, tüm bitiş noktalarının Authentication arkasında korunup korunmadığını kontrol edin.
+- [ ] Kullanıcı kendi kaynak ID'sinden kaçınmalıdır. `/me/orders` yerine `/user/654321/orders` kullanmalıdır.
+- [ ] Otomotik artan ID'ler kullanmayın. Yerine `UUID` kullanın.
+- [ ] Eğer XML dosyarını (parse) ayrıştırıyorsanız, varlık ayrıştırmasını önlemek için etkin olmadığını doğrulayın `XXE` (XML external entity attack).
+- [ ] Eğer XML dosyarını (parse) ayrıştırıyorsanız, `Billion Laughs/XML bomb` varlık genişletme saldırısı yoluyla,varlığın genişlemesinin önlemek için etkinleştirilmediğinden emin olun .
 - [ ] Dosya yüklemeleri için bir CDN kullanın.
-- [ ] If you are dealing with huge amount of data, use Workers and Queues to process as much as possible in background and return response fast to avoid HTTP Blocking.
+- [ ] Büyük miktarda veri ile uğraşıyorsanız, HTTP engellemeyi önlemek için İşçi ve Kuyrukları arka planda olabildiğince işlem yapmak ve yanıtı hızlı bir şekilde yanıtlamak için kullanın.
 - [ ] DEBUG modunu kapatmayı unutmayın!.
 
 ## Output 

From 3a5298c04a709bb4b48fcd8fd6bfe63cf7543986 Mon Sep 17 00:00:00 2001
From: dungpx <dungphanxuan999@gmail.com>
Date: Wed, 2 Aug 2017 09:10:08 +0700
Subject: [PATCH 020/149] add vietnam readme

---
 README-vi.md | 67 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 67 insertions(+)
 create mode 100644 README-vi.md

diff --git a/README-vi.md b/README-vi.md
new file mode 100644
index 0000000..83bba29
--- /dev/null
+++ b/README-vi.md
@@ -0,0 +1,67 @@
+[中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Việt Nam](./README-vi.md) 
+
+# Danh sách các giải pháp an toàn cho API
+Những giải pháp an toàn và cách khắc phục khi thiết kế, kiểm tra và phát hành API cho ứng dụng của bạn.
+
+------------------------------------------------------------------------------
+## Xác thực (Authentication)
+- [ ] Không sử dụng `Basic Auth` Sử dụng giao thức xác thực tiêu chuẩn (chẳng hạn. [JWT](https://jwt.io/), [OAuth](https://oauth.net/)).
+- [ ] Không cung cấp các thông tin `Authentication`, `token generation`, `password storage`. Sử dụng các tiêu chuẩn.
+- [ ] Sử dụng `Max Retry` và chức năng Auto Block ở trang Login.
+- [ ] Mã hóa các dữ liệu nhạy cảm.
+
+### JWT (JSON Web Token)
+- [ ] Sử dụng các mã ngẫu nhiên (`JWT Secret`) để tăng sự khó khăn của việc tấn công Brute Force.
+- [ ] Không loại bỏ các thuật toán từ tải trọng. Bắt buộc sử dụng thuật toán trong backend (`HS256` hoặc `RS256`).
+- [ ] Đặt thời hạn hết hạn token (`TTL`, `RTTL`) càng ngắn càng tốt.
+- [ ] Không lưu các thông tin nhạy cảm trong JWT, nó có thể [dễ dàng](https://jwt.io/#debugger-io) được giải mã.
+
+### OAuth Ủy quyền hoặc chứng thực giao thức
+- [ ] Luôn xác nhận `redirect_uri` server-side để chỉ cho phép các URL trong danh sách.
+- [ ] Luôn luôn cố gắng trao đổi mã và không phải là các tokens (không cho phép `response_type=token`).
+- [ ] Sử dụng tham số `state` cùng với bảng băm ngẫu nhiên để bảo vệ CSRF ở tiến trình xác thực OAuth.
+- [ ] Xác định phạm vi mặc định, và xác nhận các tham số phạm vi cho mỗi ứng dụng..
+
+## Quyền
+- [ ] Giới hạn truy cập (Throttling) để phòng tránh các tấn công DDoS / brute-force.
+- [ ] Sử dụng giao thức HTTPS ở phía server để tránh MITM (Man In The Middle Attack).
+- [ ] Sử dụng tiêu đề `HSTS` với SSL để tránh tấn công SSL Strip.
+
+## Input
+- [ ] Sử dụng các phương thức HTTP phù hợp với từng phương thức: `GET (đọc)`, `POST (tạo mới)`, `PUT/PATCH (cập nhật/sửa)`, and `DELETE (để xóa bản ghi)`, và phản hồi với `405 Method Not Allowed` nếu yêu cầu không phù hợp với tài nguyên được yêu cầu.
+- [ ] Xác nhận dữ liệu `content-type` ở mỗi tiêu đề (Content Negotiation) chỉ cho phép những định dạng được hỗ trợ (chẳng hạn như. `application/xml`, `application/json`, vv) và phản hồi `406 Not Acceptable` nếu không khớp.
+- [ ] Xác nhận dữ liệu `content-type` được chấp nhận khi gửi lên (chẳng hạn như. `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json`, vv).
+- [ ] Xác nhận đầu vào dữ liệu người dùng để tránh các lỗ hổng phổ biến (chẳng hạn như. `XSS`, `SQL-Injection`, `Remote Code Execution`, vv).
+- [ ] Không sử dụng các dữ liệu nhạy cảm như (`credentials`, `Passwords`, `security tokens`, or `API keys`) tại URL, tuy nhiên có thể sử dụng các tiêu đề xác thực.
+- [ ] Sử dụng các dịch vụ API Gateway để bật bộ nhớ cache, Rate Limit policies (chẳng hạng như. `Quota`, `Spike Arrest`, `Concurrent Rate Limit`) và triển khai tài nguyên APIs một cách năng động.
+
+## Processing
+- [ ] Kiểm tra các điểm đầu cuối đều được bảo vệ để tránh các tiến trình xác thực bị hỏng.
+- [ ] Nên tránh việc sử dụng ID của tài nguyên. Sử dụng `/me/orders` thay vì `/user/654321/orders`.
+- [ ] Không tự động tăng ID. Sử dụng UUID để thay thế..
+- [ ] Nếu bạn muốn phân tích các tập tin XML, hãy chắc chắn các phần tử không được bật để tránh `XXE` (XML tấn công thực thể từ bên ngoài).
+- [ ] Nếu bạn muốn phân tích các tập tin XML, đảm bảo việc mở rộng thực thể không được kích hoạt để tránh để tránh `Billion Laughs/XML bomb` qua việc tấn công.
+- [ ] Sử dụng CDN để tải lên tệp tin.
+- [ ] Nếu bạn đang cần xử lý với lượng dữ liệu lớn, sử dụng các kỹ thuật Workers và Queues để xử lý tác vụ dưới nền càng nhiều càng tốt và giúp phản hồi nhanh để tránh bị chặn HTTP.
+- [ ] Đừng quên tắt chế độ DEBUG.
+
+## Output
+- [ ] Gửi `X-Content-Type-Options: nosniff` ở tiêu đề.
+- [ ] Gửi `X-Frame-Options: deny` ở tiêu đề.
+- [ ] Gửi `Content-Security-Policy: default-src 'none'` ở tiêu đề.
+- [ ] Gỡ các thông tin về tiêu đề dấu vân tay - `X-Powered-By`, `Server`, `X-AspNet-Version` vv.
+- [ ] Phản hồi bắt buộc có thông tin `content-type`, nếu bạn trả về `application/json` thì phản hồi `content-type` của bạn sẽ là `application/json`.
+- [ ] Không gửi các thông tin nhạy cảm như `credentials`, `Passwords`, `security tokens`.
+- [ ] Trả về mã trạng thái tương ứng với hành động đã hoàn thành. (chẳng hạn. `200 OK`, `400 Không đúng định dạng`, `401 Chưa xác thực`, `405 Phương thức không được phép`, vv).
+
+## CI & CD ( Tích hợp và triển khai liên tục)
+- [ ] Kiểm tra thiết kế và thực hiện đầy đủ việc test với unit/integration.
+- [ ] Áp dụng quy trình đánh giá code và bỏ qua việc tự phê duyệt.
+- [ ] Đảm bảo các thành phần của dịch vụ được duyệt với phần mềm AV trước khi được đẩy lên bản chính, bao gồm các thư viện và các sự phụ thuộc khác.
+- [ ] Thiết kế một giải pháp rollback (quản lý dữ liệu) cho việc triển khai.
+
+
+------------------------------------------------------------------------------
+
+# Đóng góp
+Hãy đóng góp bằng cách forking kho này, thực hiện một số thay đổi và gửi yêu cầu kéo. Đối với bất kỳ câu hỏi nào, hãy gửi email cho chúng tôi theo địa chỉ `team@shieldfy.io`.

From 6afcedfa668b0a4d2091832702a2bd51ebc2dcf0 Mon Sep 17 00:00:00 2001
From: zorig <zorig.ganbold@gmail.com>
Date: Sun, 6 Aug 2017 20:06:52 +0900
Subject: [PATCH 021/149] Mongolian translation

---
 README-de.md    |  2 +-
 README-es.md    |  2 +-
 README-fr.md    |  2 +-
 README-id.md    |  2 +-
 README-it.md    |  2 +-
 README-ja.md    |  2 +-
 README-jp.md    |  2 +-
 README-ko.md    |  2 +-
 README-mn.md    | 66 +++++++++++++++++++++++++++++++++++++++++++++++++
 README-nl.md    |  2 +-
 README-pt_BR.md |  2 +-
 README-ru.md    |  2 +-
 README-th.md    |  2 +-
 README-tr.md    |  2 +-
 README-uk.md    |  2 +-
 README-vi.md    |  2 +-
 README-zh.md    |  2 +-
 README.md       |  2 +-
 18 files changed, 83 insertions(+), 17 deletions(-)
 create mode 100644 README-mn.md

diff --git a/README-de.md b/README-de.md
index 7eb2cec..a9fca41 100644
--- a/README-de.md
+++ b/README-de.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Türkçe](./README-tr.md) 
+[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Türkçe](./README-tr.md) | [Монгол](./README-mn.md)
 
 # API Security Checkliste
 Checkliste für die wichtigsten Sicherheitsmaßnahmen beim Designen, Testen und Veröffentlichen deiner API.
diff --git a/README-es.md b/README-es.md
index 1a617c8..4ec2cf6 100644
--- a/README-es.md
+++ b/README-es.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) 
+[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Монгол](./README-mn.md)
 
 # Lista de seguridad en APIs
 Lista de las contramedidas de seguridad más importantes en cuanto al diseño, testing y publicación de tu API.
diff --git a/README-fr.md b/README-fr.md
index cee47cb..173530b 100644
--- a/README-fr.md
+++ b/README-fr.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) 
+[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Монгол](./README-mn.md)
 
 # API Security Checklist
 Checklist des points de sécurité les plus importants lors de la conception, du test et de la mise en production de votre API.
diff --git a/README-id.md b/README-id.md
index 04d534c..e2b4cbc 100644
--- a/README-id.md
+++ b/README-id.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) 
+[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Монгол](./README-mn.md)
 
 # Checklist Keamanan API
 Checklist penanggulangan keamanan yang paling penting ketika merancang, menguji, dan melepaskan API ke khalayak
diff --git a/README-it.md b/README-it.md
index 92ea326..dc49cf3 100644
--- a/README-it.md
+++ b/README-it.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) 
+[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Монгол](./README-mn.md)
 
 # Checklist per la sicurezza delle API
 Una checklist per le più importanti contromisure da mettere in pratica quando strutturiamo, testiamo e rilasciamo le nostre API.
diff --git a/README-ja.md b/README-ja.md
index 0f0b39c..5cd0548 100644
--- a/README-ja.md
+++ b/README-ja.md
@@ -1,4 +1,4 @@
-[中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국의](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [Türkçe](./README-tr.md) 
+[中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국의](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [Türkçe](./README-tr.md) | [Монгол](./README-mn.md)
 
 # APIセキュリティチェックリスト
 APIを設計、テスト、リリースするときの最も重要なセキュリティ対策のチェックリスト
diff --git a/README-jp.md b/README-jp.md
index dad47d7..a1c0603 100644
--- a/README-jp.md
+++ b/README-jp.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) 
+[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Монгол](./README-mn.md)
 
 # API Security Checklist
 これはAPIの設計, テスト, リリース時における、重要なセキュリティ対策チェックリストです。
diff --git a/README-ko.md b/README-ko.md
index 7312b68..ecc38bb 100644
--- a/README-ko.md
+++ b/README-ko.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) 
+[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Монгол](./README-mn.md)
 
 # API 보안 체크리스트
 API를 설계하고 테스트하고 배포할 때 고려해야 할 중요한 보안 대책 체크리스트입니다.
diff --git a/README-mn.md b/README-mn.md
new file mode 100644
index 0000000..ef1bd7d
--- /dev/null
+++ b/README-mn.md
@@ -0,0 +1,66 @@
+[中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) 
+
+# API Аюулгүйн жагсаалт
+API гаргах, загварчлах, тестлэхэд аюулгүйн талаас авах сөрөг арга хэмжээний жагсаалт
+
+------------------------------------------------------------------------------
+## Authentication
+- [ ] `Basic Auth` бүү ашигла, Стандарт authentication ашигла (Жнь. [JWT](https://jwt.io/), [OAuth](https://oauth.net/)).
+- [ ] `Authentication` -ын `token generation`, `password storage` зэргийг бүү дахин шинээр хий, стандарт ашигла.
+- [ ] Нэвтрэх(Login) үед `Max Retry` ашиглан хорилт хий.
+- [ ] Чухал өгөгдлүүдийг encrupt хий.
+
+### JWT (JSON Web Token)
+- [ ] Санамсаргүй үүссэн түлхүүр (`JWT Secret`) ашиглаж token -ыг brute force -оос хамгаал.
+- [ ] Payload -аас алгоритмаа бүү задал. Backend дээрээ хий (`HS256` or `RS256`).
+- [ ] Токен дуусах хугацаа (`TTL`, `RTTL`) аль болох бага болго.
+- [ ] Чухал өгөгдлийг JWT payload -д бүү хадгал, decode хийхэд [амархан](https://jwt.io/#debugger-io).
+
+### OAuth
+- [ ] `redirect_uri` -ыг үргэлж сервер талд шалган зөвшөөрөгдсөн URL эсэхийг шалга.
+- [ ] Аль болох токен биш код солилц (`response_type=token` -ыг зөвшөөрч болохгүй).
+- [ ] OAuth authentication -ын үед `state` параметрийг санамсаргүй үүссэн hash ашиглан CSRF ээс сэргийлнэ.
+- [ ] Хувьсагчид анхны утга заавал оноож өг, утгыг байнга шалга.
+
+## Access
+- [ ] Хүсэлтийн тоог хязгаарлаж (Throttling) DDoS / brute-force дайралтаас хамгаална.
+- [ ] HTTPS ашиглаж сервер талдаа MITM (Man In The Middle Attack) дайралтаас хамгаална.
+- [ ] `HSTS` header -ыг SSL дээр ашиглаж SSL Strip дайралтаас хамгаална.
+
+## Input
+- [ ] Яг зөв HTTP хүсэлтийг ашигла: `GET (унших)`, `POST (үүсгэх)`, `PUT/PATCH (орлуулах/солих)`, мөн `DELETE (устгах)`, бас `405 Method Not Allowed` -ыг хүсэлтийн төрөл тодорхойгүй үед ашигла.
+- [ ] `content-type` -ыг хүсэлтийн header (Content Negotiation) дээр шалгаж зөвхөн дэмжигдсэн төрлийг зөвшөөр (Жнь. `application/xml`, `application/json`, etc) бас төрөл нь таарахгүй бол `406 Not Acceptable` хариу буцаа.
+- [ ] `content-type` -ыг post хийх өгөгдөл дээр шалга (Жнь. `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json`, г.м).
+- [ ] Хэрэглэгчээс гараас оруулсан утгыг шалгаж түгээмэл нүхнүүдээс сэргийлнэ. (Жнь. `XSS`, `SQL-Injection`, `Remote Code Execution`, г.м).
+- [ ] Чухал өгөгдлүүдийг (`credentials`, `Passwords`, `security tokens`, or `API keys`) URL ээр бүү явуул, оронд нь стандарт Authorization header ашигла.
+- [ ] API Gateway үйлчилгээ ашиглан Rate Limit Policies (Жнь. `Quota`, `Spike Arrest`, `Concurrent Rate Limit`) болон cache хийх, мөн API deploy хийхэд ашигла.
+
+## Processing
+- [ ] Нэвтрэх явцад алдаа гарахаас сэргийлж бүх endpoint -уудыг нэвтрэх шаардлагатай эсэхийг шалгах.
+- [ ] Хэрэглэгчийн ID ашиглахаас зайлсхийх. `/user/654321/orders` үүний оронд `/me/orders` ашиглах.
+- [ ] Автоматаар нэмэгдэх ID бүү ашигла. `UUID` ашигла.
+- [ ] XML файл parse хийх үед entity parse бүү хий ингэснээр `XXE` (XML external entity attack) -аас сэргийлнэ.
+- [ ] XML файл parse хийх үед entity expansion бүү хий ингэснэр `Billion Laughs/XML bomb` дайралтаас сэргийлнэ.
+- [ ] Файл upload хийхэд CDN ашигла.
+- [ ] Их хэмжээний өгөгдөлтэй ажиллах үед Workers болон Queue ашиглан үйлдлийг аль болох background -д ажиллуулж хариуг хурдан явуулах нь HTTP Blocking -оос сэргийлнэ.
+- [ ] DEBUG горимыг унтраах.
+
+## Output
+- [ ] `X-Content-Type-Options: nosniff` header дээр явуул.
+- [ ] `X-Frame-Options: deny` header дээр явуул.
+- [ ] `Content-Security-Policy: default-src 'none'` header дээр явуул.
+- [ ] Ул мөр үлдээх `X-Powered-By`, `Server`, `X-AspNet-Version` header үүдыг устга.
+- [ ] `content-type` -ыг хүсэлтийн хариуд нь харгалзан буцаах, Хэрвээ `application/json` хүсэлт явсан бол хариуд нь `content-type` нь `application/json` байх.
+- [ ] Чухал өгөгдлүүд `credentials`, `Passwords`, `security tokens` бүү буцаа.
+- [ ] Тухайн ажилд тохирсон статус код илгээх. (Жнь. `200 OK`, `400 Bad Request`, `401 Unauthorized`, `405 Method Not Allowed`, г.м).
+
+## CI & CD
+- [ ] unit/integration тест ашиглан системийн загварчлал, хэрэгжилтийг шалгах.
+- [ ] Код шалгалт ашигла, мөн өөрөө өөрийгөө ч шалга.
+- [ ] Бүх тусдаа хэсгүүд бүр vendor сан, бусад нэмэлт сангууд бүгдийг нь AV програмаар статикаар шалга.
+- [ ] Ямар ч үед deploy хийхэд амар шийдэл гаргах.
+
+------------------------------------------------------------------------------
+
+# Оролцоо
+Энэ рэпод оролцох бол fork хийж өөрчлөлтөө оруулаад pull request үүсгэнэ үү. Асуулт байвал бидэнтэй холбогдоорой `team@shieldfy.io`.
\ No newline at end of file
diff --git a/README-nl.md b/README-nl.md
index 356fce7..c384773 100644
--- a/README-nl.md
+++ b/README-nl.md
@@ -1,4 +1,4 @@
-[中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) 
+[中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Монгол](./README-mn.md)
 
 # API Security Checklist
 Checklist met de belangrijkste tegenmaatregelen bij het ontwerpen, testen en uitbrengen van een API.
diff --git a/README-pt_BR.md b/README-pt_BR.md
index 08cd6aa..7121d2e 100644
--- a/README-pt_BR.md
+++ b/README-pt_BR.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [中文版](./README-zh.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) 
+[English](./README.md) | [中文版](./README-zh.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Монгол](./README-mn.md)
 
 # API Security Checklist
 Lista das mais importantes medidas de segurança para o desenvolvimento, teste e publicação da sua API.
diff --git a/README-ru.md b/README-ru.md
index 21d68a5..12a76a5 100644
--- a/README-ru.md
+++ b/README-ru.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) 
+[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Монгол](./README-mn.md)
 
 # Контрольный список безопасности API
 Контрольный список наиболее важных контрмер безопасности при разработке, тестировании и выпуске вашего API.
diff --git a/README-th.md b/README-th.md
index eb411c7..4187b2b 100644
--- a/README-th.md
+++ b/README-th.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) 
+[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Монгол](./README-mn.md)
 
 # API Security Checklist
 Checklist ที่ต้องให้ความสำคัญเมื่อมีการสร้าง API ในช่วงการออกแบบ ทดสอบระบบ และการปล่อยให้คนนอกใช้
diff --git a/README-tr.md b/README-tr.md
index 017a310..81198c6 100644
--- a/README-tr.md
+++ b/README-tr.md
@@ -1,4 +1,4 @@
-[中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md)
+[中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Монгол](./README-mn.md)
 
 # API Güvenlik Kontrol Listesi
 API'nizi tasarlarken, test ederken ve yayınlarken en önemli güvenlik önlemlerinin kontrol listesi.
diff --git a/README-uk.md b/README-uk.md
index 7e8ba6f..627b483 100644
--- a/README-uk.md
+++ b/README-uk.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) 
+[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Монгол](./README-mn.md)
 
 # Контрольний список безпеки API
 Контрольний список найбільш важливих контрзаходів безпеки при розробці, тестуванні та випуску вашого API.
diff --git a/README-vi.md b/README-vi.md
index 83bba29..be5769d 100644
--- a/README-vi.md
+++ b/README-vi.md
@@ -1,4 +1,4 @@
-[中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Việt Nam](./README-vi.md) 
+[中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Việt Nam](./README-vi.md) | [Монгол](./README-mn.md)
 
 # Danh sách các giải pháp an toàn cho API
 Những giải pháp an toàn và cách khắc phục khi thiết kế, kiểm tra và phát hành API cho ứng dụng của bạn.
diff --git a/README-zh.md b/README-zh.md
index 8974f59..edd6b56 100644
--- a/README-zh.md
+++ b/README-zh.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) 
+[English](./README.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Монгол](./README-mn.md)
 
 # 开发安全的 API 所需要核对的清单
 以下是当你在设计, 测试以及发布你的 API 的时候所需要核对的重要安全措施.
diff --git a/README.md b/README.md
index 4799c62..e50175b 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,4 @@
-[中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) 
+[中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Монгол](./README-mn.md)
 
 # API Security Checklist
 Checklist of the most important security countermeasures when designing, testing, and releasing your API.

From 60b5d258c5af38e618a7b4291cb5f2bf88c52887 Mon Sep 17 00:00:00 2001
From: Caleb Mazalevskis <maikuolan@gmail.com>
Date: Sun, 6 Aug 2017 23:36:24 +0800
Subject: [PATCH 022/149] Patch.

Sync translations list, spacing, etc; Swaps out "jp" link for a "ja"
link.
---
 README-de.md    |  9 ++++++---
 README-es.md    |  8 +++++---
 README-fr.md    |  8 +++++---
 README-id.md    |  8 +++++---
 README-it.md    | 12 +++++++-----
 README-ja.md    |  8 +++++---
 README-jp.md    |  8 +++++---
 README-ko.md    |  8 +++++---
 README-mn.md    | 11 +++++++----
 README-nl.md    | 12 +++++++-----
 README-pt_BR.md |  8 +++++---
 README-ru.md    |  8 +++++---
 README-th.md    |  9 ++++++---
 README-tr.md    | 18 +++++++++---------
 README-uk.md    |  8 +++++---
 README-vi.md    |  8 +++++---
 README-zh.md    |  8 +++++---
 README.md       |  8 +++++---
 18 files changed, 102 insertions(+), 65 deletions(-)

diff --git a/README-de.md b/README-de.md
index a9fca41..fbbfa4d 100644
--- a/README-de.md
+++ b/README-de.md
@@ -1,9 +1,11 @@
-[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Türkçe](./README-tr.md) | [Монгол](./README-mn.md)
+[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md)
 
 # API Security Checkliste
 Checkliste für die wichtigsten Sicherheitsmaßnahmen beim Designen, Testen und Veröffentlichen deiner API.
 
-------------------------------------------------------------------------------
+
+---
+
 ## Authentifizierung
 - [ ] Verwende kein `Basic Auth`. Nutze standardisierte Authentifizierungsmethoden (bspw. JWT, OAuth).
 - [ ] Erfinde das Rad nicht neu für `Authentication`, `Tokengenerierung` oder `Passwort speichern`. Nutze hierfür existierende Standards.
@@ -60,7 +62,8 @@ Checkliste für die wichtigsten Sicherheitsmaßnahmen beim Designen, Testen und
 - [ ] Stelle sicher, dass alle verwendeten Komponenten (Bibliotheken und alle anderen Abhängigkeiten) noch einmal statisch von einer Anti-Virus Software überprüft wurden bevor diese in die Produktionsumgebung gehen.
 - [ ] Stelle sicher, dass du im Fehlerfall auch schnell wieder den vorherigen Stand einspielen kannst (Rollback).
 
-------------------------------------------------------------------------------
+
+---
 
 # Contribution
 Du kannst gerne etwas beisteuern, indem du einen Fork dieses Repositorys erstellst, Änderungen vornimmst und dann einen Pull Request anlegst. Bei Fragen schick uns eine E-Mail an `team@shieldfy.io`.
diff --git a/README-es.md b/README-es.md
index 4ec2cf6..0380cd8 100644
--- a/README-es.md
+++ b/README-es.md
@@ -1,9 +1,11 @@
-[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Монгол](./README-mn.md)
+[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md)
 
 # Lista de seguridad en APIs
 Lista de las contramedidas de seguridad más importantes en cuanto al diseño, testing y publicación de tu API.
 
-------------------------------------------------------------------------------
+
+---
+
 ## Autenticación
 - [ ] No uses `Basic Auth` Usa autenticación estándar (e.g. JWT, OAuth).
 - [ ] No reinventes la rueda en `autenticación`, `generación de tokens`, `almacenamiento de contraseñas`. Usa los estándares.
@@ -61,7 +63,7 @@ Lista de las contramedidas de seguridad más importantes en cuanto al diseño, t
 - [ ] Diseña un proceso de `rollback` para tus `deploys`.
 
 
-------------------------------------------------------------------------------
+---
 
 # Contribución
 Siéntete libre de contribuir haciendo un fork de éste repositorio, haciendo cambios, y enviando pull requests. Para cualquier pregunta déjanos un email en `team@shieldfy.io`.
diff --git a/README-fr.md b/README-fr.md
index 173530b..41675bf 100644
--- a/README-fr.md
+++ b/README-fr.md
@@ -1,9 +1,11 @@
-[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Монгол](./README-mn.md)
+[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md)
 
 # API Security Checklist
 Checklist des points de sécurité les plus importants lors de la conception, du test et de la mise en production de votre API.
 
-------------------------------------------------------------------------------
+
+---
+
 ## Authentification
 - [ ] Ne pas utiliser une authentification basique http (`Basic Auth`) mais plutôt un standard d'authentification (tel que JWT, OAuth).
 - [ ] Ne pas réinventer la roue lors de `l'authentification`, `la génération de token`, `le stockage de mots de passe` mais utiliser les standards.
@@ -61,7 +63,7 @@ Checklist des points de sécurité les plus importants lors de la conception, du
 - [ ] Concevez une solution de rollback pour les déploiements.
 
 
-------------------------------------------------------------------------------
+---
 
 # Contribution
 N'hésitez pas à contribuer en forkant ce dépôt, faire quelques changements, et soumettre une pull request. Pour toute question, envoyez un courriel à `team@shieldfy.io`.
diff --git a/README-id.md b/README-id.md
index e2b4cbc..2154683 100644
--- a/README-id.md
+++ b/README-id.md
@@ -1,9 +1,11 @@
-[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Монгол](./README-mn.md)
+[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md)
 
 # Checklist Keamanan API
 Checklist penanggulangan keamanan yang paling penting ketika merancang, menguji, dan melepaskan API ke khalayak
 
-------------------------------------------------------------------------------
+
+---
+
 ## Autentikasi
 - [ ] Jangan gunakan `Basic Auth`. Gunakan autentikasi baku (Contoh: JWT, Oauth)
 - [ ] Gunakan mekanisme baku untuk `autentikasi`, `pembuatan token`, dan `penyimpanan kata sandi`
@@ -61,7 +63,7 @@ Checklist penanggulangan keamanan yang paling penting ketika merancang, menguji,
 - [ ] Rancang solusi kembali ke versi sebelumnya pada proses penyebaran.
 
 
-------------------------------------------------------------------------------
+---
 
 # Kontribusi
 Silahkan berkontribusi dengan cara menduplikasi repositori ini, lakukan perubahan, dan kirimkan PR. Jika ada pertanyaan silakan kirim email ke `team@shieldfy.io`.
diff --git a/README-it.md b/README-it.md
index dc49cf3..aaa9584 100644
--- a/README-it.md
+++ b/README-it.md
@@ -1,9 +1,11 @@
-[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Монгол](./README-mn.md)
+[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md)
 
 # Checklist per la sicurezza delle API
 Una checklist per le più importanti contromisure da mettere in pratica quando strutturiamo, testiamo e rilasciamo le nostre API.
 
-------------------------------------------------------------------------------
+
+---
+
 ## Autenticazione
 - [ ] Non usare la `Basic Auth` Utilizzare piuttosto dei sistemi di identification standard (es. JWT, OAuth).
 - [ ] Non re-inventarsi sistemi di `Autenticazione`, `generazione token`, `salvtaggio password`. Utilizzare gli standard.
@@ -60,8 +62,8 @@ Una checklist per le più importanti contromisure da mettere in pratica quando s
 - [ ] Verifica che tutti i componenti dei tuoi servizi siano controllati da software AV prima di essere messi in produzione, incluse le librerie di terze parti.
 - [ ] Definisci una strategia di rollback per il delpoy.
 
-------------------------------------------------------------------------------
+
+---
 
 # Contribuire
-Sentitivi liberi di contribuire a questo progetto facendo un fork, modificandolo e inviando una pull request.
-Per qualsiasi dubbio inviare un'email all'indirizzo: `team@shieldfy.io`.
+Sentitivi liberi di contribuire a questo progetto facendo un fork, modificandolo e inviando una pull request. Per qualsiasi dubbio inviare un'email all'indirizzo: `team@shieldfy.io`.
diff --git a/README-ja.md b/README-ja.md
index 5cd0548..399f9d7 100644
--- a/README-ja.md
+++ b/README-ja.md
@@ -1,9 +1,11 @@
-[中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국의](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [Türkçe](./README-tr.md) | [Монгол](./README-mn.md)
+[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md)
 
 # APIセキュリティチェックリスト
 APIを設計、テスト、リリースするときの最も重要なセキュリティ対策のチェックリスト
 
-------------------------------------------------------------------------------
+
+---
+
 ## 認証
 - [ ] Basic認証を利用せず、標準的な認証を利用する (例: JWT、OAuth)
 - [ ] 「認証」、「トークンの生成」、「パスワードの保管」の車輪の再発明を行わず、標準のものを利用する
@@ -61,7 +63,7 @@ APIを設計、テスト、リリースするときの最も重要なセキュ
 - [ ] デプロイについてロールバックソリューションを開発する。
 
 
-------------------------------------------------------------------------------
+---
 
 # コントリビューション
 このリポジトリをforkして、変更し、プルリクエストを送信し、自由にコントリビューションしてください。何か質問があれば `team@shieldfy.io` まで電子メールを送ってください。
diff --git a/README-jp.md b/README-jp.md
index a1c0603..7b633fa 100644
--- a/README-jp.md
+++ b/README-jp.md
@@ -1,9 +1,11 @@
-[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Монгол](./README-mn.md)
+[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md)
 
 # API Security Checklist
 これはAPIの設計, テスト, リリース時における、重要なセキュリティ対策チェックリストです。
 
-------------------------------------------------------------------------------
+
+---
+
 ## 認証(Authentication)
 - [ ] `Basic認証`を使用してはならない。標準的な認証を使う。(例 JWT, OAuth)
 - [ ] `認証`, `トークン生成`, `パスワードの保管`において車輪の再発明をしてはならない。
@@ -61,7 +63,7 @@
 - [ ] デプロイのロールバックを用意する。
 
 
-------------------------------------------------------------------------------
+---
 
 # コントリビュート (Contribution)
 お気軽にこのリポジトリをフォークし、変更を加え、プルリクエストを送って下さい。ご質問はこちらのメールアドレスまでお願い致します。`team@shieldfy.io`
diff --git a/README-ko.md b/README-ko.md
index ecc38bb..d842c06 100644
--- a/README-ko.md
+++ b/README-ko.md
@@ -1,9 +1,11 @@
-[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Монгол](./README-mn.md)
+[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md)
 
 # API 보안 체크리스트
 API를 설계하고 테스트하고 배포할 때 고려해야 할 중요한 보안 대책 체크리스트입니다.
 
-------------------------------------------------------------------------------
+
+---
+
 ## 인증 (Authentication)
 - [ ] `Basic Auth`를 사용하지 말고 표준 인증방식을 사용하세요. (예로, JWT, OAuth 등)
 - [ ] `인증`, `토큰 생성`, `패스워드 저장`은 직접 개발하지 말고 표준을 사용하세요.
@@ -52,7 +54,7 @@ API를 설계하고 테스트하고 배포할 때 고려해야 할 중요한 보
 - [ ] 각 연산에 맞는 적절한 상태 코드를 반환하세요. (예를 들어 `200 OK`, `400 Bad Request`, `401 Unauthorized`, `405 Method Not Allowed` 등)
 
 
-------------------------------------------------------------------------------
+---
 
 # Contribution
 Feel free to contribute, fork -> edit -> submit pull request. For any questions drop us an email at team@shieldfy.io.
diff --git a/README-mn.md b/README-mn.md
index ef1bd7d..c111d1c 100644
--- a/README-mn.md
+++ b/README-mn.md
@@ -1,9 +1,11 @@
-[中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) 
+[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md)
 
 # API Аюулгүйн жагсаалт
 API гаргах, загварчлах, тестлэхэд аюулгүйн талаас авах сөрөг арга хэмжээний жагсаалт
 
-------------------------------------------------------------------------------
+
+---
+
 ## Authentication
 - [ ] `Basic Auth` бүү ашигла, Стандарт authentication ашигла (Жнь. [JWT](https://jwt.io/), [OAuth](https://oauth.net/)).
 - [ ] `Authentication` -ын `token generation`, `password storage` зэргийг бүү дахин шинээр хий, стандарт ашигла.
@@ -60,7 +62,8 @@ API гаргах, загварчлах, тестлэхэд аюулгүйн та
 - [ ] Бүх тусдаа хэсгүүд бүр vendor сан, бусад нэмэлт сангууд бүгдийг нь AV програмаар статикаар шалга.
 - [ ] Ямар ч үед deploy хийхэд амар шийдэл гаргах.
 
-------------------------------------------------------------------------------
+
+---
 
 # Оролцоо
-Энэ рэпод оролцох бол fork хийж өөрчлөлтөө оруулаад pull request үүсгэнэ үү. Асуулт байвал бидэнтэй холбогдоорой `team@shieldfy.io`.
\ No newline at end of file
+Энэ рэпод оролцох бол fork хийж өөрчлөлтөө оруулаад pull request үүсгэнэ үү. Асуулт байвал бидэнтэй холбогдоорой `team@shieldfy.io`.
diff --git a/README-nl.md b/README-nl.md
index c384773..f4816be 100644
--- a/README-nl.md
+++ b/README-nl.md
@@ -1,9 +1,11 @@
-[中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Монгол](./README-mn.md)
+[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md)
 
 # API Security Checklist
 Checklist met de belangrijkste tegenmaatregelen bij het ontwerpen, testen en uitbrengen van een API.
 
-------------------------------------------------------------------------------
+
+---
+
 ## Authenticatie
 - [ ] Gebruik geen `Basic Auth` Gebruik industrie standaarden (v.b. JWT, OAuth).
 - [ ] Vind het wiel niet opnieuw uit voor `Authenticatie`, `Genereren van Tokens` en `Opslaan van Wachtwoorden`. Gebruik de standaarden.
@@ -60,10 +62,10 @@ Checklist met de belangrijkste tegenmaatregelen bij het ontwerpen, testen en uit
 - [ ] Scan de API voor het naar productie zetten door AV software, niet alleen eigen code maar ook de libraries en andere gebruikte dependencies.
 - [ ] Ontwikkel een terugrol oplossing.
 
-------------------------------------------------------------------------------
 
-Translation by | Vertaling door :[S.Holzhauer](https://github.com/SHolzhauer)
+---
 
+Translation by | Vertaling door :[S.Holzhauer](https://github.com/SHolzhauer)
 
 # Contribution
-Feel free to contribute, fork -> edit -> submit pull request. For any questions drop us an email at team@shieldfy.io.
+Voel u vrij om bij te helpen door deze repository te fork, wijzigingen aan te brengen, en pull requests in te dienen. Voor vragen kunt u ons mailen op `team@shieldfy.io`.
diff --git a/README-pt_BR.md b/README-pt_BR.md
index 7121d2e..ed2eb31 100644
--- a/README-pt_BR.md
+++ b/README-pt_BR.md
@@ -1,9 +1,11 @@
-[English](./README.md) | [中文版](./README-zh.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Монгол](./README-mn.md)
+[English](./README.md) | [中文版](./README-zh.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md)
 
 # API Security Checklist
 Lista das mais importantes medidas de segurança para o desenvolvimento, teste e publicação da sua API.
 
-------------------------------------------------------------------------------
+
+---
+
 ## Autenticação (_Authentication_)
 - [ ] Não use `Basic Auth`. Use padrões de autenticação (exemplo: JWT, OAuth).
 - [ ] Não reinvente a roda nos quesitos `Autenticação`, `geração de tokens` e `armazenamento de senhas`. Use os padrões recomendados para cada caso.
@@ -61,7 +63,7 @@ Lista das mais importantes medidas de segurança para o desenvolvimento, teste e
 - [ ] Implemente funcionalidade de reversão de _deploy_ (_rollback_).
 
 
-------------------------------------------------------------------------------
+---
 
 # Contribuindo
 Sinta-se livre para contribuir, fazendo um fork deste repositório, fazendo algumas alterações e enviando um PR. Dúvidas, envie um e-mail para `team@shieldfy.io`.
diff --git a/README-ru.md b/README-ru.md
index 12a76a5..7c0962f 100644
--- a/README-ru.md
+++ b/README-ru.md
@@ -1,9 +1,11 @@
-[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Монгол](./README-mn.md)
+[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md)
 
 # Контрольный список безопасности API
 Контрольный список наиболее важных контрмер безопасности при разработке, тестировании и выпуске вашего API.
 
-------------------------------------------------------------------------------
+
+---
+
 ## Аутентификация
 - [ ] Не используйте `Basic Auth` Используйте стандартную проверку подлинности (например: JWT, OAuth).
 - [ ] Не "изобретайте колесо" в `аутентификации`, `создании токенов`, `хранении паролей`. Используйте стандарты.
@@ -61,7 +63,7 @@
 - [ ] Создайте решение отката для развертывания.
 
 
-------------------------------------------------------------------------------
+---
 
 # Вклад
 Не стесняйтесь вносить вклад, открывая этот репозиторий, внося некоторые изменения и отправляя `Pull Requests`. По любым вопросам напишите нам письмо по адресу `team@shieldfy.io`.
diff --git a/README-th.md b/README-th.md
index 4187b2b..7dee3f2 100644
--- a/README-th.md
+++ b/README-th.md
@@ -1,9 +1,11 @@
-[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Монгол](./README-mn.md)
+[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md)
 
 # API Security Checklist
 Checklist ที่ต้องให้ความสำคัญเมื่อมีการสร้าง API ในช่วงการออกแบบ ทดสอบระบบ และการปล่อยให้คนนอกใช้
 
-------------------------------------------------------------------------------
+
+---
+
 ## Authentication (การพิสูจน์ตัวตน)
 - [ ] ไม่ควรใช้ `Basic Auth` (การ authen ปกติด้วยusername password) สำหรับการพิสูจน์ตัวตน แต่ให้ใช้รูปแบบมาตรฐานสากลแทน(e.g. JWT, OAuth).
 - [ ] ไม่ต้องเสียเวลาสร้างวิธี Authentication ใหม่ขึ้นมา ให้ใช้ที่มีอยู่ในมาตรฐานไปเลย
@@ -59,7 +61,8 @@ Checklist ที่ต้องให้ความสำคัญเมื่
 - [ ] มั่นใจว่าทุกอย่างใน service ปลอดไวรัสแล้วก่อนจะนำขึ้น production รวมถึง lib ของพวก vendor กับ dependencies อื่นๆด้วย
 - [ ] ออกแบบวิธี rollback ไว้ด้วยก่อนจะนำขึ้นไป เพราะเวลาเกิดปัญหาจะได้ย้อนกลับมาใช้ version เก่าไปก่อนได้ (อาจพบได้บ่อยตอนพัฒนา feature ใหม่ๆ)
 
-------------------------------------------------------------------------------
+
+---
 
 # Contribution
 Feel free to contribute by forking this repository, making some changes, and submitting pull requests. For any questions drop us an email at `team@shieldfy.io`.
diff --git a/README-tr.md b/README-tr.md
index 81198c6..2046ae6 100644
--- a/README-tr.md
+++ b/README-tr.md
@@ -1,10 +1,12 @@
-[中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Монгол](./README-mn.md)
+[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md)
 
 # API Güvenlik Kontrol Listesi
 API'nizi tasarlarken, test ederken ve yayınlarken en önemli güvenlik önlemlerinin kontrol listesi.
 
-------------------------------------------------------------------------------
-## Authentication (Kimlik doğrulama) 
+
+---
+
+## Authentication (Kimlik doğrulama)
 - [ ] `Basic Auth` kullanmayın. Standard authentication kullanın (ör. [JWT](https://jwt.io/), [OAuth](https://oauth.net/)).
 - [ ] `Authentication`, `token generation`, `password storage` için tekerleği yeniden icat etmeyin. Standartları kullanın.
 - [ ] `Max Retry` kullanarak giriş hakkını sınırlayın.
@@ -33,11 +35,9 @@ API'nizi tasarlarken, test ederken ve yayınlarken en önemli güvenlik önlemle
 - [ ] Gönderilen verileri doğrularken gelen verinin `content-type` de doğrulayın (ör. `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json`, v.b.).
 - [ ] Genel güvenlik açıklarını önlemek için Kullanıcı girişini doğrulayın (ör. `XSS`, `SQL-Injection`, `Remote Code Execution`, v.b.).
 - [ ] URL'de hassas veriler (`credentials`, `Passwords`, `security tokens`, veya `API keys`) kullanmayın, ancak standart Authorization header kullanın.
-- [ ] Önbelleklemeyi etkinleştirmek, hız sınır politikalarını (ör. `Quota`, `Spike Arrest`, `Concurrent Rate Limit`) ve API kaynaklarını dinamik olarak dağıtmak için bir API Gateway hizmeti kullanın. 
-
-
+- [ ] Önbelleklemeyi etkinleştirmek, hız sınır politikalarını (ör. `Quota`, `Spike Arrest`, `Concurrent Rate Limit`) ve API kaynaklarını dinamik olarak dağıtmak için bir API Gateway hizmeti kullanın.
 
-## Processing 
+## Processing
 - [ ] Authentication işleminin sonlandırılmasını önlemek için, tüm bitiş noktalarının Authentication arkasında korunup korunmadığını kontrol edin.
 - [ ] Kullanıcı kendi kaynak ID'sinden kaçınmalıdır. `/me/orders` yerine `/user/654321/orders` kullanmalıdır.
 - [ ] Otomotik artan ID'ler kullanmayın. Yerine `UUID` kullanın.
@@ -47,7 +47,7 @@ API'nizi tasarlarken, test ederken ve yayınlarken en önemli güvenlik önlemle
 - [ ] Büyük miktarda veri ile uğraşıyorsanız, HTTP engellemeyi önlemek için İşçi ve Kuyrukları arka planda olabildiğince işlem yapmak ve yanıtı hızlı bir şekilde yanıtlamak için kullanın.
 - [ ] DEBUG modunu kapatmayı unutmayın!.
 
-## Output 
+## Output
 - [ ] `X-Content-Type-Options: nosniff` header'ı gönder.
 - [ ] `X-Frame-Options: deny` header'ı gönder.
 - [ ] `Content-Security-Policy: default-src 'none'` header'ı gönder.
@@ -63,7 +63,7 @@ API'nizi tasarlarken, test ederken ve yayınlarken en önemli güvenlik önlemle
 - [ ] Dağıtımlar için bir geri yükleme çözümü tasarlayın.
 
 
-------------------------------------------------------------------------------
+---
 
 # Destek
 Bu depoyu forklayarak, bazı değişiklikler yaparak ve pull requests göndererek katkıda bulunmaktan çekinmeyin. Herhangi bir sorunuz için bize bir e-posta bırakın: `team@shieldfy.io`.
diff --git a/README-uk.md b/README-uk.md
index 627b483..01adba4 100644
--- a/README-uk.md
+++ b/README-uk.md
@@ -1,9 +1,11 @@
-[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Монгол](./README-mn.md)
+[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md)
 
 # Контрольний список безпеки API
 Контрольний список найбільш важливих контрзаходів безпеки при розробці, тестуванні та випуску вашого API.
 
-------------------------------------------------------------------------------
+
+---
+
 ## Аутентифікація
 - [ ] Не використовуйте `Basic Auth` Використовуйте стандартну перевірку справжності (наприклад: JWT, OAuth).
 - [ ] Не "винаходьте колесо" в `аутентіфікаціі`,` створенні токенів`, `зберіганні паролей`. Використовуйте стандарти.
@@ -61,7 +63,7 @@
 - [ ] Створіть рішення відкату для розгортання.
 
 
-------------------------------------------------------------------------------
+---
 
 # Вклад
 Не соромтеся робити внесок, відкриваючи цей репозиторій, вносячи деякі зміни і відправляючи `Pull Requests`. З будь-яких питань напишіть нам лист за адресою `team@shieldfy.io`.
diff --git a/README-vi.md b/README-vi.md
index be5769d..d5162d5 100644
--- a/README-vi.md
+++ b/README-vi.md
@@ -1,9 +1,11 @@
-[中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Việt Nam](./README-vi.md) | [Монгол](./README-mn.md)
+[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Монгол](./README-mn.md)
 
 # Danh sách các giải pháp an toàn cho API
 Những giải pháp an toàn và cách khắc phục khi thiết kế, kiểm tra và phát hành API cho ứng dụng của bạn.
 
-------------------------------------------------------------------------------
+
+---
+
 ## Xác thực (Authentication)
 - [ ] Không sử dụng `Basic Auth` Sử dụng giao thức xác thực tiêu chuẩn (chẳng hạn. [JWT](https://jwt.io/), [OAuth](https://oauth.net/)).
 - [ ] Không cung cấp các thông tin `Authentication`, `token generation`, `password storage`. Sử dụng các tiêu chuẩn.
@@ -61,7 +63,7 @@ Những giải pháp an toàn và cách khắc phục khi thiết kế, kiểm t
 - [ ] Thiết kế một giải pháp rollback (quản lý dữ liệu) cho việc triển khai.
 
 
-------------------------------------------------------------------------------
+---
 
 # Đóng góp
 Hãy đóng góp bằng cách forking kho này, thực hiện một số thay đổi và gửi yêu cầu kéo. Đối với bất kỳ câu hỏi nào, hãy gửi email cho chúng tôi theo địa chỉ `team@shieldfy.io`.
diff --git a/README-zh.md b/README-zh.md
index edd6b56..880597c 100644
--- a/README-zh.md
+++ b/README-zh.md
@@ -1,9 +1,11 @@
-[English](./README.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Монгол](./README-mn.md)
+[English](./README.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md)
 
 # 开发安全的 API 所需要核对的清单
 以下是当你在设计, 测试以及发布你的 API 的时候所需要核对的重要安全措施.
 
-------------------------------------------------------------------------------
+
+---
+
 ## 身份认证
 - [ ] 不要使用 `Basic Auth` 使用标准的认证协议 (如 JWT, OAuth).
 - [ ] 不要再造 `Authentication`, `token generating`, `password storing` 这些轮子, 使用标准的.
@@ -61,7 +63,7 @@
 - [ ] 为部署设计一个回滚方案.
 
 
-------------------------------------------------------------------------------
+---
 
 # Contribution
 为此存储库创建一个 fork, 进行修改, 并提交 pull request 来贡献. 如果您有任何问题, 请发送邮件至 `team@shieldfy.io`.
diff --git a/README.md b/README.md
index e50175b..029b331 100644
--- a/README.md
+++ b/README.md
@@ -1,9 +1,11 @@
-[中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-jp.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Монгол](./README-mn.md)
+[中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md)
 
 # API Security Checklist
 Checklist of the most important security countermeasures when designing, testing, and releasing your API.
 
-------------------------------------------------------------------------------
+
+---
+
 ## Authentication
 - [ ] Don't use `Basic Auth` Use standard authentication (e.g. [JWT](https://jwt.io/), [OAuth](https://oauth.net/)).
 - [ ] Don't reinvent the wheel in `Authentication`, `token generation`, `password storage`. Use the standards.
@@ -61,7 +63,7 @@ Checklist of the most important security countermeasures when designing, testing
 - [ ] Design a rollback solution for deployments.
 
 
-------------------------------------------------------------------------------
+---
 
 # Contribution
 Feel free to contribute by forking this repository, making some changes, and submitting pull requests. For any questions drop us an email at `team@shieldfy.io`.

From 038badf86e1bfc82bb89f9258a823b6fa686e25a Mon Sep 17 00:00:00 2001
From: Caleb Mazalevskis <maikuolan@gmail.com>
Date: Mon, 14 Aug 2017 21:13:22 +0800
Subject: [PATCH 023/149] Adds a "see also" section.

---
 README-de.md    |  6 ++++++
 README-es.md    |  6 ++++++
 README-fr.md    |  6 ++++++
 README-id.md    |  6 ++++++
 README-it.md    |  6 ++++++
 README-ja.md    |  6 ++++++
 README-jp.md    |  6 ++++++
 README-ko.md    | 10 ++++++++--
 README-mn.md    |  6 ++++++
 README-nl.md    |  6 ++++++
 README-pt_BR.md |  6 ++++++
 README-ru.md    |  6 ++++++
 README-th.md    |  6 ++++++
 README-tr.md    |  6 ++++++
 README-uk.md    |  6 ++++++
 README-vi.md    |  6 ++++++
 README-zh.md    |  8 +++++++-
 README.md       |  6 ++++++
 18 files changed, 111 insertions(+), 3 deletions(-)

diff --git a/README-de.md b/README-de.md
index fbbfa4d..098f12b 100644
--- a/README-de.md
+++ b/README-de.md
@@ -63,6 +63,12 @@ Checkliste für die wichtigsten Sicherheitsmaßnahmen beim Designen, Testen und
 - [ ] Stelle sicher, dass du im Fehlerfall auch schnell wieder den vorherigen Stand einspielen kannst (Rollback).
 
 
+---
+
+## Siehe auch:
+- [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) - Eine Sammlung nützlicher Ressourcen für den Aufbau von RESTful HTTP+JSON APIs.
+
+
 ---
 
 # Contribution
diff --git a/README-es.md b/README-es.md
index 0380cd8..b088911 100644
--- a/README-es.md
+++ b/README-es.md
@@ -63,6 +63,12 @@ Lista de las contramedidas de seguridad más importantes en cuanto al diseño, t
 - [ ] Diseña un proceso de `rollback` para tus `deploys`.
 
 
+---
+
+## Ver también:
+- [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) - Una colección de recursos útiles para la creación de APIs RESTful HTTP+JSON.
+
+
 ---
 
 # Contribución
diff --git a/README-fr.md b/README-fr.md
index 41675bf..20dcc47 100644
--- a/README-fr.md
+++ b/README-fr.md
@@ -63,6 +63,12 @@ Checklist des points de sécurité les plus importants lors de la conception, du
 - [ ] Concevez une solution de rollback pour les déploiements.
 
 
+---
+
+## Voir également :
+- [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) - Une collection de ressources utiles pour créer des API RESTful HTTP+JSON.
+
+
 ---
 
 # Contribution
diff --git a/README-id.md b/README-id.md
index 2154683..c0ff541 100644
--- a/README-id.md
+++ b/README-id.md
@@ -63,6 +63,12 @@ Checklist penanggulangan keamanan yang paling penting ketika merancang, menguji,
 - [ ] Rancang solusi kembali ke versi sebelumnya pada proses penyebaran.
 
 
+---
+
+## Lihat juga:
+- [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) - Kumpulan sumber yang berguna untuk membangun API RESTful HTTP+JSON.
+
+
 ---
 
 # Kontribusi
diff --git a/README-it.md b/README-it.md
index aaa9584..30d1b8e 100644
--- a/README-it.md
+++ b/README-it.md
@@ -63,6 +63,12 @@ Una checklist per le più importanti contromisure da mettere in pratica quando s
 - [ ] Definisci una strategia di rollback per il delpoy.
 
 
+---
+
+## Guarda anche:
+- [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) - Una collezione di risorse utili per la creazione di API RESTful HTTP+JSON.
+
+
 ---
 
 # Contribuire
diff --git a/README-ja.md b/README-ja.md
index 399f9d7..b40ee05 100644
--- a/README-ja.md
+++ b/README-ja.md
@@ -63,6 +63,12 @@ APIを設計、テスト、リリースするときの最も重要なセキュ
 - [ ] デプロイについてロールバックソリューションを開発する。
 
 
+---
+
+## 参照：
+- [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) - RESTful HTTP+JSON APIを構築するための有用なリソースの集まり。
+
+
 ---
 
 # コントリビューション
diff --git a/README-jp.md b/README-jp.md
index 7b633fa..b206e90 100644
--- a/README-jp.md
+++ b/README-jp.md
@@ -63,6 +63,12 @@
 - [ ] デプロイのロールバックを用意する。
 
 
+---
+
+## 参照：
+- [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) - RESTful HTTP+JSON APIを構築するための有用なリソースの集まり。
+
+
 ---
 
 # コントリビュート (Contribution)
diff --git a/README-ko.md b/README-ko.md
index d842c06..f094433 100644
--- a/README-ko.md
+++ b/README-ko.md
@@ -56,5 +56,11 @@ API를 설계하고 테스트하고 배포할 때 고려해야 할 중요한 보
 
 ---
 
-# Contribution
-Feel free to contribute, fork -> edit -> submit pull request. For any questions drop us an email at team@shieldfy.io.
+## 참조 :
+- [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) - RESTful HTTP+JSON API를 빌드하는 데 유용한 자원의 콜렉션.
+
+
+---
+
+# 기여하는
+Feel free to contribute by forking this repository, making some changes, and submitting pull requests. For any questions drop us an email at `team@shieldfy.io`.
diff --git a/README-mn.md b/README-mn.md
index c111d1c..f066f41 100644
--- a/README-mn.md
+++ b/README-mn.md
@@ -63,6 +63,12 @@ API гаргах, загварчлах, тестлэхэд аюулгүйн та
 - [ ] Ямар ч үед deploy хийхэд амар шийдэл гаргах.
 
 
+---
+
+## Мөн үзнэ үү:
+- [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) - RESTful HTTP+JSON API-г бүтээхэд хэрэгтэй нөөцүүдийн цуглуулга.
+
+
 ---
 
 # Оролцоо
diff --git a/README-nl.md b/README-nl.md
index f4816be..1de7a43 100644
--- a/README-nl.md
+++ b/README-nl.md
@@ -63,6 +63,12 @@ Checklist met de belangrijkste tegenmaatregelen bij het ontwerpen, testen en uit
 - [ ] Ontwikkel een terugrol oplossing.
 
 
+---
+
+## Zie ook:
+- [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) - Een verzameling nuttige bronnen voor het bouwen van RESTful HTTP+JSON API's.
+
+
 ---
 
 Translation by | Vertaling door :[S.Holzhauer](https://github.com/SHolzhauer)
diff --git a/README-pt_BR.md b/README-pt_BR.md
index ed2eb31..997cfdc 100644
--- a/README-pt_BR.md
+++ b/README-pt_BR.md
@@ -63,6 +63,12 @@ Lista das mais importantes medidas de segurança para o desenvolvimento, teste e
 - [ ] Implemente funcionalidade de reversão de _deploy_ (_rollback_).
 
 
+---
+
+## Veja também:
+- [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) - Uma coleção de recursos úteis para a construção de API RESTful HTTP+JSON.
+
+
 ---
 
 # Contribuindo
diff --git a/README-ru.md b/README-ru.md
index 7c0962f..999ab84 100644
--- a/README-ru.md
+++ b/README-ru.md
@@ -63,6 +63,12 @@
 - [ ] Создайте решение отката для развертывания.
 
 
+---
+
+## Смотрите также:
+- [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) - Сбор полезных ресурсов для создания RESTful HTTP+JSON API.
+
+
 ---
 
 # Вклад
diff --git a/README-th.md b/README-th.md
index 7dee3f2..6e012de 100644
--- a/README-th.md
+++ b/README-th.md
@@ -62,6 +62,12 @@ Checklist ที่ต้องให้ความสำคัญเมื่
 - [ ] ออกแบบวิธี rollback ไว้ด้วยก่อนจะนำขึ้นไป เพราะเวลาเกิดปัญหาจะได้ย้อนกลับมาใช้ version เก่าไปก่อนได้ (อาจพบได้บ่อยตอนพัฒนา feature ใหม่ๆ)
 
 
+---
+
+## ดูสิ่งนี้ด้วย:
+- [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) - ชุดของแหล่งข้อมูลที่เป็นประโยชน์สำหรับการสร้าง API RESTful HTTP+JSON.
+
+
 ---
 
 # Contribution
diff --git a/README-tr.md b/README-tr.md
index 2046ae6..f203d1d 100644
--- a/README-tr.md
+++ b/README-tr.md
@@ -63,6 +63,12 @@ API'nizi tasarlarken, test ederken ve yayınlarken en önemli güvenlik önlemle
 - [ ] Dağıtımlar için bir geri yükleme çözümü tasarlayın.
 
 
+---
+
+## Ayrıca bakınız:
+- [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) - RESTful HTTP+JSON API'leri oluşturmak için kullanışlı kaynakların bir koleksiyonu.
+
+
 ---
 
 # Destek
diff --git a/README-uk.md b/README-uk.md
index 01adba4..7fa04ae 100644
--- a/README-uk.md
+++ b/README-uk.md
@@ -63,6 +63,12 @@
 - [ ] Створіть рішення відкату для розгортання.
 
 
+---
+
+## Дивись також:
+- [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) - Набір корисних ресурсів для створення RESTful HTTP+JSON API.
+
+
 ---
 
 # Вклад
diff --git a/README-vi.md b/README-vi.md
index d5162d5..e2531c8 100644
--- a/README-vi.md
+++ b/README-vi.md
@@ -63,6 +63,12 @@ Những giải pháp an toàn và cách khắc phục khi thiết kế, kiểm t
 - [ ] Thiết kế một giải pháp rollback (quản lý dữ liệu) cho việc triển khai.
 
 
+---
+
+## Xem thêm:
+- [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) - Tập hợp các tài nguyên hữu ích để xây dựng API RESTful HTTP+JSON.
+
+
 ---
 
 # Đóng góp
diff --git a/README-zh.md b/README-zh.md
index 880597c..33fd48d 100644
--- a/README-zh.md
+++ b/README-zh.md
@@ -65,5 +65,11 @@
 
 ---
 
-# Contribution
+## 也可以看看：
+- [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) - 用于构建RESTful HTTP+JSON API的有用资源集合。
+
+
+---
+
+# 贡献
 为此存储库创建一个 fork, 进行修改, 并提交 pull request 来贡献. 如果您有任何问题, 请发送邮件至 `team@shieldfy.io`.
diff --git a/README.md b/README.md
index 029b331..7b11cb0 100644
--- a/README.md
+++ b/README.md
@@ -63,6 +63,12 @@ Checklist of the most important security countermeasures when designing, testing
 - [ ] Design a rollback solution for deployments.
 
 
+---
+
+## See also:
+- [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) - A collection of useful resources for building RESTful HTTP+JSON APIs.
+
+
 ---
 
 # Contribution

From b82d48088b5e29c3cbb695fd7e148677d9a32ac0 Mon Sep 17 00:00:00 2001
From: Matheus Fidelis <msfidelis@users.noreply.github.com>
Date: Tue, 15 Aug 2017 15:56:19 -0300
Subject: [PATCH 024/149] Code Review

---
 README.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index bea2334..e2b63c6 100644
--- a/README.md
+++ b/README.md
@@ -61,10 +61,10 @@ Checklist of the most important security countermeasures when designing, testing
 - [ ] Design a rollback solution for deployments.
 
 ## Monitoring
-- [ ] Use centralized loggins for all services and components.
+- [ ] Use centralized log-ins for all services and components.
 - [ ] Use agents to monitoring all trafic, errors, requests and responses.
 - [ ] Use alerts for SMS, Slack, Email, Telegram, Kibana, Cloudwatch e etc.
-- [ ] Check if you don't log sensetive data like Credid Cards, Passwords and PIN's.
+- [ ] Check if you don't log sensitive data like Credit Cards, Passwords and PINs.
 - [ ] Use an IDS or/and IPS system to monitoring your API requests and instances. 
 
 

From 7ee1a27d5ca8d176bbd304ce93c508ab8724a707 Mon Sep 17 00:00:00 2001
From: "Mr.Buzz" <mr.thinhbuzz@gmail.com>
Date: Thu, 17 Aug 2017 14:25:58 +0700
Subject: [PATCH 025/149] Change for vietnamese developer

---
 README-vi.md | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/README-vi.md b/README-vi.md
index e2531c8..a46f858 100644
--- a/README-vi.md
+++ b/README-vi.md
@@ -34,13 +34,13 @@ Những giải pháp an toàn và cách khắc phục khi thiết kế, kiểm t
 - [ ] Xác nhận dữ liệu `content-type` ở mỗi tiêu đề (Content Negotiation) chỉ cho phép những định dạng được hỗ trợ (chẳng hạn như. `application/xml`, `application/json`, vv) và phản hồi `406 Not Acceptable` nếu không khớp.
 - [ ] Xác nhận dữ liệu `content-type` được chấp nhận khi gửi lên (chẳng hạn như. `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json`, vv).
 - [ ] Xác nhận đầu vào dữ liệu người dùng để tránh các lỗ hổng phổ biến (chẳng hạn như. `XSS`, `SQL-Injection`, `Remote Code Execution`, vv).
-- [ ] Không sử dụng các dữ liệu nhạy cảm như (`credentials`, `Passwords`, `security tokens`, or `API keys`) tại URL, tuy nhiên có thể sử dụng các tiêu đề xác thực.
-- [ ] Sử dụng các dịch vụ API Gateway để bật bộ nhớ cache, Rate Limit policies (chẳng hạng như. `Quota`, `Spike Arrest`, `Concurrent Rate Limit`) và triển khai tài nguyên APIs một cách năng động.
+- [ ] Không sử dụng các dữ liệu nhạy cảm như (`credentials`, `Passwords`, `security tokens`, or `API keys`) tại URL, tuy nhiên có thể sử dụng header Authorization để xác thực.
+- [ ] Sử dụng các dịch vụ API Gateway để bật bộ nhớ cache, Rate Limit policies (chẳng hạng như. `Quota`, `Spike Arrest`, `Concurrent Rate Limit`) và deploy APIs resources linh động hơn.
 
 ## Processing
 - [ ] Kiểm tra các điểm đầu cuối đều được bảo vệ để tránh các tiến trình xác thực bị hỏng.
 - [ ] Nên tránh việc sử dụng ID của tài nguyên. Sử dụng `/me/orders` thay vì `/user/654321/orders`.
-- [ ] Không tự động tăng ID. Sử dụng UUID để thay thế..
+- [ ] Không tự động tăng ID. Sử dụng UUID để thay thế.
 - [ ] Nếu bạn muốn phân tích các tập tin XML, hãy chắc chắn các phần tử không được bật để tránh `XXE` (XML tấn công thực thể từ bên ngoài).
 - [ ] Nếu bạn muốn phân tích các tập tin XML, đảm bảo việc mở rộng thực thể không được kích hoạt để tránh để tránh `Billion Laughs/XML bomb` qua việc tấn công.
 - [ ] Sử dụng CDN để tải lên tệp tin.
@@ -48,13 +48,13 @@ Những giải pháp an toàn và cách khắc phục khi thiết kế, kiểm t
 - [ ] Đừng quên tắt chế độ DEBUG.
 
 ## Output
-- [ ] Gửi `X-Content-Type-Options: nosniff` ở tiêu đề.
-- [ ] Gửi `X-Frame-Options: deny` ở tiêu đề.
-- [ ] Gửi `Content-Security-Policy: default-src 'none'` ở tiêu đề.
-- [ ] Gỡ các thông tin về tiêu đề dấu vân tay - `X-Powered-By`, `Server`, `X-AspNet-Version` vv.
-- [ ] Phản hồi bắt buộc có thông tin `content-type`, nếu bạn trả về `application/json` thì phản hồi `content-type` của bạn sẽ là `application/json`.
+- [ ] Thêm `X-Content-Type-Options: nosniff` vào response headers.
+- [ ] Thêm `X-Frame-Options: deny` vào response headers.
+- [ ] Thêm `Content-Security-Policy: default-src 'none'` vào response headers.
+- [ ] Loại bỏ các header chứa thông tin nhạy cảm như phiên bản web server, ví dụ: `X-Powered-By`, `Server`, `X-AspNet-Version`, v.v...
+- [ ] Bắt buộc có `content-type` trong response headers, nếu bạn trả về `application/json` thì header `content-type` sẽ có  giá trị `application/json`.
 - [ ] Không gửi các thông tin nhạy cảm như `credentials`, `Passwords`, `security tokens`.
-- [ ] Trả về mã trạng thái tương ứng với hành động đã hoàn thành. (chẳng hạn. `200 OK`, `400 Không đúng định dạng`, `401 Chưa xác thực`, `405 Phương thức không được phép`, vv).
+- [ ] Trả về status code tương ứng với hành động đã hoàn thành. (chẳng hạn. `200 OK`, `400 Bad Request`, `401 Unauthorized`, 405 `Method Not Allowed`, v.v...).
 
 ## CI & CD ( Tích hợp và triển khai liên tục)
 - [ ] Kiểm tra thiết kế và thực hiện đầy đủ việc test với unit/integration.

From c370c01e1eaaaf75c033c17434bd617d06706129 Mon Sep 17 00:00:00 2001
From: avicoder <avinash.mankoo@gmail.com>
Date: Mon, 9 Oct 2017 12:29:00 +0530
Subject: [PATCH 026/149] Create README-hi.md

---
 README-hi.md | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 README-hi.md

diff --git a/README-hi.md b/README-hi.md
new file mode 100644
index 0000000..8b13789
--- /dev/null
+++ b/README-hi.md
@@ -0,0 +1 @@
+

From dbf63dc9a4e82f32c9801a8237938845a91bad40 Mon Sep 17 00:00:00 2001
From: avicoder <avinash.mankoo@gmail.com>
Date: Mon, 9 Oct 2017 14:43:04 +0530
Subject: [PATCH 027/149] Document in Hindi Language

---
 README-hi.md | 71 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 71 insertions(+)

diff --git a/README-hi.md b/README-hi.md
index 8b13789..5585ab8 100644
--- a/README-hi.md
+++ b/README-hi.md
@@ -1 +1,72 @@
+# API सुरक्षा जांच-सूची
+
+अपने एपीआई को डिजाइन करने, परीक्षण करने और जारी करने के दौरान सबसे महत्वपूर्ण सुरक्षा प्रतिवाद की जांच सूची|
+
+---
+
+## प्रमाणीकरण (Authentication)
+
+- [ ] `बेसिक एथ` का उपयोग मानक प्रमाणन का उपयोग न करें (जैसे [JWT](https://jwt.io/), [OAuth](https://oauth.net/))।
+- [ ] `प्रमाणीकरण`, `टोकन पीढ़ी`, `पासवर्ड भंडारण` में पहिया को फिर से न बदलें। मानकों का उपयोग करें।
+- [ ] लॉग इन में `मैक्स पुन: प्रयास`  और `जेल` सुविधाओं का उपयोग करें।
+- [ ] सभी संवेदनशील डेटा पर एन्क्रिप्शन का उपयोग करें।
+
+## JWT (JSON वेब टोकन)
+- [ ] एक यादृच्छिक जटिल कुंजी (`JWT सीक्रेट`) का प्रयोग करें ताकि Brute force करने के लिए टोकन बहुत कठिन हो।
+- [ ] पेलोड से एल्गोरिदम न निकालें। बैकएण्ड (`HS256` या `RS256`) में एल्गोरिथम को बल दें।
+- [ ] टोकन की समाप्ति (`टीटीएल`, `आरटीटीएल`) को यथासंभव कम करें।
+- [ ] JWT पेलोड में संवेदनशील डेटा को संचित न करें, इसे [आसानी](https://jwt.io/#debugger-io) से डिकोड किया जा सकता है।
+
+## OAuth
+- [ ] केवल व्हाइटलिस्ट किए गए URL को अनुमति देने के लिए हमेशा `redirect_uri` सर्वर-पक्ष को मान्य करें।
+- [ ] हमेशा कोड के लिए आदान-प्रदान करने की कोशिश नहीं करें और टोकन न दें (`response_type=token` की अनुमति न दें)
+- [ ] OAuth प्रमाणीकरण प्रक्रिया पर CSRF को रोकने के लिए एक यादृच्छिक हैश के साथ `state` पैरामीटर का उपयोग करें।
+- [ ] डिफ़ॉल्ट स्कोप को परिभाषित करें, और प्रत्येक एप्लिकेशन के लिए स्कोप मापदंडों को मान्य करें।
+
+## Access
+- [ ] DDOS / ब्रूट-फॉरेस्ट हमलों से बचने के लिए सीमा अनुरोध (थ्रोटलिंग)
+- [ ] MITM (मैन इन द मिडल अटैक) से बचने के लिए सर्वर साइड पर HTTPS का उपयोग करें।
+- [ ] SSL strip हमले से बचने के लिए SSL के साथ HSTS हैडर का उपयोग करें
+ 
+## Input
+- [ ] ऑपरेशन के अनुसार उचित HTTP विधि का प्रयोग करें: अनुरोधित विधि है, अगर `GET (पढ़ें)`, `पोस्ट (बनाएं)`, `पुट / पैच (प्रतिस्थापित / अद्यतन)`, और `हटाएं (रिकॉर्ड को हटाने के लिए)`, और `405 Method Not Allowed` के साथ प्रतिक्रिया न दें अनुरोधित संसाधन के लिए उचित नहीं है
+- [ ] अनुरोध पर `content-type` मान्य करें केवल अपने समर्थित प्रारूप (जैसे `application/xml`, `application/json`, आदि) को अनुमति देने के लिए हेडर (सामग्री वार्ता-Content Negotiation) स्वीकार करें और `406 Not Acceptable` करें यदि स्वीकार्य न हो तो।
+- [ ] जैसा कि आप स्वीकार करते हैं, उतनी ही पोस्ट की गई  `content-type` की पुष्टि करें (जैसे `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json`,  इत्यादि)।
+- [ ] सामान्य कमजोरियों (जैसे `XSS`, `SQL-Injection`, `Remote Code Execution`, आदि) से बचने के लिए उपयोगकर्ता इनपुट मान्य करें।
+- [ ] URL में किसी भी संवेदनशील डेटा (`credentials`, `Passwords`, `security tokens`, या  `API keys`) का उपयोग न करें, लेकिन मानक प्राधिकरण शीर्ष लेख का उपयोग करें।
+- [ ] कैशिंग, दर सीमा नीतियों (`Quota`, `Spike Arrest`, `Concurrent Rate Limit`) को सक्षम करने के लिए एपीआई गेटवे सेवा का उपयोग करें और गतिशील रूप से API संसाधनों की तैनाती करें।
+
+## Processing
+- [ ] जांचें कि क्या सभी समापन बिंदुओं को टूटा प्रमाणीकरण प्रक्रिया से बचने के लिए प्रमाणीकरण के पीछे सुरक्षित किया गया है या नहीं।
+- [ ] उपयोगकर्ता के स्वयं के संसाधन आईडी से बचना चाहिए। `/user/654321/orders` के बजाय `/me/orders` का उपयोग करें।
+- [ ] auto-increment आईडी न करें। बजाय यूयूआईडी का प्रयोग करें।
+- [ ] यदि आप XML फ़ाइलों को पार्स कर रहे हैं, तो सुनिश्चित करें कि इकाई पार्सिंग XXE (XML external entity attack) से बचने के लिए सक्षम है।
+- [ ] यदि आप XML फ़ाइलों को पार्स कर रहे हैं, तो सुनिश्चित करें कि `Billion Laughs/XML bomb` (exponential entity expansion attack) के हमले से बचने के लिए सक्षम  है।
+- [ ] फ़ाइल अपलोड के लिए CDN का उपयोग करें।
+- [ ] यदि आप बड़ी मात्रा में डेटा के साथ काम कर रहे हैं, तो Workers और Queues का उपयोग पृष्ठभूमि में यथासंभव प्रक्रिया करने के लिए और HTTP अवरोधन(Blocking) से बचने के लिए तेज़ी से return response करें।
+- [ ] DEBUG मोड बंद करने के लिए मत भूलना।
+ 
+ ## Output
+- [ ] `X-Content-Type-Options: nosniff` हेडर भेजें।
+- [ ] `X-Frame-Options: deny`हेडर भेजें।
+- [ ] `Content-Security-Policy: default-src 'none'`हेडर भेजें।
+- [ ] `X-Powered-By`, `Server`, `X-AspNet-Version` फिंगरप्रिंटिंग हेडर हटाएं।
+- [ ]  आपकी प्रतिक्रिया के लिए `content-type` को बल दें, यदि आप `application/json` वापस करते हैं तो आपकी प्रतिक्रिया `content-type` `application/json` है।
+- [ ] `credentials`, `Passwords`, `security tokens` जैसे संवेदनशील डेटा वापस न करें।
+ ऑपरेशन के अनुसार उचित स्थिति कोड वापस करें। (जैसे `200 OK`, `400 Bad Request`, `401 Unauthorized`, `405 Method Not Allowed`, आदि)।
+ 
+ ## CI & CD
+- [ ] unit/integration परीक्षण कवरेज के साथ अपने डिजाइन और कार्यान्वयन की जांच करें।
+- [ ] कोड समीक्षा प्रक्रिया का उपयोग करें और स्वयं-स्वीकृति की उपेक्षा करें।
+- [ ] सुनिश्चित करें कि आपकी सेवाओं के सभी components को AV सॉफ्टवेयर द्वारा स्कैन करने से पहले उत्पादक को push. vendor libraries और अन्य dependencies शामिल हैं।
+- [ ] तैनाती के लिए एक रोलबैक समाधान तैयार करें।
+ 
+ 
+## यह भी देखें:
+
+[yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) RESTful HTTP+JSON APIs  के निर्माण के लिए उपयोगी संसाधनों का संग्रह।
+
+## योगदान
+इस रिपोजिटरी contribute , कुछ बदलाव करने और pull request सबमिट करने में योगदान करने के लिए स्वतंत्र महसूस करें। किसी भी प्रश्न के लिए हमें team@shieldfy.io पर एक ईमेल है।
+
 

From 65cef2615c9d3832f155799cec7056fdd415320b Mon Sep 17 00:00:00 2001
From: Caleb Mazalevskis <maikuolan@gmail.com>
Date: Mon, 9 Oct 2017 17:37:08 +0800
Subject: [PATCH 028/149] Sync

---
 README-de.md    |  2 +-
 README-es.md    |  2 +-
 README-fr.md    |  2 +-
 README-hi.md    | 25 ++++++++++++++-----------
 README-id.md    |  2 +-
 README-it.md    |  2 +-
 README-ja.md    |  4 ++--
 README-jp.md    |  2 +-
 README-ko.md    |  2 +-
 README-mn.md    |  2 +-
 README-nl.md    |  2 +-
 README-pt_BR.md |  2 +-
 README-ru.md    |  2 +-
 README-th.md    |  6 +++---
 README-tr.md    |  2 +-
 README-uk.md    |  2 +-
 README-vi.md    |  2 +-
 README-zh.md    |  2 +-
 README.md       |  2 +-
 19 files changed, 35 insertions(+), 32 deletions(-)

diff --git a/README-de.md b/README-de.md
index 098f12b..a720e26 100644
--- a/README-de.md
+++ b/README-de.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md)
+[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md)
 
 # API Security Checkliste
 Checkliste für die wichtigsten Sicherheitsmaßnahmen beim Designen, Testen und Veröffentlichen deiner API.
diff --git a/README-es.md b/README-es.md
index b088911..e916563 100644
--- a/README-es.md
+++ b/README-es.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md)
+[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md)
 
 # Lista de seguridad en APIs
 Lista de las contramedidas de seguridad más importantes en cuanto al diseño, testing y publicación de tu API.
diff --git a/README-fr.md b/README-fr.md
index 20dcc47..2a7ef02 100644
--- a/README-fr.md
+++ b/README-fr.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md)
+[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md)
 
 # API Security Checklist
 Checklist des points de sécurité les plus importants lors de la conception, du test et de la mise en production de votre API.
diff --git a/README-hi.md b/README-hi.md
index 5585ab8..e5d30ed 100644
--- a/README-hi.md
+++ b/README-hi.md
@@ -1,18 +1,19 @@
-# API सुरक्षा जांच-सूची
+[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md)
 
+# API सुरक्षा जांच-सूची
 अपने एपीआई को डिजाइन करने, परीक्षण करने और जारी करने के दौरान सबसे महत्वपूर्ण सुरक्षा प्रतिवाद की जांच सूची|
 
+
 ---
 
 ## प्रमाणीकरण (Authentication)
-
 - [ ] `बेसिक एथ` का उपयोग मानक प्रमाणन का उपयोग न करें (जैसे [JWT](https://jwt.io/), [OAuth](https://oauth.net/))।
 - [ ] `प्रमाणीकरण`, `टोकन पीढ़ी`, `पासवर्ड भंडारण` में पहिया को फिर से न बदलें। मानकों का उपयोग करें।
 - [ ] लॉग इन में `मैक्स पुन: प्रयास`  और `जेल` सुविधाओं का उपयोग करें।
 - [ ] सभी संवेदनशील डेटा पर एन्क्रिप्शन का उपयोग करें।
 
 ## JWT (JSON वेब टोकन)
-- [ ] एक यादृच्छिक जटिल कुंजी (`JWT सीक्रेट`) का प्रयोग करें ताकि Brute force करने के लिए टोकन बहुत कठिन हो।
+- [ ] एक यादृच्छिक जटिल कुंजी (`JWT सीक्रेट`) का प्रयोग करें ताकि brute force करने के लिए टोकन बहुत कठिन हो।
 - [ ] पेलोड से एल्गोरिदम न निकालें। बैकएण्ड (`HS256` या `RS256`) में एल्गोरिथम को बल दें।
 - [ ] टोकन की समाप्ति (`टीटीएल`, `आरटीटीएल`) को यथासंभव कम करें।
 - [ ] JWT पेलोड में संवेदनशील डेटा को संचित न करें, इसे [आसानी](https://jwt.io/#debugger-io) से डिकोड किया जा सकता है।
@@ -27,7 +28,7 @@
 - [ ] DDOS / ब्रूट-फॉरेस्ट हमलों से बचने के लिए सीमा अनुरोध (थ्रोटलिंग)
 - [ ] MITM (मैन इन द मिडल अटैक) से बचने के लिए सर्वर साइड पर HTTPS का उपयोग करें।
 - [ ] SSL strip हमले से बचने के लिए SSL के साथ HSTS हैडर का उपयोग करें
- 
+
 ## Input
 - [ ] ऑपरेशन के अनुसार उचित HTTP विधि का प्रयोग करें: अनुरोधित विधि है, अगर `GET (पढ़ें)`, `पोस्ट (बनाएं)`, `पुट / पैच (प्रतिस्थापित / अद्यतन)`, और `हटाएं (रिकॉर्ड को हटाने के लिए)`, और `405 Method Not Allowed` के साथ प्रतिक्रिया न दें अनुरोधित संसाधन के लिए उचित नहीं है
 - [ ] अनुरोध पर `content-type` मान्य करें केवल अपने समर्थित प्रारूप (जैसे `application/xml`, `application/json`, आदि) को अनुमति देने के लिए हेडर (सामग्री वार्ता-Content Negotiation) स्वीकार करें और `406 Not Acceptable` करें यदि स्वीकार्य न हो तो।
@@ -45,7 +46,7 @@
 - [ ] फ़ाइल अपलोड के लिए CDN का उपयोग करें।
 - [ ] यदि आप बड़ी मात्रा में डेटा के साथ काम कर रहे हैं, तो Workers और Queues का उपयोग पृष्ठभूमि में यथासंभव प्रक्रिया करने के लिए और HTTP अवरोधन(Blocking) से बचने के लिए तेज़ी से return response करें।
 - [ ] DEBUG मोड बंद करने के लिए मत भूलना।
- 
+
  ## Output
 - [ ] `X-Content-Type-Options: nosniff` हेडर भेजें।
 - [ ] `X-Frame-Options: deny`हेडर भेजें।
@@ -54,19 +55,21 @@
 - [ ]  आपकी प्रतिक्रिया के लिए `content-type` को बल दें, यदि आप `application/json` वापस करते हैं तो आपकी प्रतिक्रिया `content-type` `application/json` है।
 - [ ] `credentials`, `Passwords`, `security tokens` जैसे संवेदनशील डेटा वापस न करें।
  ऑपरेशन के अनुसार उचित स्थिति कोड वापस करें। (जैसे `200 OK`, `400 Bad Request`, `401 Unauthorized`, `405 Method Not Allowed`, आदि)।
- 
+
  ## CI & CD
 - [ ] unit/integration परीक्षण कवरेज के साथ अपने डिजाइन और कार्यान्वयन की जांच करें।
 - [ ] कोड समीक्षा प्रक्रिया का उपयोग करें और स्वयं-स्वीकृति की उपेक्षा करें।
 - [ ] सुनिश्चित करें कि आपकी सेवाओं के सभी components को AV सॉफ्टवेयर द्वारा स्कैन करने से पहले उत्पादक को push. vendor libraries और अन्य dependencies शामिल हैं।
 - [ ] तैनाती के लिए एक रोलबैक समाधान तैयार करें।
- 
- 
-## यह भी देखें:
 
+
+---
+
+## यह भी देखें:
 [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) RESTful HTTP+JSON APIs  के निर्माण के लिए उपयोगी संसाधनों का संग्रह।
 
-## योगदान
-इस रिपोजिटरी contribute , कुछ बदलाव करने और pull request सबमिट करने में योगदान करने के लिए स्वतंत्र महसूस करें। किसी भी प्रश्न के लिए हमें team@shieldfy.io पर एक ईमेल है।
 
+---
 
+## योगदान
+इस रिपोजिटरी contribute, कुछ बदलाव करने और pull request सबमिट करने में योगदान करने के लिए स्वतंत्र महसूस करें। किसी भी प्रश्न के लिए हमें `team@shieldfy.io` पर एक ईमेल है।
diff --git a/README-id.md b/README-id.md
index c0ff541..89d8b81 100644
--- a/README-id.md
+++ b/README-id.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md)
+[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md)
 
 # Checklist Keamanan API
 Checklist penanggulangan keamanan yang paling penting ketika merancang, menguji, dan melepaskan API ke khalayak
diff --git a/README-it.md b/README-it.md
index 30d1b8e..b5766b6 100644
--- a/README-it.md
+++ b/README-it.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md)
+[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md)
 
 # Checklist per la sicurezza delle API
 Una checklist per le più importanti contromisure da mettere in pratica quando strutturiamo, testiamo e rilasciamo le nostre API.
diff --git a/README-ja.md b/README-ja.md
index b40ee05..5239449 100644
--- a/README-ja.md
+++ b/README-ja.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md)
+[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md)
 
 # APIセキュリティチェックリスト
 APIを設計、テスト、リリースするときの最も重要なセキュリティ対策のチェックリスト
@@ -33,7 +33,7 @@ APIを設計、テスト、リリースするときの最も重要なセキュ
 - [ ] 操作に準じて適切なHTTPメソッドを利用する、`GET (読み込み)`、`POST (作成)`、`PUT/PATCH (置き換え/更新)`、`DELETE (単一レコードの削除)。もし要求されたメソッドがリソースに存在しない場合は `405 Method Not Allowed` を返却する。
 - [ ] リクエストのAcceptヘッダ (Content Negotiation) の `content-type` を検証し、サポートしているフォーマットのみを許可し (例: `application/xml`、`application/json` 等)、もし合致しなければ `406 Not Acceptable` レスポンスを応答する。
 - [ ] 受け取るPOSTされたデータの`content-type` を検証する (例: `application/x-www-form-urlencoded`、`multipart/form-data ,application/json` 等)。
-- [ ] 一般的な脆弱性を避けるためユーザ入力を検証する (例: `XSS`, `SQLインジェクション` , `リモートコード実行` 等)。
+- [ ] 一般的な脆弱性を避けるためユーザ入力を検証する (例: `XSS`, `SQLインジェクション`, `リモートコード実行` 等)。
 - [ ] URL中で機密データ (`クレデンシャル`、`パスワード`、`セキュリティトークン`) を利用せず、標準的な認証ヘッダで利用する。
 - [ ] キャッシュ、レート制限、スパイク阻止、そしてAPIリソースのデプロイを動的に行うため、APIゲートウェイサービスを利用する。
 
diff --git a/README-jp.md b/README-jp.md
index b206e90..364aa16 100644
--- a/README-jp.md
+++ b/README-jp.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md)
+[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md)
 
 # API Security Checklist
 これはAPIの設計, テスト, リリース時における、重要なセキュリティ対策チェックリストです。
diff --git a/README-ko.md b/README-ko.md
index f094433..92e0deb 100644
--- a/README-ko.md
+++ b/README-ko.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md)
+[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md)
 
 # API 보안 체크리스트
 API를 설계하고 테스트하고 배포할 때 고려해야 할 중요한 보안 대책 체크리스트입니다.
diff --git a/README-mn.md b/README-mn.md
index f066f41..b64f44e 100644
--- a/README-mn.md
+++ b/README-mn.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [हिंदी](./README-hi.md)
 
 # API Аюулгүйн жагсаалт
 API гаргах, загварчлах, тестлэхэд аюулгүйн талаас авах сөрөг арга хэмжээний жагсаалт
diff --git a/README-nl.md b/README-nl.md
index 1de7a43..2b70fd4 100644
--- a/README-nl.md
+++ b/README-nl.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md)
+[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md)
 
 # API Security Checklist
 Checklist met de belangrijkste tegenmaatregelen bij het ontwerpen, testen en uitbrengen van een API.
diff --git a/README-pt_BR.md b/README-pt_BR.md
index 997cfdc..d29b986 100644
--- a/README-pt_BR.md
+++ b/README-pt_BR.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [中文版](./README-zh.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md)
+[English](./README.md) | [中文版](./README-zh.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md)
 
 # API Security Checklist
 Lista das mais importantes medidas de segurança para o desenvolvimento, teste e publicação da sua API.
diff --git a/README-ru.md b/README-ru.md
index 999ab84..06cb64e 100644
--- a/README-ru.md
+++ b/README-ru.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md)
+[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md)
 
 # Контрольный список безопасности API
 Контрольный список наиболее важных контрмер безопасности при разработке, тестировании и выпуске вашего API.
diff --git a/README-th.md b/README-th.md
index 6e012de..cf27470 100644
--- a/README-th.md
+++ b/README-th.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md)
+[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md)
 
 # API Security Checklist
 Checklist ที่ต้องให้ความสำคัญเมื่อมีการสร้าง API ในช่วงการออกแบบ ทดสอบระบบ และการปล่อยให้คนนอกใช้
@@ -33,8 +33,8 @@ Checklist ที่ต้องให้ความสำคัญเมื่
 - [ ] ใช้คำสั่ง HTTP ตาม operation ที่ทำ เช่น `GET (read)`, `POST (create)`, `PUT/PATCH (replace/update)` and `DELETE (to delete a record)` และตอบกลับด้วย `405 Method Not Allowed` ถ้าไม่มีการรองรับ request ด้วย method นั้นในระบบ.
 - [ ] Validate `content-type` ใน header ขา request (Content Negotiation) โดยยอมให้ส่งมาเฉพาะ format ที่กำหนด (e.g. `application/xml`, `application/json`... และอื่นๆ) และตอบกลับด้วย `406 Not Acceptable` ถ้า format ที่ส่งมาไม่ถูก.
 - [ ] Validate `content-type` ของ data ที่รับมาทุกครั้ง(e.g. `application/x-www-form-urlencoded`, `multipart/form-data ,application/json`... ).
-- [ ] Validate ข้อมูลที่ user ใส่เข้ามาทุกครั้งเพื่อป้องกันช่องโหว่ที่โดนกันบ่อยๆ (e.g. `XSS`, `SQL-Injection` , `Remote Code Execution`... etc).
-- [ ] ห้ามเอาข้อมูลสำคัญไปใส่ไว้ใน URL (เช่น /servicexxx?creditcardnum=1234) แต่ให้ไปแปะไว้ใน authorization header แทน (`credentials` , `Passwords`, `security tokens`, or `API keys`)
+- [ ] Validate ข้อมูลที่ user ใส่เข้ามาทุกครั้งเพื่อป้องกันช่องโหว่ที่โดนกันบ่อยๆ (e.g. `XSS`, `SQL-Injection`, `Remote Code Execution` ... etc).
+- [ ] ห้ามเอาข้อมูลสำคัญไปใส่ไว้ใน URL (เช่น /servicexxx?creditcardnum=1234) แต่ให้ไปแปะไว้ใน authorization header แทน (`credentials`, `Passwords`, `security tokens`, or `API keys`)
 - [ ] ทำ API Gateway เพื่อให้สามารถทำ caching, Rate Limit, Spike Arrest, และการจัดสรรค์ทรัพยากรสำหรับ API ได้อย่างยืดหยุ่น
 
 ## Processing
diff --git a/README-tr.md b/README-tr.md
index f203d1d..22e9d80 100644
--- a/README-tr.md
+++ b/README-tr.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md)
+[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md)
 
 # API Güvenlik Kontrol Listesi
 API'nizi tasarlarken, test ederken ve yayınlarken en önemli güvenlik önlemlerinin kontrol listesi.
diff --git a/README-uk.md b/README-uk.md
index 7fa04ae..4423c04 100644
--- a/README-uk.md
+++ b/README-uk.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md)
+[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md)
 
 # Контрольний список безпеки API
 Контрольний список найбільш важливих контрзаходів безпеки при розробці, тестуванні та випуску вашого API.
diff --git a/README-vi.md b/README-vi.md
index a46f858..329b749 100644
--- a/README-vi.md
+++ b/README-vi.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Монгол](./README-mn.md)
+[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md)
 
 # Danh sách các giải pháp an toàn cho API
 Những giải pháp an toàn và cách khắc phục khi thiết kế, kiểm tra và phát hành API cho ứng dụng của bạn.
diff --git a/README-zh.md b/README-zh.md
index 33fd48d..d4c751c 100644
--- a/README-zh.md
+++ b/README-zh.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md)
+[English](./README.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md)
 
 # 开发安全的 API 所需要核对的清单
 以下是当你在设计, 测试以及发布你的 API 的时候所需要核对的重要安全措施.
diff --git a/README.md b/README.md
index 7b11cb0..eaf69cf 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,4 @@
-[中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md)
+[中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md)
 
 # API Security Checklist
 Checklist of the most important security countermeasures when designing, testing, and releasing your API.

From 98e53038144431c1ace82b19c6d68ebe71962dd1 Mon Sep 17 00:00:00 2001
From: Mauro Cicolella <mcicolella@libero.it>
Date: Fri, 20 Oct 2017 09:08:34 +0200
Subject: [PATCH 029/149] Update README-it.md - Fixed some typos

---
 README-it.md | 64 ++++++++++++++++++++++++++--------------------------
 1 file changed, 32 insertions(+), 32 deletions(-)

diff --git a/README-it.md b/README-it.md
index b5766b6..1aab042 100644
--- a/README-it.md
+++ b/README-it.md
@@ -7,60 +7,60 @@ Una checklist per le più importanti contromisure da mettere in pratica quando s
 ---
 
 ## Autenticazione
-- [ ] Non usare la `Basic Auth` Utilizzare piuttosto dei sistemi di identification standard (es. JWT, OAuth).
-- [ ] Non re-inventarsi sistemi di `Autenticazione`, `generazione token`, `salvtaggio password`. Utilizzare gli standard.
-- [ ] Use `Max Retry` and jail features in Login.
-- [ ] Utilizzare la criptazione per tutti i dati sensibili.
+- [ ] Non usare la `Basic Auth` Utilizzare piuttosto dei sistemi standard di identificazione (es. JWT, OAuth).
+- [ ] Non re-inventarsi sistemi di `autenticazione`, `generazione token`, `salvataggio password`. Utilizzare gli standard.
+- [ ] Utilizzare `Max Retry` e le jail features per il Login.
+- [ ] Utilizzare la cifratura per tutti i dati sensibili.
 
 ### JWT (JSON Web Token)
-- [ ] Use a random complicated key (`JWT Secret`) to make brute forcing the token very hard.
-- [ ] Don't extract the algorithm from the payload. Force the algorithm in the backend (`HS256` or `RS256`).
-- [ ] Make token expiration (`TTL`, `RTTL`) as short as possible.
-- [ ] Don't store sensitive data in the JWT payload, it can be decoded [easily](https://jwt.io/#debugger-io).
+- [ ] Utilizzare una chiave random complessa (`JWT Secret`) per rendere assai difficile il brute force del token.
+- [ ] Non ricavare l'algoritmo dal payload. Forzare l'algoritmo nel backend (`HS256` o `RS256`).
+- [ ] Rendere la scadenza del token (`TTL`, `RTTL`) il più breve possibile.
+- [ ] Non memorizzare dati sensibili nel payload JWT, può essere decodificato [facilmente](https://jwt.io/#debugger-io).
 
 ### OAuth
-- [ ] Validare sempre il valore di `redirect_uri` lato server permettendo solo url verificati in whitelist.
-- [ ] Always try to exchange for code and not tokens (non permettere `response_type=token`).
+- [ ] Validare sempre il valore di `redirect_uri` lato server permettendo solo url verificati nella whitelist.
+- [ ] Tentare sempre lo scambio attraverso il codice e non tramite token (non permettere `response_type=token`).
 - [ ] Utilizzare il parametro `state` con un hash random per prevenire il CSRF durante il processo di autenticazione OAuth.
-- [ ] Deinire lo scope di default e validare i parametri dello scope per ogni singola applicazione.
+- [ ] Definire lo scope di default e validare i parametri dello scope per ogni singola applicazione.
 
 ## Accesso
-- [ ] Limita la richieste (Throttling) per evitare attacchi DDoS o brute-force.
+- [ ] Limitare le richieste (Throttling) per evitare attacchi DDoS o brute-force.
 - [ ] Utilizzare il protocollo HTTPS per evitare attacchi MITM (Man In The Middle Attack).
 - [ ] Utilizzare l'header `HSTS` per evitare attacchi SSL Strip.
 
 ## Input
-- [ ] Utilizza il metodo HTTP appropriato in base all'azione: `GET (lettura)`, `POST (scrittura)`, `PUT/PATCH (sostituzione/modifica)`, e `DELETE (cancellazione)`, e rispondi con uno status `405 Method Not Allowed` se il metodo della richiesta non è appropiato.
-- [ ] Valida il `content-type` rispetto all' Accept header (Content Negotiation) per permettere solo i formati supportati (es. `application/xml`, `application/json`, ecc.) e rispondi con un `406 Not Acceptable` se la response non coincide.
-- [ ] Valida il `content-type` in base alle strutture accettate (es. `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json`, etc).
+- [ ] Utilizzare il metodo HTTP appropriato in base all'azione: `GET (lettura)`, `POST (scrittura)`, `PUT/PATCH (sostituzione/modifica)`, e `DELETE (cancellazione)`, e rispondere con uno status `405 Method Not Allowed` se il metodo della richiesta non è appropriato.
+- [ ] Validare il `content-type` rispetto all' Accept header (Content Negotiation) per consentire solo i formati supportati (es. `application/xml`, `application/json`, ecc.) e rispondere con un `406 Not Acceptable` se la risposta non coincide.
+- [ ] Validare il `content-type` in base alle strutture accettate (es. `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json`, etc).
 - [ ] Validare sempre gli input dell'utente per evitare attacchi comuni (es. `XSS`, `SQL-Injection`, `Remote Code Execution`, ecc.).
-- [ ] Non utilizzare mai dati sensibili (`credenziali`, `password`, `security tokens`, o `API keys`) nell'url, utilizza piuttosto gli Authorization header.
-- [ ] Utilizza un gateway per abilitare il caching delle API, con sistema di controllo delle chiamate (es. `Quota`, `Spike Arrest`, `Concurrent Rate Limit`).
+- [ ] Non utilizzare mai dati sensibili (`credenziali`, `password`, `security tokens`, o `API keys`) nell'url, utilizzare piuttosto gli Authorization header.
+- [ ] Utilizzare un gateway per abilitare il caching delle API, con sistema di controllo delle chiamate (es. `Quota`, `Spike Arrest`, `Concurrent Rate Limit`).
 
 ## Processing
-- [ ] Verifica che tutti gli endpoints siano protetti dal sistema di autenticazione, per evitare eventuli falle.
-- [ ] L'ID dell'utente attuale andrebbe sempre evitato nelle url. Utilizzare ad esempio `/me/orders` piuttosto che `/user/654321/orders`.
-- [ ] Non auto incrementare un ID. Utilizza piuttosto un `UUID`.
+- [ ] Verificare che tutti gli endpoints siano protetti dal sistema di autenticazione, per evitare eventuali falle.
+- [ ] L'ID dell'utente corrente andrebbe sempre evitato nelle url. Utilizzare ad esempio `/me/orders` piuttosto che `/user/654321/orders`.
+- [ ] Non ricorrere all'autoincremento di un ID. Utilizzare piuttosto un `UUID`.
 - [ ] Se stai effettuando il parsing di un file XML, controlla che l'entity parsing non sia attiva per evitare `XXE` (XML external entity attack).
 - [ ] Se stai effettuando il parsing di un file XML, controlla che l'entity expansion non sia attiva per evitare il `Billion Laughs/XML bomb`.
-- [ ] Utilizza una CDN per l'upload dei file.
+- [ ] Utilizzare una CDN per l'upload dei file.
 - [ ] Se stai gestendo grandi moli di dati, utilizza Workers e Queues per processare i dati in background evitando che la chiamata HTTP vada in blocco.
 - [ ] Ricordarsi sempre di disattivare le eventuali modalità di DEBUG.
 
 ## Output
-- [ ] Invia l'header `X-Content-Type-Options: nosniff`.
-- [ ] Invia l'header `X-Frame-Options: deny`.
-- [ ] Invia l'header `Content-Security-Policy: default-src 'none'`.
-- [ ] Rimuovi header che permettono il riconoscimento - `X-Powered-By`, `Server`, `X-AspNet-Version` ecc.
-- [ ] Forza il `content-type` nella chiamata di risposta, se per esempio ritorni un `application/json` forza il `content-type` a `application/json`.
+- [ ] Inviare l'header `X-Content-Type-Options: nosniff`.
+- [ ] Inviare l'header `X-Frame-Options: deny`.
+- [ ] Inviare l'header `Content-Security-Policy: default-src 'none'`.
+- [ ] Rimuovere header che permettono il riconoscimento - `X-Powered-By`, `Server`, `X-AspNet-Version` ecc.
+- [ ] Forzare il `content-type` nella chiamata di risposta: se per esempio viene ritornato un `application/json` forzare il `content-type` a `application/json`.
 - [ ] Non ritornare mai dati sensibili come `credenziali`, `password`, `security tokens`.
-- [ ] Ritornare sempre lo status code corretto in base a come si è conclusa la chiamata. (es. `200 OK`, `400 Bad Request`, `401 Unauthorized`, `405 Method Not Allowed`, ecc).
+- [ ] Ritornare sempre lo status code corretto in base all'esito della chiamata. (es. `200 OK`, `400 Bad Request`, `401 Unauthorized`, `405 Method Not Allowed`, ecc).
 
 ## CI & CD
-- [ ] Verifica il tuo design attraverso gli unit/integration tests.
-- [ ] Definisci e utilizza una procedura di code review per il rilascio, evitando l'auto approvazione.
-- [ ] Verifica che tutti i componenti dei tuoi servizi siano controllati da software AV prima di essere messi in produzione, incluse le librerie di terze parti.
-- [ ] Definisci una strategia di rollback per il delpoy.
+- [ ] Verificare il design attraverso gli unit/integration tests.
+- [ ] Definire e utilizzare una procedura di code review per il rilascio, evitando l'auto approvazione.
+- [ ] Verificare che tutti i componenti dei servizi siano controllati da software AV prima di essere messi in produzione, incluse le librerie di terze parti.
+- [ ] Definire una strategia di rollback per il deploy.
 
 
 ---
@@ -72,4 +72,4 @@ Una checklist per le più importanti contromisure da mettere in pratica quando s
 ---
 
 # Contribuire
-Sentitivi liberi di contribuire a questo progetto facendo un fork, modificandolo e inviando una pull request. Per qualsiasi dubbio inviare un'email all'indirizzo: `team@shieldfy.io`.
+Siate liberi di contribuire a questo progetto facendo un fork, modificandolo e inviando una pull request. Per qualsiasi dubbio inviare un'email all'indirizzo: `team@shieldfy.io`.

From b2dad6588fd73fb57d6541e6f7382bcb80992aa4 Mon Sep 17 00:00:00 2001
From: Magicansk <30593595+magicansk@users.noreply.github.com>
Date: Mon, 30 Oct 2017 14:53:50 +0800
Subject: [PATCH 030/149] Create README-tw.md

Add Traditional Chinese Translation
---
 README-tw.md | 76 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 76 insertions(+)
 create mode 100644 README-tw.md

diff --git a/README-tw.md b/README-tw.md
new file mode 100644
index 0000000..ce8c931
--- /dev/null
+++ b/README-tw.md
@@ -0,0 +1,76 @@
+[簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md)  
+
+
+# 開發安全的 API 所需要核對的清單
+以下是當你在設計, 測試以及發佈你的 API 的時候所需要核對的重要安全措施.
+
+
+---
+
+## 身份認證
+- [ ] 不要使用 `Basic Auth` 使用標準的認證協議 (如 JWT, OAuth).
+- [ ] 不要再造 `Authentication`, `token generating`, `password storing` 這些輪子, 使用標準的.
+- [ ] 在登錄中使用 `Max Retry` 和自動封禁功能.
+- [ ] 加密所有的敏感數據.
+
+### JWT (JSON Web Token)
+- [ ] 使用隨機複雜的密鑰 (`JWT Secret`) 以增加暴力破解的難度.
+- [ ] 不要在請求體中直接提取數據, 要對數據進行加密 (`HS256` 或 `RS256`).
+- [ ] 使 token 的過期時間儘量的短 (`TTL`, `RTTL`).
+- [ ] 不要在 JWT 的請求體中存放敏感數據, 它是[可破解的](https://jwt.io/#debugger-io).
+
+### OAuth 授權或認證協議
+- [ ] 始終在後台驗證 `redirect_uri`, 只允許白名單的 URL.
+- [ ] 每次交換令牌的時候不要加 token (不允許 `response_type=token`).
+- [ ] 使用 `state` 參數並填充隨機的哈希數來防止跨站請求偽造(CSRF).
+- [ ] 對不同的應用分別定義默認的作用域和各自有效的作用域參數.
+
+## 訪問
+- [ ] 限制流量來防止 DDoS 攻擊和暴力攻擊.
+- [ ] 在服務端使用 HTTPS 協議來防止 MITM 攻擊.
+- [ ] 使用 `HSTS` 協議防止 SSLStrip 攻擊.
+
+## 輸入
+- [ ] 使用與操作相符的 HTTP 操作函數, `GET (讀取)`, `POST (創建)`, `PUT (替換/更新)` 以及 `DELETE (刪除記錄)`, 如果請求的方法不適用於請求的資源則返回 `405 Method Not Allowed`.
+- [ ] 在請求頭中的 `content-type` 欄位使用內容驗證來只允許支持的格式 (如 `application/xml`, `application/json` 等等) 並在不滿足條件的時候返回 `406 Not Acceptable`.
+- [ ] 驗證 `content-type` 的發佈數據和你收到的一樣 (如 `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json` 等等).
+- [ ] 驗證用戶輸入來避免一些普通的易受攻擊缺陷 (如 `XSS`, `SQL-注入`, `遠程代碼執行` 等等).
+- [ ] 不要在 URL 中使用任何敏感的數據 (`credentials`, `Passwords`, `security tokens`, or `API keys`), 而是使用標準的認證請求頭.
+- [ ] 使用一個 API Gateway 服務來啟用緩存、訪問速率限制 (如 `Quota`, `Spike Arrest`, `Concurrent Rate Limit`) 以及動態地部署 APIs resources.
+
+## 處理
+- [ ] 檢查是否所有的終端都在身份認證之後, 以避免被破壞了的認證體系.
+- [ ] 避免使用特有的資源 id. 使用 `/me/orders` 替代 `/user/654321/orders`
+- [ ] 使用 `UUID` 代替自增長的 id.
+- [ ] 如果需要解析 XML 文件, 確保實體解析(entity parsing)是關閉的以避免 `XXE` 攻擊.
+- [ ] 如果需要解析 XML 文件, 確保實體擴展(entity expansion)是關閉的以避免通過指數實體擴展攻擊實現的 `Billion Laughs/XML bomb`.
+- [ ] 在文件上傳中使用 CDN.
+- [ ] 如果需要處理大量的數據, 使用 Workers 和 Queues 來快速響應, 從而避免 HTTP 阻塞.
+- [ ] 不要忘了把 DEBUG 模式關掉.
+
+## 輸出
+- [ ] 發送 `X-Content-Type-Options: nosniff` 頭.
+- [ ] 發送 `X-Frame-Options: deny` 頭.
+- [ ] 發送 `Content-Security-Policy: default-src 'none'` 頭.
+- [ ] 刪除指紋頭 - `X-Powered-By`, `Server`, `X-AspNet-Version` 等等.
+- [ ] 在響應中強制使用 `content-type`, 如果你的類型是 `application/json` 那麼你的 `content-type` 就是 `application/json`.
+- [ ] 不要返回敏感的數據, 如 `credentials`, `Passwords`, `security tokens`.
+- [ ] 在操作結束時返回恰當的狀態碼. (如 `200 OK`, `400 Bad Request`, `401 Unauthorized`, `405 Method Not Allowed` 等等).
+
+## 持續整合和持續部署
+- [ ] 使用單元測試和整合測試來審計你的設計和實現.
+- [ ] 引入代碼審查流程, 不要自行批准更改.
+- [ ] 在推送到生產環境之前確保服務的所有組件都用殺毒軟件靜態地掃瞄過, 包括第三方庫和其它依賴.
+- [ ] 為部署設計一個回滾方案.
+
+
+---
+
+## 也可以看看：
+- [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) - 用於構建RESTful HTTP+JSON API的有用資源集合。
+
+
+---
+
+# 貢獻
+為此存儲庫創建一個 fork, 進行修改, 並提交 pull request 來貢獻. 如果您有任何問題, 請發送郵件至 `team@shieldfy.io`.

From 1b6164564a82528f18d2b168bcee2f10788f54b5 Mon Sep 17 00:00:00 2001
From: Eslam Salem <netcodez@gmail.com>
Date: Tue, 31 Oct 2017 11:09:19 +0200
Subject: [PATCH 031/149] arabic language

---
 README-ar.md | 75 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 75 insertions(+)
 create mode 100644 README-ar.md

diff --git a/README-ar.md b/README-ar.md
new file mode 100644
index 0000000..f28e533
--- /dev/null
+++ b/README-ar.md
@@ -0,0 +1,75 @@
+[中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md)
+
+# API Security Checklist
+قائمة تحتوي على أهم الاحتياطات الامنية حينما تقوم بتخطيط و اختبار و اطلاق ال API الخاصة بك
+
+
+---
+
+## المصادقة (Authentication)
+- [ ] لا تستخدم `Basic Auth` لكن استخدم المعايير القياسية للمصادقة (مثال [JWT](https://jwt.io/), [OAuth](https://oauth.net/)).
+- [ ] لا تعيد اختراع العجله في `المصادقة`, `توليد الرموز`, `تخزين كلمات المرور`. قم بإستخدام المعايير القياسية.
+- [ ] استخدم `تحديد عدد المحاولات` و `الرمان من الدخول jail feature` في تسجيل الدخول.
+- [ ] استخدم التشفير في كل البيانات الحساسة.
+
+### JWT (JSON Web Token)
+- [ ] إستخدم مفتاح عشوائي و معقد (`JWT Secret`) لتجعل هجوم التخمين بالقوة brute forcing صعب جدا.
+- [ ] لا تقم بإستخراج خوارزمية التشفير من محتوى رمز ال JWT. قم بإجبار الكود بإستخدام خوارزمية (`HS256` or `RS256`).
+- [ ] إجعل مدة انتهاء الرمز (`TTL`, `RTTL`) قليلة قدر الإمكان.
+- [ ] لا تقم بتخزين اي بيانات حساسة داخل محتوى رمز ال JWT, لانه يمكن كشف هذه المحتويات بسهولة [easily](https://jwt.io/#debugger-io).
+
+### OAuth
+- [ ] تحقق دائما من  `redirect_uri` في كود السيرفر لتسمح فقط بقائمة محددة من الروابط.
+- [ ] دائما حاول ان تقولم بالتبادل و الرد بكود و ليس بالرمز (لا تسمح  `response_type=token`).
+- [ ] إستخدم متغير `state` في الرابط مع مزيج عشوائي من الحروف لتمنع هجمات ال CSRF على عملية المصادقة الخاصة بال OAuth.
+- [ ] حدد الصلاحية و النطاق الافتراضي scope, و قم بالتحقق منه مع كل تطبيق.
+
+## الوصول
+- [ ] حدد الطلبات (Throttling) لتتجنب هجوم حجب الخدمة  DDoS و هجوم التخمين بالقوة brute-force.
+- [ ] إستخدم HTTPS على السيرفر لتتجنب هجمات التنصت على الطلبات  MITM (Man In The Middle Attack).
+- [ ] إستخدم `HSTS` header مع ال  SSL لتتجنب هجمات ال  SSL Strip.
+
+## الإدخال
+- [ ] إستخدم الوسيلة المناسبة  HTTP method حسب العملية التي تريد القيام بها : `GET (للقرائة)`, `POST (إنتاج او اضافة)`, `PUT/PATCH (لإستبدال او تحديث)`, and `DELETE (لحذف سجل)`, و قم بالرد ب  `405 Method Not Allowed` في حالة إذا كانت الوسيلة method غير مناسبة .
+- [ ] قم بالتحقق من  `content-type` في رأس الطلب reuest header أو ما يسمى ب (Content Negotiation) لتسمح فقط بالتنسيقات المدعومة  (مثال `application/xml`, `application/json`, إلى آخره) و قم بالرد ب  `406 Not Acceptable` إذا كان التنسيق غير ذلك.
+- [ ] قم بالتحقق من  `content-type` في محتوى الطلب نفسه posted data  (مثال `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json`, إلى آخره).
+- [ ] قم بالتحثث من مدخلات المستخدم لتتجنب الثغرات الشائعة  (مثال `XSS`, `SQL-Injection`, `Remote Code Execution`, إلى آخره).
+- [ ] لا تستخدم اي بيانات حساسة  (`credentials`, `Passwords`, `security tokens`, or `API keys`) في الرابط و لكن استخدم الطريقة القياسية وهي رأس الطلب الخاص بالمصادقة Authorization header.
+- [ ] إستخدم واجهة لل API ل تستفيد من التخزين المؤقت caching و سياسات تحديد عدد الطلبات Rate Limit policies (مثال `الحصة Quota`, `التنبية في الارتفاع المفاجئ Spike Arrest`, `و تحديد عدد الطلبات المتزامنة Concurrent Rate Limit`)
+
+## المعالجة
+- [ ] قم بفحص كل النطاقات و الروابط انهم محميين وراء مصادقة authentication لتتجنب المصادقة المكسورة broken authentication.
+- [ ] يجب تجنب استخدام المعرف الخاص بالموارد . قم بإستخدام   `/me/orders` بدلا من `/user/654321/orders`.
+- [ ] لا تقم بإستخدام المعرف التلقائي auto-increment . قم بإستخدام `UUID` بدلا منه.
+- [ ] لو انك تقوم بمعالجة ملفات  XML, تأكد من ان معالجة  entity parsing غير مفعلة لتتجنب هجمات  `XXE` (XML external entity).
+- [ ] لو انك تقوم بمعالجة ملفات  XML, تأكد من ان entity expansion غير مفعلة لتتجنب هجمات `Billion Laughs/XML bomb` من خلال هجوم  exponential entity expansion.
+- [ ] إستخدم شبكات تسليم المحتوى CDN لرفع الملفات.
+- [ ] لو انك تتعامل مع حجم بيانات ضخم, إستخدم عمليات منفصلة Workers , Queues لمعالجة البيانات في الخلفية و الرد على المستخدم بسرعه لتجنب حجب الطلب HTTP Blocking.
+- [ ] لا تنسى و تترك وضع التصحيح DEBUG mode في حالة التشغيل.
+
+## المخرجات
+- [ ] إستخدم `X-Content-Type-Options: nosniff` في رأس الطلب  header.
+- [ ] إستخدم `X-Frame-Options: deny`  في رأس الطلب  header.
+- [ ] إستخدم `Content-Security-Policy: default-src 'none'`  في رأس الطلب  header.
+- [ ] إحذف الرؤوس headers التي تدل عليك  - `X-Powered-By`, `Server`, `X-AspNet-Version` إلى آخره.
+- [ ] إجبر إرسال `content-type` مع الرد, لو انك تقوم بالرد بمحتويات من توع  `application/json`  فم بالرد ب`content-type`  `application/json`.
+- [ ] لا تقم بالرد بمعلومات  و بيانات حساسة مثل  `credentials`, `Passwords`, `security tokens`.
+- [ ] قم بالرد بكود حالة صحيح status code طبقا للعملية التي تقوم بها. (مثال `200 OK`, `400 Bad Request`, `401 Unauthorized`, `405 Method Not Allowed`, إلى آخره).
+
+## التكامل المستمر CI & النشر المستمر CD
+- [ ] مراجعة التصميم الخاص بك والتنفيذ مع وحدة / التكامل اختبارات الاختبار unit/integration tests coverage.
+- [ ] استخدام عملية مراجعة الكود وتجاهل الموافقة على الكود الذي قمت بكتابته.
+- [ ] تأكد من أن جميع مكونات الخدمات الخاصة بك يتم فحصها بشكل ثابت بواسطة برامج الفيروسات قبل ارسالها إلى الإنتاج، بما في ذلك المكتبات الخارجية وغيرها من التبعيات.
+- [ ] تصميم حل التراجع عن عمليات النشر rollback.
+
+
+---
+
+## أنظر أيضا:
+- [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) - مجموعة من الادوات و المصادر لبناء RESTful HTTP+JSON APIs.
+
+
+---
+
+# المشاركة
+لا تتردد في المساهمة عن طريق اخذ نسخة من هذه القائمة fork ، وإجراء بعض التغييرات، وتقديم طلبات المراجعة pull request.  أي أسئلة الرجاء مراسلتنا على البريد الإلكتروني `team@shieldfy.io`.

From b5260426bf1c48d9cea51e9ed0978665f6caeeeb Mon Sep 17 00:00:00 2001
From: Eslam Salem <netcodez@gmail.com>
Date: Tue, 31 Oct 2017 11:21:45 +0200
Subject: [PATCH 032/149] sync languages links

---
 README-de.md    | 2 +-
 README-es.md    | 2 +-
 README-fr.md    | 2 +-
 README-hi.md    | 2 +-
 README-id.md    | 2 +-
 README-it.md    | 2 +-
 README-ja.md    | 2 +-
 README-jp.md    | 2 +-
 README-ko.md    | 2 +-
 README-mn.md    | 2 +-
 README-nl.md    | 2 +-
 README-pt_BR.md | 2 +-
 README-ru.md    | 2 +-
 README-th.md    | 2 +-
 README-tr.md    | 2 +-
 README-tw.md    | 2 +-
 README-uk.md    | 2 +-
 README-vi.md    | 2 +-
 README-zh.md    | 2 +-
 19 files changed, 19 insertions(+), 19 deletions(-)

diff --git a/README-de.md b/README-de.md
index a720e26..b23dce8 100644
--- a/README-de.md
+++ b/README-de.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md)
+[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md)
 
 # API Security Checkliste
 Checkliste für die wichtigsten Sicherheitsmaßnahmen beim Designen, Testen und Veröffentlichen deiner API.
diff --git a/README-es.md b/README-es.md
index e916563..89f44e4 100644
--- a/README-es.md
+++ b/README-es.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md)
+[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md)
 
 # Lista de seguridad en APIs
 Lista de las contramedidas de seguridad más importantes en cuanto al diseño, testing y publicación de tu API.
diff --git a/README-fr.md b/README-fr.md
index 2a7ef02..c6b460e 100644
--- a/README-fr.md
+++ b/README-fr.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md)
+[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md)
 
 # API Security Checklist
 Checklist des points de sécurité les plus importants lors de la conception, du test et de la mise en production de votre API.
diff --git a/README-hi.md b/README-hi.md
index e5d30ed..3a63daa 100644
--- a/README-hi.md
+++ b/README-hi.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md)
+[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [العربية](./README-ar.md)
 
 # API सुरक्षा जांच-सूची
 अपने एपीआई को डिजाइन करने, परीक्षण करने और जारी करने के दौरान सबसे महत्वपूर्ण सुरक्षा प्रतिवाद की जांच सूची|
diff --git a/README-id.md b/README-id.md
index 89d8b81..90d2ab5 100644
--- a/README-id.md
+++ b/README-id.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md)
+[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md)
 
 # Checklist Keamanan API
 Checklist penanggulangan keamanan yang paling penting ketika merancang, menguji, dan melepaskan API ke khalayak
diff --git a/README-it.md b/README-it.md
index 1aab042..95cc37a 100644
--- a/README-it.md
+++ b/README-it.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md)
+[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md)
 
 # Checklist per la sicurezza delle API
 Una checklist per le più importanti contromisure da mettere in pratica quando strutturiamo, testiamo e rilasciamo le nostre API.
diff --git a/README-ja.md b/README-ja.md
index 5239449..7544df2 100644
--- a/README-ja.md
+++ b/README-ja.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md)
+[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md)
 
 # APIセキュリティチェックリスト
 APIを設計、テスト、リリースするときの最も重要なセキュリティ対策のチェックリスト
diff --git a/README-jp.md b/README-jp.md
index 364aa16..e41baaf 100644
--- a/README-jp.md
+++ b/README-jp.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md)
+[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md)
 
 # API Security Checklist
 これはAPIの設計, テスト, リリース時における、重要なセキュリティ対策チェックリストです。
diff --git a/README-ko.md b/README-ko.md
index 92e0deb..a02d35c 100644
--- a/README-ko.md
+++ b/README-ko.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md)
+[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md)
 
 # API 보안 체크리스트
 API를 설계하고 테스트하고 배포할 때 고려해야 할 중요한 보안 대책 체크리스트입니다.
diff --git a/README-mn.md b/README-mn.md
index b64f44e..c6a76f5 100644
--- a/README-mn.md
+++ b/README-mn.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [हिंदी](./README-hi.md)
+[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md)
 
 # API Аюулгүйн жагсаалт
 API гаргах, загварчлах, тестлэхэд аюулгүйн талаас авах сөрөг арга хэмжээний жагсаалт
diff --git a/README-nl.md b/README-nl.md
index 2b70fd4..ee748e4 100644
--- a/README-nl.md
+++ b/README-nl.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md)
+[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md)
 
 # API Security Checklist
 Checklist met de belangrijkste tegenmaatregelen bij het ontwerpen, testen en uitbrengen van een API.
diff --git a/README-pt_BR.md b/README-pt_BR.md
index d29b986..a7664c6 100644
--- a/README-pt_BR.md
+++ b/README-pt_BR.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [中文版](./README-zh.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md)
+[English](./README.md) | [中文版](./README-zh.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md)
 
 # API Security Checklist
 Lista das mais importantes medidas de segurança para o desenvolvimento, teste e publicação da sua API.
diff --git a/README-ru.md b/README-ru.md
index 06cb64e..42a9375 100644
--- a/README-ru.md
+++ b/README-ru.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md)
+[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md)
 
 # Контрольный список безопасности API
 Контрольный список наиболее важных контрмер безопасности при разработке, тестировании и выпуске вашего API.
diff --git a/README-th.md b/README-th.md
index cf27470..e9b93b2 100644
--- a/README-th.md
+++ b/README-th.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md)
+[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md)
 
 # API Security Checklist
 Checklist ที่ต้องให้ความสำคัญเมื่อมีการสร้าง API ในช่วงการออกแบบ ทดสอบระบบ และการปล่อยให้คนนอกใช้
diff --git a/README-tr.md b/README-tr.md
index 22e9d80..269365a 100644
--- a/README-tr.md
+++ b/README-tr.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md)
+[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md)
 
 # API Güvenlik Kontrol Listesi
 API'nizi tasarlarken, test ederken ve yayınlarken en önemli güvenlik önlemlerinin kontrol listesi.
diff --git a/README-tw.md b/README-tw.md
index ce8c931..e591dd0 100644
--- a/README-tw.md
+++ b/README-tw.md
@@ -1,4 +1,4 @@
-[簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md)  
+[簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md)   | [العربية](./README-ar.md)
 
 
 # 開發安全的 API 所需要核對的清單
diff --git a/README-uk.md b/README-uk.md
index 4423c04..69ba223 100644
--- a/README-uk.md
+++ b/README-uk.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md)
+[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md)
 
 # Контрольний список безпеки API
 Контрольний список найбільш важливих контрзаходів безпеки при розробці, тестуванні та випуску вашого API.
diff --git a/README-vi.md b/README-vi.md
index 329b749..19a2443 100644
--- a/README-vi.md
+++ b/README-vi.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md)
+[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md)
 
 # Danh sách các giải pháp an toàn cho API
 Những giải pháp an toàn và cách khắc phục khi thiết kế, kiểm tra và phát hành API cho ứng dụng của bạn.
diff --git a/README-zh.md b/README-zh.md
index d4c751c..3547225 100644
--- a/README-zh.md
+++ b/README-zh.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md)
+[English](./README.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md)
 
 # 开发安全的 API 所需要核对的清单
 以下是当你在设计, 测试以及发布你的 API 的时候所需要核对的重要安全措施.

From 5822adc424a5f4d34bc3ac13ad949f35c511c4d7 Mon Sep 17 00:00:00 2001
From: Eslam Salem <netcodez@gmail.com>
Date: Tue, 31 Oct 2017 11:23:39 +0200
Subject: [PATCH 033/149] sync languages links

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index eaf69cf..97e80ed 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,4 @@
-[中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md)
+[中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md)
 
 # API Security Checklist
 Checklist of the most important security countermeasures when designing, testing, and releasing your API.

From c08abc616fb1339bbedf12e26a139deeaec8967e Mon Sep 17 00:00:00 2001
From: Magicansk <30593595+magicansk@users.noreply.github.com>
Date: Tue, 31 Oct 2017 18:15:21 +0800
Subject: [PATCH 034/149] Update README.md

Add ./README-tw.md
---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 97e80ed..f884a10 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,4 @@
-[中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md)
+[繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md)
 
 # API Security Checklist
 Checklist of the most important security countermeasures when designing, testing, and releasing your API.

From 600803aad9c6f36c60a3d42624bbed426003c5e5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Yi=C4=9Fit=20Tanr=C4=B1verdi?= <x_game92@hotmail.com>
Date: Thu, 9 Nov 2017 10:40:06 +0300
Subject: [PATCH 035/149] Update README-tr.md

translated some words
---
 README-tr.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README-tr.md b/README-tr.md
index 269365a..19748f2 100644
--- a/README-tr.md
+++ b/README-tr.md
@@ -52,7 +52,7 @@ API'nizi tasarlarken, test ederken ve yayınlarken en önemli güvenlik önlemle
 - [ ] `X-Frame-Options: deny` header'ı gönder.
 - [ ] `Content-Security-Policy: default-src 'none'` header'ı gönder.
 - [ ] Parmak izi başlıklarını kaldırın - `X-Powered-By`, `Server`, `X-AspNet-Version` v.b.
-- [ ] Force `content-type` for your response, if you return `application/json` then your response `content-type` is `application/json`.
+- [ ] Response'unda `content-type` kullanmaya zorla, eğer veriyi `application/json` olarak döndürürsen, `content-type` karşılığı `application/json` olur.
 - [ ] Hassas verilerinizi geri göndermeyin `credentials`, `Passwords`, `security tokens`.
 - [ ] İşlem tamamlandıktan sonra uygun durum kodunu döndürür. (ör. `200 OK`, `400 Bad Request`, `401 Unauthorized`, `405 Method Not Allowed`, v.b.).
 

From 06417117364272e210e7a1fe547fd90d45b52013 Mon Sep 17 00:00:00 2001
From: Wagner Souza <wagner.junior@fh.com.br>
Date: Thu, 16 Nov 2017 14:05:42 -0200
Subject: [PATCH 036/149] Fixes typo in pt_BR translation

---
 README-pt_BR.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README-pt_BR.md b/README-pt_BR.md
index a7664c6..14cc5cb 100644
--- a/README-pt_BR.md
+++ b/README-pt_BR.md
@@ -21,7 +21,7 @@ Lista das mais importantes medidas de segurança para o desenvolvimento, teste e
 ### OAuth
 - [ ] Sempre valide o `redirect_uri` no seu servidor através de uma lista de URLs conhecidas (previamente cadastradas).
 - [ ] Tente sempre retornar códigos de negociação, não o _token_ de acesso (não permita `response_type=token`).
-- [ ] Utilze o parâmetro `state` com um _hash_ aleatório para previnir CSRF no processo de autenticação OAuth.
+- [ ] Utilize o parâmetro `state` com um _hash_ aleatório para previnir CSRF no processo de autenticação OAuth.
 - [ ] Defina escopo de dados, e valide o parâmetro `scope` para cada aplicação.
 
 ## Acesso (_Access_)

From b302e1e7fe5a34c1fd72a2f20570bd2ae69109b7 Mon Sep 17 00:00:00 2001
From: Danail Vilos <dadobt@users.noreply.github.com>
Date: Mon, 20 Nov 2017 22:42:01 +0100
Subject: [PATCH 037/149] first part

some of the phrases are adopted for the Macedonian language
---
 README-mk.md | 73 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 73 insertions(+)
 create mode 100644 README-mk.md

diff --git a/README-mk.md b/README-mk.md
new file mode 100644
index 0000000..3e85c97
--- /dev/null
+++ b/README-mk.md
@@ -0,0 +1,73 @@
+[繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Македонски](.README-mk.md) 
+
+# API Безбедносна контролна листа
+Безбедносна контролна листа од најважните безбедносни контрамерки при дизајнирање, тестирање и пуштање во употреба на вашето API.
+---
+
+## Автентикација
+- [ ] Не користете `Basic Auth` Користете стандардна автентикација (п.р. [JWT](https://jwt.io/), [OAuth](https://oauth.net/)).
+- [ ] Не измислувајте топла вода за  `Authentication`,` generation token `, `password storage`. Користете ги стандардите.
+- [ ] Користете `Max Retry` и затворските функции во Login.
+- [ ] Користете енкрипција на сите чувствителни податоци.
+
+### JWT (JSON Web Token)
+- [ ] Користете случајно генериран и комплициран клуч (`JWT Secret`) за да направите што можно потешко погодување на токенот со испробување на секоја можна комбинација
+- [ ] Don't extract the algorithm from the payload. Force the algorithm in the backend (`HS256` or `RS256`).
+- [ ] Направете токенот да истече (`TTL`, `RTTL`) што е можно побрзо .
+- [ ] Не чувајте чувствителни податоци во JWR payload, може да се декодира [лесно](https://jwt.io/#debugger-io).
+
+### OAuth
+- [ ] Секогаш проверувајте ја `redirect_uri` од страна на серверот за да дозволите само бела листа на адреси.
+- [ ]Секогаш обидувајте се да разменувате за код, а не токени (не дозволувајте `response_type = token`).
+- [ ] Користете го параметрот `state` со случаен хаш за да го спречите CSRF за процесот на автентикација на OAuth.
+- [ ] Дефинирајте го основниот опсег и проверете ги параметрите на опсегот за секоја апликација.
+
+## Пристап
+- [ ] Ограничете ги барањата (забавување) за да избегнете напади DDoS / brute-force.
+- [ ] Користете HTTPS на страната на серверот за да избегнете MITM (Man In The Middle Attack).
+- [ ] Користете `HSTS` насловот со SSL за да избегнете SSL Strip напад.
+
+## Влез
+- [ ] Користете ја соодветната HTTP-метод според операцијата: "GET (read)", "POST (создади)", "PUT / PATCH (замени / ажурирај)" и "DELETE (за бришење на запис) 405 Метод не е дозволено` ако бараниот метод не е соодветен за бараниот ресурс.
+- [ ] Потврдете `content-type` на барање Accept header (Content Negotiation) за да го дозволите само вашиот поддржан формат (на пр.`application/xml`, `application/json`, etc) И да одговори со 406 Not Acceptable` одговор ако не се совпаѓа.
+- [ ] Потврдете ги  `content-type` на објавените податоци што ги прифаќате (на пр., `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json`, итн.).
+- [ ] Потврдете го корисничкиот влез за да избегнете вообичаени слабости (e.g. `XSS`, `SQL-Injection`, `Remote Code Execution`, etc).
+- [ ] Не користете чувствителни податоци(`credentials`, `Passwords`, `security tokens`, или `API keys`) во URL-то, но користете стандарден заглавие за авторизација.
+- [ ] Користете API Gateway-услуга за да овозможите кеширање, политики за ограничување на тарифите (пр. `Quota`, `Spike Arrest`, `Concurrent Rate Limit`) и динамички да ги распоредите ресурсите за API-то.
+
+## Processing
+- [ ] Check if all the endpoints are protected behind authentication to avoid broken authentication process.
+- [ ] User own resource ID should be avoided. Use `/me/orders` instead of `/user/654321/orders`.
+- [ ] Don't auto-increment IDs. Use `UUID` instead.
+- [ ] If you are parsing XML files, make sure entity parsing is not enabled to avoid `XXE` (XML external entity attack).
+- [ ] If you are parsing XML files, make sure entity expansion is not enabled to avoid `Billion Laughs/XML bomb` via exponential entity expansion attack.
+- [ ] Use a CDN for file uploads.
+- [ ] If you are dealing with huge amount of data, use Workers and Queues to process as much as possible in background and return response fast to avoid HTTP Blocking.
+- [ ] Do not forget to turn the DEBUG mode OFF.
+
+## Output
+- [ ] Send `X-Content-Type-Options: nosniff` header.
+- [ ] Send `X-Frame-Options: deny` header.
+- [ ] Send `Content-Security-Policy: default-src 'none'` header.
+- [ ] Remove fingerprinting headers - `X-Powered-By`, `Server`, `X-AspNet-Version` etc.
+- [ ] Force `content-type` for your response, if you return `application/json` then your response `content-type` is `application/json`.
+- [ ] Don't return sensitive data like `credentials`, `Passwords`, `security tokens`.
+- [ ] Return the proper status code according to the operation completed. (e.g. `200 OK`, `400 Bad Request`, `401 Unauthorized`, `405 Method Not Allowed`, etc).
+
+## CI & CD
+- [ ] Audit your design and implementation with unit/integration tests coverage.
+- [ ] Use a code review process and disregard self-approval.
+- [ ] Ensure that all components of your services are statically scanned by AV software before push to production, including vendor libraries and other dependencies.
+- [ ] Design a rollback solution for deployments.
+
+
+---
+
+## See also:
+- [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) - A collection of useful resources for building RESTful HTTP+JSON APIs.
+
+
+---
+
+# Contribution
+Feel free to contribute by forking this repository, making some changes, and submitting pull requests. For any questions drop us an email at `team@shieldfy.io`.

From c46baa5adca1ab9a69c692e75a110b084b2191c4 Mon Sep 17 00:00:00 2001
From: pilotpirxie <10637666+pilotpirxie@users.noreply.github.com>
Date: Mon, 20 Nov 2017 22:56:17 +0100
Subject: [PATCH 038/149] Update and rename README.md to README-pl.md

---
 README.md => README-pl.md | 26 +++++++++++++-------------
 1 file changed, 13 insertions(+), 13 deletions(-)
 rename README.md => README-pl.md (72%)

diff --git a/README.md b/README-pl.md
similarity index 72%
rename from README.md
rename to README-pl.md
index f884a10..80d84d6 100644
--- a/README.md
+++ b/README-pl.md
@@ -1,22 +1,22 @@
-[繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md)
-
-# API Security Checklist
-Checklist of the most important security countermeasures when designing, testing, and releasing your API.
+# Lista kontrolna bezpieczeństw API
+Lista kontrolna najważniejszych metod zabezpieczenia podczas projektowania, testowania oraz wypuszczania własnego API.
 
 
 ---
 
-## Authentication
-- [ ] Don't use `Basic Auth` Use standard authentication (e.g. [JWT](https://jwt.io/), [OAuth](https://oauth.net/)).
-- [ ] Don't reinvent the wheel in `Authentication`, `token generation`, `password storage`. Use the standards.
-- [ ] Use `Max Retry` and jail features in Login.
-- [ ] Use encryption on all sensitive data.
+
+## Uwierzytelnianie
+- [ ] Nie używaj `Basic Auth`. Użyj standardów uwierzytelniania (np. [JWT](https://jwt.io/), [OAuth](https://oauth.net/)).
+- [ ] Nie wynajduj koła na nowo podczas `Uwierzytelniania`, `generowanie tokenów`, `przechowywania haseł`. Użyj sprawdzonych standardów.
+- [ ] Dodaj `Maksymalną ilość prób` oraz inne opcje ograniczające podczas Logowania.
+- [ ] Szyfruj wszystkie wrażliwe (ważne) dane.
 
 ### JWT (JSON Web Token)
-- [ ] Use a random complicated key (`JWT Secret`) to make brute forcing the token very hard.
-- [ ] Don't extract the algorithm from the payload. Force the algorithm in the backend (`HS256` or `RS256`).
-- [ ] Make token expiration (`TTL`, `RTTL`) as short as possible.
-- [ ] Don't store sensitive data in the JWT payload, it can be decoded [easily](https://jwt.io/#debugger-io).
+- [ ] Użyj losowego, skomplikowanego klucza (`JWT Secret`) aby uczynić token bezpieczniejszym przeciw atakom typu `brute force`.
+- [ ] Algorytmy trzymaj w backendzie, nie upubliczniaj algorytmów.
+- [ ] Ustaw wygaszanie tokenów  (`TTL`, `RTTL`) najkrótsze jak to możliwe.
+- [ ] Nie przechowuj wrażliwych danych w `JWT payload`, mogą był łatwo dekodowane przy pomocy [easily](https://jwt.io/#debugger-io).
+
 
 ### OAuth
 - [ ] Always validate `redirect_uri` server-side to allow only whitelisted URLs.

From 167f48a3ca8d3618eda32a7b0eea972acebbf78b Mon Sep 17 00:00:00 2001
From: pilotpirxie <10637666+pilotpirxie@users.noreply.github.com>
Date: Mon, 20 Nov 2017 23:06:17 +0100
Subject: [PATCH 039/149] Update README-pl.md

---
 README-pl.md | 37 +++++++++++++++++++------------------
 1 file changed, 19 insertions(+), 18 deletions(-)

diff --git a/README-pl.md b/README-pl.md
index 80d84d6..0d27f85 100644
--- a/README-pl.md
+++ b/README-pl.md
@@ -17,25 +17,26 @@ Lista kontrolna najważniejszych metod zabezpieczenia podczas projektowania, tes
 - [ ] Ustaw wygaszanie tokenów  (`TTL`, `RTTL`) najkrótsze jak to możliwe.
 - [ ] Nie przechowuj wrażliwych danych w `JWT payload`, mogą był łatwo dekodowane przy pomocy [easily](https://jwt.io/#debugger-io).
 
-
 ### OAuth
-- [ ] Always validate `redirect_uri` server-side to allow only whitelisted URLs.
-- [ ] Always try to exchange for code and not tokens (don't allow `response_type=token`).
-- [ ] Use `state` parameter with a random hash to prevent CSRF on the OAuth authentication process.
-- [ ] Define the default scope, and validate scope parameters for each application.
-
-## Access
-- [ ] Limit requests (Throttling) to avoid DDoS / brute-force attacks.
-- [ ] Use HTTPS on server side to avoid MITM (Man In The Middle Attack).
-- [ ] Use `HSTS` header with SSL to avoid SSL Strip attack.
-
-## Input
-- [ ] Use the proper HTTP method according to the operation: `GET (read)`, `POST (create)`, `PUT/PATCH (replace/update)`, and `DELETE (to delete a record)`, and respond with `405 Method Not Allowed` if the requested method isn't appropriate for the requested resource.
-- [ ] Validate `content-type` on request Accept header (Content Negotiation) to allow only your supported format (e.g. `application/xml`, `application/json`, etc) and respond with `406 Not Acceptable` response if not matched.
-- [ ] Validate `content-type` of posted data as you accept (e.g. `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json`, etc).
-- [ ] Validate User input to avoid common vulnerabilities (e.g. `XSS`, `SQL-Injection`, `Remote Code Execution`, etc).
-- [ ] Don't use any sensitive data (`credentials`, `Passwords`, `security tokens`, or `API keys`) in the URL, but use standard Authorization header.
-- [ ] Use an API Gateway service to enable caching, Rate Limit policies (e.g. `Quota`, `Spike Arrest`, `Concurrent Rate Limit`) and deploy APIs resources dynamically.
+- [ ] Zawsze waliduj `redirect_uri` po stronie serwera aby zezwolić tylko URL-om z dozwolonej listy (`whitelist`).
+- [ ] Zawsze próbuj wymienić kodem nie tokenami (nie zezwalaj na `response_type=token`).
+- [ ] Użyj parametru `state` z losowym hashem aby zabezpieczyć proces OAuth przed atakiem CSRF.
+- [ ] Zdefiniuj oraz waliduj zakres parametrów dla każdej aplikacji.
+
+## Dostęp
+- [ ] Ustaw limit zapytań (Throttling) aby uniknąć ataku DDoS / brute-force.
+- [ ] Użyj HTTPS aby uniknąć MITM (Man In The Middle Attack) - ataku polegającego na pośrednictwie w wymianie informacji pomiędzy dwoma punktami np. klientem i serwerem.
+- [ ] Użyj nagłówka `HSTS` z SSL aby uniknąć SSL Strip attack.
+
+
+## Wejście
+- [ ] Użyj odpowiedniej metody protokołu HTTP dla danej operacji: `GET (odczyt)`, `POST (tworzenie)`, `PUT/PATCH (zmiana)`, and `DELETE (usuwanie)`, i odpowiadaj `405 Method Not Allowed` jeżeli metoda zapytania jest niepoprawna.
+- [ ] Waliduj `content-type` podczas zapytań i zezwalaj jedynie na wymagane typy danych (np. `application/xml`, `application/json`) oraz odpowiadaj `406 Not Acceptable` jeżeli nie pasują.
+- [ ] Waliduj  `content-type` informacji przekazywanych metodą POST (np. `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json`).
+- [ ] Waliduj informacje wprowadzane przez użytkownika, aby uniknąć zagrożeń (np.. `XSS`, `SQL-Injection`, `Zdalne Wykonanie Skryptu`).
+- [ ] Nie używaj żadnych wrażliwych danych w URL, zamiast tego użyj standardowego nagłówka Autoryzującego.
+- [ ] Użyj usługi API Gateway aby włączyć caching oraz np. `Quota`, `Spike Arrest`, `Concurrent Rate Limit`.
+
 
 ## Processing
 - [ ] Check if all the endpoints are protected behind authentication to avoid broken authentication process.

From b08b76fa06494c31d38d88f338ca3cf491ae351f Mon Sep 17 00:00:00 2001
From: pilotpirxie <10637666+pilotpirxie@users.noreply.github.com>
Date: Mon, 20 Nov 2017 23:18:16 +0100
Subject: [PATCH 040/149] Update README-pl.md

---
 README-pl.md | 53 +++++++++++++++++++++++-----------------------------
 1 file changed, 23 insertions(+), 30 deletions(-)

diff --git a/README-pl.md b/README-pl.md
index 0d27f85..8fb0f64 100644
--- a/README-pl.md
+++ b/README-pl.md
@@ -38,39 +38,32 @@ Lista kontrolna najważniejszych metod zabezpieczenia podczas projektowania, tes
 - [ ] Użyj usługi API Gateway aby włączyć caching oraz np. `Quota`, `Spike Arrest`, `Concurrent Rate Limit`.
 
 
-## Processing
-- [ ] Check if all the endpoints are protected behind authentication to avoid broken authentication process.
-- [ ] User own resource ID should be avoided. Use `/me/orders` instead of `/user/654321/orders`.
-- [ ] Don't auto-increment IDs. Use `UUID` instead.
-- [ ] If you are parsing XML files, make sure entity parsing is not enabled to avoid `XXE` (XML external entity attack).
-- [ ] If you are parsing XML files, make sure entity expansion is not enabled to avoid `Billion Laughs/XML bomb` via exponential entity expansion attack.
-- [ ] Use a CDN for file uploads.
-- [ ] If you are dealing with huge amount of data, use Workers and Queues to process as much as possible in background and return response fast to avoid HTTP Blocking.
-- [ ] Do not forget to turn the DEBUG mode OFF.
-
-## Output
-- [ ] Send `X-Content-Type-Options: nosniff` header.
-- [ ] Send `X-Frame-Options: deny` header.
-- [ ] Send `Content-Security-Policy: default-src 'none'` header.
-- [ ] Remove fingerprinting headers - `X-Powered-By`, `Server`, `X-AspNet-Version` etc.
-- [ ] Force `content-type` for your response, if you return `application/json` then your response `content-type` is `application/json`.
-- [ ] Don't return sensitive data like `credentials`, `Passwords`, `security tokens`.
-- [ ] Return the proper status code according to the operation completed. (e.g. `200 OK`, `400 Bad Request`, `401 Unauthorized`, `405 Method Not Allowed`, etc).
+## Przetwarzanie
+- [ ] Sprawdź czy wszystkie endpointy są zabezpieczone uwierzytelnianiem aby uniknąć niautoryzowanego dostępu.
+- [ ] Unikaj ukazywania ID użytkownika. Użyj np. `/me/orders` zamiast `/users/654321/orders/`. 
+- [ ] Nie używaj auto inkrementacji w polu ID. Zamiast tego użyj `UUID`.
+- [ ] Jeżeli parsujesz pliki XML, upewnij się, że jesteś odporny na `XXE` (XML external entity attack) oraz `Billion Laughs/XML bomb`.
+- [ ] Użyj CDN do przechowywania wysyłanych plików.
+- [ ] Jeżeli pracujesz z dużą ilością danych, użyj procesów Workers oraz kolejkowania Queues aby przetworzyć jak najwięcej w tle i zwrócić informacje szybko aby uniknąć blokowania HTTP. 
+- [ ] Nie zapomnij o wyłączeniu trybu debugowania.
+
+## Wyjście
+- [ ] Wyślij nagłówek `X-Content-Type-Options: nosniff`.
+- [ ] Wyślij nagłówek `X-Frame-Options: deny`.
+- [ ] Wyślij nagłówek `Content-Security-Policy: default-src 'none'`.
+- [ ] Usuń nagłówki cyfrowego odcisku palca (digital fingerprint)  - `X-Powered-By`, `Server`, `X-AspNet-Version`.
+- [ ] Wymuś `content-type` podczas zwracania danych. Jeżeli zwracasz `application/json` wtedy twój `content-type` to `application/json`.
+- [ ] Nie zwracaj ważnych informacji jak `dane uwierzytelniające`, `hasła`, `tokeny bezpieczeństwa`.
+- [ ] Zwróc odpowiedni status w zależności od operacji. (np. `200 OK`, `400 Bad Request`, `401 Unauthorized`, `405 Method Not Allowed`).
 
 ## CI & CD
-- [ ] Audit your design and implementation with unit/integration tests coverage.
-- [ ] Use a code review process and disregard self-approval.
-- [ ] Ensure that all components of your services are statically scanned by AV software before push to production, including vendor libraries and other dependencies.
-- [ ] Design a rollback solution for deployments.
+- [ ] Przetestuj wszystkie rozwiązania stosując testy jednostkowe.
+- [ ] Oddaj kod do przejrzenia innym, poddaj go `code review`.
+- [ ] Upewnij się, że wszystkie komponenty twojej usługi są skanowane przez oprogramowanie antywirusowe przed wejściem na produkcje. Uwzględnij także zewnętrzne biblioteki.
+- [ ] Stwórz możliwość szybkiego wycofania udostępnionego wdrożenia.
 
 
 ---
 
-## See also:
-- [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) - A collection of useful resources for building RESTful HTTP+JSON APIs.
-
-
----
-
-# Contribution
-Feel free to contribute by forking this repository, making some changes, and submitting pull requests. For any questions drop us an email at `team@shieldfy.io`.
+## Zobacz także:
+- [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) - [ENG] Zbiór wartościowych narzędzi do tworzenia REST HTTP+JSON API.

From de18461b6a29574c7cc1e98d656e3bbc89db2ded Mon Sep 17 00:00:00 2001
From: pilotpirxie <10637666+pilotpirxie@users.noreply.github.com>
Date: Mon, 20 Nov 2017 23:19:20 +0100
Subject: [PATCH 041/149] Create README.md

---
 README.md | 75 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 75 insertions(+)
 create mode 100644 README.md

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..f884a10
--- /dev/null
+++ b/README.md
@@ -0,0 +1,75 @@
+[繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md)
+
+# API Security Checklist
+Checklist of the most important security countermeasures when designing, testing, and releasing your API.
+
+
+---
+
+## Authentication
+- [ ] Don't use `Basic Auth` Use standard authentication (e.g. [JWT](https://jwt.io/), [OAuth](https://oauth.net/)).
+- [ ] Don't reinvent the wheel in `Authentication`, `token generation`, `password storage`. Use the standards.
+- [ ] Use `Max Retry` and jail features in Login.
+- [ ] Use encryption on all sensitive data.
+
+### JWT (JSON Web Token)
+- [ ] Use a random complicated key (`JWT Secret`) to make brute forcing the token very hard.
+- [ ] Don't extract the algorithm from the payload. Force the algorithm in the backend (`HS256` or `RS256`).
+- [ ] Make token expiration (`TTL`, `RTTL`) as short as possible.
+- [ ] Don't store sensitive data in the JWT payload, it can be decoded [easily](https://jwt.io/#debugger-io).
+
+### OAuth
+- [ ] Always validate `redirect_uri` server-side to allow only whitelisted URLs.
+- [ ] Always try to exchange for code and not tokens (don't allow `response_type=token`).
+- [ ] Use `state` parameter with a random hash to prevent CSRF on the OAuth authentication process.
+- [ ] Define the default scope, and validate scope parameters for each application.
+
+## Access
+- [ ] Limit requests (Throttling) to avoid DDoS / brute-force attacks.
+- [ ] Use HTTPS on server side to avoid MITM (Man In The Middle Attack).
+- [ ] Use `HSTS` header with SSL to avoid SSL Strip attack.
+
+## Input
+- [ ] Use the proper HTTP method according to the operation: `GET (read)`, `POST (create)`, `PUT/PATCH (replace/update)`, and `DELETE (to delete a record)`, and respond with `405 Method Not Allowed` if the requested method isn't appropriate for the requested resource.
+- [ ] Validate `content-type` on request Accept header (Content Negotiation) to allow only your supported format (e.g. `application/xml`, `application/json`, etc) and respond with `406 Not Acceptable` response if not matched.
+- [ ] Validate `content-type` of posted data as you accept (e.g. `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json`, etc).
+- [ ] Validate User input to avoid common vulnerabilities (e.g. `XSS`, `SQL-Injection`, `Remote Code Execution`, etc).
+- [ ] Don't use any sensitive data (`credentials`, `Passwords`, `security tokens`, or `API keys`) in the URL, but use standard Authorization header.
+- [ ] Use an API Gateway service to enable caching, Rate Limit policies (e.g. `Quota`, `Spike Arrest`, `Concurrent Rate Limit`) and deploy APIs resources dynamically.
+
+## Processing
+- [ ] Check if all the endpoints are protected behind authentication to avoid broken authentication process.
+- [ ] User own resource ID should be avoided. Use `/me/orders` instead of `/user/654321/orders`.
+- [ ] Don't auto-increment IDs. Use `UUID` instead.
+- [ ] If you are parsing XML files, make sure entity parsing is not enabled to avoid `XXE` (XML external entity attack).
+- [ ] If you are parsing XML files, make sure entity expansion is not enabled to avoid `Billion Laughs/XML bomb` via exponential entity expansion attack.
+- [ ] Use a CDN for file uploads.
+- [ ] If you are dealing with huge amount of data, use Workers and Queues to process as much as possible in background and return response fast to avoid HTTP Blocking.
+- [ ] Do not forget to turn the DEBUG mode OFF.
+
+## Output
+- [ ] Send `X-Content-Type-Options: nosniff` header.
+- [ ] Send `X-Frame-Options: deny` header.
+- [ ] Send `Content-Security-Policy: default-src 'none'` header.
+- [ ] Remove fingerprinting headers - `X-Powered-By`, `Server`, `X-AspNet-Version` etc.
+- [ ] Force `content-type` for your response, if you return `application/json` then your response `content-type` is `application/json`.
+- [ ] Don't return sensitive data like `credentials`, `Passwords`, `security tokens`.
+- [ ] Return the proper status code according to the operation completed. (e.g. `200 OK`, `400 Bad Request`, `401 Unauthorized`, `405 Method Not Allowed`, etc).
+
+## CI & CD
+- [ ] Audit your design and implementation with unit/integration tests coverage.
+- [ ] Use a code review process and disregard self-approval.
+- [ ] Ensure that all components of your services are statically scanned by AV software before push to production, including vendor libraries and other dependencies.
+- [ ] Design a rollback solution for deployments.
+
+
+---
+
+## See also:
+- [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) - A collection of useful resources for building RESTful HTTP+JSON APIs.
+
+
+---
+
+# Contribution
+Feel free to contribute by forking this repository, making some changes, and submitting pull requests. For any questions drop us an email at `team@shieldfy.io`.

From 7f8be33d0f8b1c05fbd291afce5e36690cdea9a7 Mon Sep 17 00:00:00 2001
From: pilotpirxie <10637666+pilotpirxie@users.noreply.github.com>
Date: Mon, 20 Nov 2017 23:19:59 +0100
Subject: [PATCH 042/149] Update README.md

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index f884a10..79a6120 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,4 @@
-[繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md)
+[繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md)
 
 # API Security Checklist
 Checklist of the most important security countermeasures when designing, testing, and releasing your API.

From 3b4b9ac00eca9586aa307394b5cc4991ccd290e2 Mon Sep 17 00:00:00 2001
From: pilotpirxie <10637666+pilotpirxie@users.noreply.github.com>
Date: Mon, 20 Nov 2017 23:20:20 +0100
Subject: [PATCH 043/149] Update README-pl.md

---
 README-pl.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README-pl.md b/README-pl.md
index 8fb0f64..2ab5199 100644
--- a/README-pl.md
+++ b/README-pl.md
@@ -1,4 +1,4 @@
-# Lista kontrolna bezpieczeństw API
+# Lista kontrolna bezpieczeństwa API
 Lista kontrolna najważniejszych metod zabezpieczenia podczas projektowania, testowania oraz wypuszczania własnego API.
 
 

From 4577a122549c073dade787f4e20b244b2f00bc5c Mon Sep 17 00:00:00 2001
From: Caleb Mazalevskis <maikuolan@gmail.com>
Date: Tue, 21 Nov 2017 06:54:19 +0800
Subject: [PATCH 044/149] Sync language links.

---
 README-ar.md    | 2 +-
 README-de.md    | 2 +-
 README-es.md    | 2 +-
 README-fr.md    | 2 +-
 README-hi.md    | 2 +-
 README-id.md    | 2 +-
 README-it.md    | 2 +-
 README-ja.md    | 2 +-
 README-jp.md    | 2 +-
 README-ko.md    | 2 +-
 README-mn.md    | 2 +-
 README-nl.md    | 2 +-
 README-pl.md    | 9 ++++-----
 README-pt_BR.md | 2 +-
 README-ru.md    | 2 +-
 README-th.md    | 2 +-
 README-tr.md    | 2 +-
 README-tw.md    | 3 +--
 README-uk.md    | 2 +-
 README-vi.md    | 2 +-
 README-zh.md    | 2 +-
 21 files changed, 24 insertions(+), 26 deletions(-)

diff --git a/README-ar.md b/README-ar.md
index f28e533..50d6185 100644
--- a/README-ar.md
+++ b/README-ar.md
@@ -1,4 +1,4 @@
-[中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [Polski](./README-pl.md)
 
 # API Security Checklist
 قائمة تحتوي على أهم الاحتياطات الامنية حينما تقوم بتخطيط و اختبار و اطلاق ال API الخاصة بك
diff --git a/README-de.md b/README-de.md
index b23dce8..0ad9451 100644
--- a/README-de.md
+++ b/README-de.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md)
 
 # API Security Checkliste
 Checkliste für die wichtigsten Sicherheitsmaßnahmen beim Designen, Testen und Veröffentlichen deiner API.
diff --git a/README-es.md b/README-es.md
index 89f44e4..14f881b 100644
--- a/README-es.md
+++ b/README-es.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md)
 
 # Lista de seguridad en APIs
 Lista de las contramedidas de seguridad más importantes en cuanto al diseño, testing y publicación de tu API.
diff --git a/README-fr.md b/README-fr.md
index c6b460e..b0c02a1 100644
--- a/README-fr.md
+++ b/README-fr.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md)
 
 # API Security Checklist
 Checklist des points de sécurité les plus importants lors de la conception, du test et de la mise en production de votre API.
diff --git a/README-hi.md b/README-hi.md
index 3a63daa..75b949d 100644
--- a/README-hi.md
+++ b/README-hi.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [العربية](./README-ar.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md)
 
 # API सुरक्षा जांच-सूची
 अपने एपीआई को डिजाइन करने, परीक्षण करने और जारी करने के दौरान सबसे महत्वपूर्ण सुरक्षा प्रतिवाद की जांच सूची|
diff --git a/README-id.md b/README-id.md
index 90d2ab5..5e57974 100644
--- a/README-id.md
+++ b/README-id.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md)
 
 # Checklist Keamanan API
 Checklist penanggulangan keamanan yang paling penting ketika merancang, menguji, dan melepaskan API ke khalayak
diff --git a/README-it.md b/README-it.md
index 95cc37a..0b9b8e2 100644
--- a/README-it.md
+++ b/README-it.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md)
 
 # Checklist per la sicurezza delle API
 Una checklist per le più importanti contromisure da mettere in pratica quando strutturiamo, testiamo e rilasciamo le nostre API.
diff --git a/README-ja.md b/README-ja.md
index 7544df2..3ce0cb9 100644
--- a/README-ja.md
+++ b/README-ja.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md)
 
 # APIセキュリティチェックリスト
 APIを設計、テスト、リリースするときの最も重要なセキュリティ対策のチェックリスト
diff --git a/README-jp.md b/README-jp.md
index e41baaf..a2f84f8 100644
--- a/README-jp.md
+++ b/README-jp.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md)
 
 # API Security Checklist
 これはAPIの設計, テスト, リリース時における、重要なセキュリティ対策チェックリストです。
diff --git a/README-ko.md b/README-ko.md
index a02d35c..e96f79a 100644
--- a/README-ko.md
+++ b/README-ko.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md)
 
 # API 보안 체크리스트
 API를 설계하고 테스트하고 배포할 때 고려해야 할 중요한 보안 대책 체크리스트입니다.
diff --git a/README-mn.md b/README-mn.md
index c6a76f5..18ea6e0 100644
--- a/README-mn.md
+++ b/README-mn.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md)
 
 # API Аюулгүйн жагсаалт
 API гаргах, загварчлах, тестлэхэд аюулгүйн талаас авах сөрөг арга хэмжээний жагсаалт
diff --git a/README-nl.md b/README-nl.md
index ee748e4..459eae9 100644
--- a/README-nl.md
+++ b/README-nl.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md)
 
 # API Security Checklist
 Checklist met de belangrijkste tegenmaatregelen bij het ontwerpen, testen en uitbrengen van een API.
diff --git a/README-pl.md b/README-pl.md
index 2ab5199..45e7d62 100644
--- a/README-pl.md
+++ b/README-pl.md
@@ -1,10 +1,11 @@
+[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md)
+
 # Lista kontrolna bezpieczeństwa API
 Lista kontrolna najważniejszych metod zabezpieczenia podczas projektowania, testowania oraz wypuszczania własnego API.
 
 
 ---
 
-
 ## Uwierzytelnianie
 - [ ] Nie używaj `Basic Auth`. Użyj standardów uwierzytelniania (np. [JWT](https://jwt.io/), [OAuth](https://oauth.net/)).
 - [ ] Nie wynajduj koła na nowo podczas `Uwierzytelniania`, `generowanie tokenów`, `przechowywania haseł`. Użyj sprawdzonych standardów.
@@ -28,7 +29,6 @@ Lista kontrolna najważniejszych metod zabezpieczenia podczas projektowania, tes
 - [ ] Użyj HTTPS aby uniknąć MITM (Man In The Middle Attack) - ataku polegającego na pośrednictwie w wymianie informacji pomiędzy dwoma punktami np. klientem i serwerem.
 - [ ] Użyj nagłówka `HSTS` z SSL aby uniknąć SSL Strip attack.
 
-
 ## Wejście
 - [ ] Użyj odpowiedniej metody protokołu HTTP dla danej operacji: `GET (odczyt)`, `POST (tworzenie)`, `PUT/PATCH (zmiana)`, and `DELETE (usuwanie)`, i odpowiadaj `405 Method Not Allowed` jeżeli metoda zapytania jest niepoprawna.
 - [ ] Waliduj `content-type` podczas zapytań i zezwalaj jedynie na wymagane typy danych (np. `application/xml`, `application/json`) oraz odpowiadaj `406 Not Acceptable` jeżeli nie pasują.
@@ -37,14 +37,13 @@ Lista kontrolna najważniejszych metod zabezpieczenia podczas projektowania, tes
 - [ ] Nie używaj żadnych wrażliwych danych w URL, zamiast tego użyj standardowego nagłówka Autoryzującego.
 - [ ] Użyj usługi API Gateway aby włączyć caching oraz np. `Quota`, `Spike Arrest`, `Concurrent Rate Limit`.
 
-
 ## Przetwarzanie
 - [ ] Sprawdź czy wszystkie endpointy są zabezpieczone uwierzytelnianiem aby uniknąć niautoryzowanego dostępu.
-- [ ] Unikaj ukazywania ID użytkownika. Użyj np. `/me/orders` zamiast `/users/654321/orders/`. 
+- [ ] Unikaj ukazywania ID użytkownika. Użyj np. `/me/orders` zamiast `/users/654321/orders/`.
 - [ ] Nie używaj auto inkrementacji w polu ID. Zamiast tego użyj `UUID`.
 - [ ] Jeżeli parsujesz pliki XML, upewnij się, że jesteś odporny na `XXE` (XML external entity attack) oraz `Billion Laughs/XML bomb`.
 - [ ] Użyj CDN do przechowywania wysyłanych plików.
-- [ ] Jeżeli pracujesz z dużą ilością danych, użyj procesów Workers oraz kolejkowania Queues aby przetworzyć jak najwięcej w tle i zwrócić informacje szybko aby uniknąć blokowania HTTP. 
+- [ ] Jeżeli pracujesz z dużą ilością danych, użyj procesów Workers oraz kolejkowania Queues aby przetworzyć jak najwięcej w tle i zwrócić informacje szybko aby uniknąć blokowania HTTP.
 - [ ] Nie zapomnij o wyłączeniu trybu debugowania.
 
 ## Wyjście
diff --git a/README-pt_BR.md b/README-pt_BR.md
index 14cc5cb..ed6e23f 100644
--- a/README-pt_BR.md
+++ b/README-pt_BR.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [中文版](./README-zh.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md)
 
 # API Security Checklist
 Lista das mais importantes medidas de segurança para o desenvolvimento, teste e publicação da sua API.
diff --git a/README-ru.md b/README-ru.md
index 42a9375..9b7cae6 100644
--- a/README-ru.md
+++ b/README-ru.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md)
 
 # Контрольный список безопасности API
 Контрольный список наиболее важных контрмер безопасности при разработке, тестировании и выпуске вашего API.
diff --git a/README-th.md b/README-th.md
index e9b93b2..eb2c27b 100644
--- a/README-th.md
+++ b/README-th.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md)
 
 # API Security Checklist
 Checklist ที่ต้องให้ความสำคัญเมื่อมีการสร้าง API ในช่วงการออกแบบ ทดสอบระบบ และการปล่อยให้คนนอกใช้
diff --git a/README-tr.md b/README-tr.md
index 19748f2..16a093c 100644
--- a/README-tr.md
+++ b/README-tr.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md)
 
 # API Güvenlik Kontrol Listesi
 API'nizi tasarlarken, test ederken ve yayınlarken en önemli güvenlik önlemlerinin kontrol listesi.
diff --git a/README-tw.md b/README-tw.md
index e591dd0..ac22cf8 100644
--- a/README-tw.md
+++ b/README-tw.md
@@ -1,5 +1,4 @@
-[簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md)   | [العربية](./README-ar.md)
-
+[English](./README.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md)
 
 # 開發安全的 API 所需要核對的清單
 以下是當你在設計, 測試以及發佈你的 API 的時候所需要核對的重要安全措施.
diff --git a/README-uk.md b/README-uk.md
index 69ba223..bb78dd5 100644
--- a/README-uk.md
+++ b/README-uk.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md)
 
 # Контрольний список безпеки API
 Контрольний список найбільш важливих контрзаходів безпеки при розробці, тестуванні та випуску вашого API.
diff --git a/README-vi.md b/README-vi.md
index 19a2443..66e4ed1 100644
--- a/README-vi.md
+++ b/README-vi.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [中文版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md)
 
 # Danh sách các giải pháp an toàn cho API
 Những giải pháp an toàn và cách khắc phục khi thiết kế, kiểm tra và phát hành API cho ứng dụng của bạn.
diff --git a/README-zh.md b/README-zh.md
index 3547225..581bf0c 100644
--- a/README-zh.md
+++ b/README-zh.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md)
 
 # 开发安全的 API 所需要核对的清单
 以下是当你在设计, 测试以及发布你的 API 的时候所需要核对的重要安全措施.

From b13fcb3182d4dfa27446e08728bf43e414f40730 Mon Sep 17 00:00:00 2001
From: Danail Vilos <dadobt@users.noreply.github.com>
Date: Tue, 21 Nov 2017 09:21:40 +0100
Subject: [PATCH 045/149] part2

---
 README-mk.md | 46 +++++++++++++++++++++++-----------------------
 1 file changed, 23 insertions(+), 23 deletions(-)

diff --git a/README-mk.md b/README-mk.md
index 3e85c97..8b26ce5 100644
--- a/README-mk.md
+++ b/README-mk.md
@@ -18,8 +18,8 @@
 
 ### OAuth
 - [ ] Секогаш проверувајте ја `redirect_uri` од страна на серверот за да дозволите само бела листа на адреси.
-- [ ]Секогаш обидувајте се да разменувате за код, а не токени (не дозволувајте `response_type = token`).
-- [ ] Користете го параметрот `state` со случаен хаш за да го спречите CSRF за процесот на автентикација на OAuth.
+- [ ] Секогаш обидувајте се да разменувате за код, а не токени (не дозволувајте `response_type = token`).
+- [ ] Користете  `state` параметар со случаен хаш за да се спречи CSRF на процесот на автентикација на OAuth
 - [ ] Дефинирајте го основниот опсег и проверете ги параметрите на опсегот за секоја апликација.
 
 ## Пристап
@@ -36,30 +36,30 @@
 - [ ] Користете API Gateway-услуга за да овозможите кеширање, политики за ограничување на тарифите (пр. `Quota`, `Spike Arrest`, `Concurrent Rate Limit`) и динамички да ги распоредите ресурсите за API-то.
 
 ## Processing
-- [ ] Check if all the endpoints are protected behind authentication to avoid broken authentication process.
-- [ ] User own resource ID should be avoided. Use `/me/orders` instead of `/user/654321/orders`.
-- [ ] Don't auto-increment IDs. Use `UUID` instead.
-- [ ] If you are parsing XML files, make sure entity parsing is not enabled to avoid `XXE` (XML external entity attack).
-- [ ] If you are parsing XML files, make sure entity expansion is not enabled to avoid `Billion Laughs/XML bomb` via exponential entity expansion attack.
-- [ ] Use a CDN for file uploads.
-- [ ] If you are dealing with huge amount of data, use Workers and Queues to process as much as possible in background and return response fast to avoid HTTP Blocking.
-- [ ] Do not forget to turn the DEBUG mode OFF.
+- [ ] Проверете дали сите крајните точки се заштитени зад автентичност за да се избегне скршен процес на автентикација.
+- [ ] Треба да се избегнува идентификација на сопствени ресурси на сопственикот. Користете `/ me / orders` наместо` / user / 654321 / orders`.
+- [ ] Не автоматско зголемување на ID-ите. Наместо тоа, употребете `UUID`.
+- [ ] Ако ги анализирате XML-датотеките, проверете дали парсирањето на ентитетот не е овозможено за да се избегне `XXE` (напад на надворешен ентитет на XML).
+- [ ] Ако анализирате XML-датотеки, проверете дали проширувањето на ентитетот не е овозможено за да се избегне `Billion Laughs / XML бомба` преку експоненцијален напад на експанзија на ентитетот.
+- [ ] Користете  CDN за закачување на фајлови.
+- [ ] Ако се занимавате со огромни количини на податоци, користете Workers and Queues за да процесирате што е можно повеќе во позадина и да го вратите одговорот брзо за да избегнете блокирање на HTTP
+- [ ] Не заборавајте да го исклучите режимот DEBUG.
 
-## Output
-- [ ] Send `X-Content-Type-Options: nosniff` header.
-- [ ] Send `X-Frame-Options: deny` header.
-- [ ] Send `Content-Security-Policy: default-src 'none'` header.
-- [ ] Remove fingerprinting headers - `X-Powered-By`, `Server`, `X-AspNet-Version` etc.
-- [ ] Force `content-type` for your response, if you return `application/json` then your response `content-type` is `application/json`.
-- [ ] Don't return sensitive data like `credentials`, `Passwords`, `security tokens`.
-- [ ] Return the proper status code according to the operation completed. (e.g. `200 OK`, `400 Bad Request`, `401 Unauthorized`, `405 Method Not Allowed`, etc).
+## Излез
+- [ ] Праќај `X-Content-Type-Options: nosniff` хедер .
+- [ ] Праќај `X-Frame-Options: deny` хедер.
+- [ ] Праќај `Content-Security-Policy: default-src 'none'` хедер.
+- [ ] Отстранете ги хедерите кој издаваат отповеќе податоци - `X-Powered-By`, `Server`, `X-AspNet-Version` etc.
+- [ ] Присилувај `content-type` " за твојот одговор, ако се вратиш `application/json` тогаш твојот одговор  `content-type` е  `application/json`.
+- [ ] Не враќајте чувствителни податоци како `credentials`, `Passwords`, `security tokens`.
+- [ ] Врати го соодветниот код за статусот според завршената операција. (e.g. `200 OK`, `400 Bad Request`, `401 Unauthorized`, `405 Method Not Allowed`, etc).
 
 ## CI & CD
-- [ ] Audit your design and implementation with unit/integration tests coverage.
-- [ ] Use a code review process and disregard self-approval.
-- [ ] Ensure that all components of your services are statically scanned by AV software before push to production, including vendor libraries and other dependencies.
-- [ ] Design a rollback solution for deployments.
-
+- [ ] Ревизија на вашиот дизајн и имплементација со покриеност тестови за единица / интеграција.
+- [ ] Користете процес на прегледување на кодот и не дозволувајте самоодобрување
+- [ ] Осигурајте се дека сите компоненти на вашите услуги се статички скенирани од AV-софтверот пред да се изврши притисок за производство, вклучувајќи библиотеки на продавачи и други зависности.
+      
+- [ ] Дизајн на rollback за во продукција
 
 ---
 

From cead307405305fc88a6083827106c057710ed601 Mon Sep 17 00:00:00 2001
From: Mohamed Elbahja <melbahja@users.noreply.github.com>
Date: Fri, 5 Jan 2018 17:25:39 +0000
Subject: [PATCH 046/149] Add RTL Direction

rtl make file reading easy
---
 README-ar.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/README-ar.md b/README-ar.md
index 50d6185..677db80 100644
--- a/README-ar.md
+++ b/README-ar.md
@@ -1,4 +1,5 @@
 [English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [Polski](./README-pl.md)
+<div dir="rtl">
 
 # API Security Checklist
 قائمة تحتوي على أهم الاحتياطات الامنية حينما تقوم بتخطيط و اختبار و اطلاق ال API الخاصة بك
@@ -73,3 +74,4 @@
 
 # المشاركة
 لا تتردد في المساهمة عن طريق اخذ نسخة من هذه القائمة fork ، وإجراء بعض التغييرات، وتقديم طلبات المراجعة pull request.  أي أسئلة الرجاء مراسلتنا على البريد الإلكتروني `team@shieldfy.io`.
+</div>

From 4b83ebb599e43da27d2393e43aaaa79866e4e040 Mon Sep 17 00:00:00 2001
From: dennis <dennis@emmental.co.kr>
Date: Thu, 11 Jan 2018 12:23:25 +0900
Subject: [PATCH 047/149] missing transaltion is added

---
 README-ko.md | 42 +++++++++++++++++++++++++-----------------
 1 file changed, 25 insertions(+), 17 deletions(-)

diff --git a/README-ko.md b/README-ko.md
index e96f79a..75afd0e 100644
--- a/README-ko.md
+++ b/README-ko.md
@@ -1,7 +1,7 @@
 [English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md)
 
-# API 보안 체크리스트
-API를 설계하고 테스트하고 배포할 때 고려해야 할 중요한 보안 대책 체크리스트입니다.
+# API 보안 점검표
+API를 설계하고 테스트하고 배포할 때 고려해야 할 중요한 보안 대책 점검입니다.
 
 
 ---
@@ -9,42 +9,45 @@ API를 설계하고 테스트하고 배포할 때 고려해야 할 중요한 보
 ## 인증 (Authentication)
 - [ ] `Basic Auth`를 사용하지 말고 표준 인증방식을 사용하세요. (예로, JWT, OAuth 등)
 - [ ] `인증`, `토큰 생성`, `패스워드 저장`은 직접 개발하지 말고 표준을 사용하세요.
+- [ ] 로그인에서 `Max Retry`와 격리 기능을 사용하세요.
+- [ ] 민감한 데이터는 암호화하세요.
 
 ### JWT (JSON Web Token)
 - [ ] 무작위 대입 공격을 어렵게 하기 위해 랜덤하고 복잡한 키값 (`JWT Secret`)을 사용하세요.
 - [ ] 요청 페이로드에서 알고리즘을 가져오지 마세요. 알고리즘은 백엔드에서 강제로 적용하세요. (`HS256` 혹은 `RS256`)
-- [ ] 토큰 만료기간 (`TTL`, `RTTL`)은 되도록 짧게 설정하세요.
+- [ ] 토큰 만료 기간 (`TTL`, `RTTL`)은 되도록 짧게 설정하세요.
 - [ ] JWT 페이로드는 [디코딩이 쉽기](https://jwt.io/#debugger-io) 때문에 민감한 데이터는 저장하지 마세요.
 
 ### OAuth
-- [ ] 허용된 URL만 받기 위해서는 서버단에서 `redirect_uri`가 유효한지 항상 검증하세요.
-- [ ] 토큰 대신 항상 코드를 주고 받으세요. (`respons_type=token`을 허용하지 마세요)
+- [ ] 허용된 URL만 받기 위해서는 서버 단에서 `redirect_uri`가 유효한지 항상 검증하세요.
+- [ ] 토큰 대신 항상 코드를 주고받으세요. (`respons_type=token`을 허용하지 마세요)
 - [ ] OAuth 인증 프로세스에서 CSRF를 방지하기 위해 랜덤 해쉬값을 가진 `state` 파라미터를 사용하세요.
 - [ ] 디폴트 스코프를 정의하고 각 애플리케이션마다 스코프 파라미터의 유효성을 검증하세요.
 
 ## 접근 (Access)
-- [ ] DDoS나 무작위 대입 공격을 피하려면 요청수를 제한하세요. (Throttling)
-- [ ] MITM (중간자 공격)을 피하려면 서버단에서 HTTPS를 사용하세요.
+- [ ] DDoS나 무작위 대입 공격을 피하려면 요청 수를 제한하세요. (Throttling)
+- [ ] MITM (중간자 공격)을 피하려면 서버 단에서 HTTPS를 사용하세요.
 - [ ] SSL Strip 공격을 피하려면 `HSTS` 헤더를 SSL과 함께 사용하세요.
 
 ## 입력 및 요청 (Input)
 - [ ] 각 요청 연산에 맞는 적절한 HTTP 메서드를 사용하세요. `GET (읽기)`, `POST (생성)`, `PUT (대체/갱신)`, `DELETE (삭제)`
-- [ ] 여러분이 지원하는 포맷 (예를 들어 `application/xml`이나 `application/json` 등)만을 허용하기 위해서는 요청의 Accept 헤더의 `content-type`을 검증하여 매칭되는게 없을 경우엔 `406 Not Acceptable`로 응답하세요.
-- [ ] 요청 받은 POST 데이터의 `content-type`을 검증하세요. (예를 들어 `application/x-www-form-urlencoded`나 `multipart/form-data` 또는 `application/json` 등)
+- [ ] 여러분이 지원하는 포맷 (예를 들어 `application/xml`이나 `application/json` 등)만을 허용하기 위해서는 요청의 Accept 헤더의 `content-type`을 검증하여 매칭되는 게 없을 경우엔 `406 Not Acceptable`로 응답하세요.
+- [ ] 요청받은 POST 데이터의 `content-type`을 검증하세요. (예를 들어 `application/x-www-form-urlencoded`나 `multipart/form-data` 또는 `application/json` 등)
 - [ ] 일반적인 취약점들을 피하기 위해선 사용자 입력의 유효성을 검증하세요. (예를 들어 `XSS`, `SQL-Injection` 또는 `Remote Code Execution` 등)
-- [ ] URL에는 그 어떤 민감한 데이터 (`자격 인증 (crendentials)`, `패스워드`, `보안 토큰` 또는 `API 키`)도 포함하고 있어서는 안되며 이러한 것들은 표준 인증 방식의 헤더를 사용하세요.
+- [ ] URL에는 그 어떤 민감한 데이터 (`자격 인증 (crendentials)`, `패스워드`, `보안 토큰` 또는 `API 키`)도 포함하고 있어서는 안 되며 이러한 것들은 표준 인증 방식의 헤더를 사용하세요.
+- [ ] 캐싱과 속도 제한 정책을(예를 들어 `Quota`, `Spike Arrest`, `Concurrent Rate Limit`) 제공하는 API 게이트웨이 서비스를 사용하세요. 그리고 API 리소스를 동적으로 배포하세요.
 
 ## 서버 처리
 - [ ] 잘못된 인증을 피하기 위해 모든 엔드포인트가 인증 프로세스 뒤에서 보호되고 있는지 확인하세요.
-- [ ] 사용자의 리소스 식별자를 사용하는건 지양하세요. `/user/654321/orders` 대신 `/me/orders`를 사용하세요.
+- [ ] 사용자의 리소스 식별자를 사용하는 건 지양하세요. `/user/654321/orders` 대신 `/me/orders`를 사용하세요.
 - [ ] 자동 증가 (auto-increment) 식별자 대신 `UUID`를 사용하세요.
-- [ ] XML 파일을 파싱하고 있다면, `XXE` (XML 외부 엔티티 공격, XML external entity attack)를 피하기 위해 엔티티 파싱을 비활성화 하세요.
-- [ ] XML 파일을 파싱하고 있다면, 지수적 엔티티 확장 공격을 통한 빌리언 러프/XML 폭탄을 피하기 위해 엔티티 확장을 비활성화 하세요.
+- [ ] XML 파일을 파싱하고 있다면, `XXE` (XML 외부 엔티티 공격, XML external entity attack)를 피하기 위해 엔티티 파싱을 비활성화하세요.
+- [ ] XML 파일을 파싱하고 있다면, 지수적 엔티티 확장 공격을 통한 빌리언 러프/XML 폭탄을 피하기 위해 엔티티 확장을 비활성화하세요.
 - [ ] 파일 업로드에는 CDN을 사용하세요.
 - [ ] 거대한 양의 데이터를 다루고 있다면, HTTP 블로킹을 피하고 응답을 빠르게 반환하기 위해 워커나 큐를 사용하세요.
-- [ ] 디버그 모드를 꺼놓는일은 절대 잊지 마세요.
+- [ ] 디버그 모드를 꺼놓는 일을 절대 잊지 마세요.
 
-## 반환 및 응답
+## 반환 및 응답 (Output)
 - [ ] `X-Content-Type-Options: nosniff` 헤더를 반환하세요.
 - [ ] `X-Frame-Options: deny` 헤더를 반환하세요.
 - [ ] `Content-Security-Policy: default-src 'none'` 헤더를 반환하세요.
@@ -53,6 +56,11 @@ API를 설계하고 테스트하고 배포할 때 고려해야 할 중요한 보
 - [ ] `자격 인증 (crendentials)`, `패스워드`, `보안 토큰`과 같은 민감한 데이터는 반환하지 마세요.
 - [ ] 각 연산에 맞는 적절한 상태 코드를 반환하세요. (예를 들어 `200 OK`, `400 Bad Request`, `401 Unauthorized`, `405 Method Not Allowed` 등)
 
+## CI & CD
+- [ ] 단위/통합 테스트 범위로 설계 및 구현을 검토하세요.
+- [ ] 코드 리뷰 절차를 사용하고 자체 승인을 무시하세요.
+- [ ] 제품 출시전에 백신 소프트웨어로 공급 업체의 라이브러리 및 기타 종속적인 것을 포함한 서비스의 모든 구성 요소들을 정적으로 검사했는지 확인하세요.
+- [ ] 배포에 대한 롤백 솔루션을 설계하세요.
 
 ---
 
@@ -62,5 +70,5 @@ API를 설계하고 테스트하고 배포할 때 고려해야 할 중요한 보
 
 ---
 
-# 기여하는
-Feel free to contribute by forking this repository, making some changes, and submitting pull requests. For any questions drop us an email at `team@shieldfy.io`.
+# 기여하기
+이 저장소를 분기, 변경, pull request를 보내는 것으로 자유롭게 기여하세요. 질문은 `team@shieldfy.io`로 이메일을 보내주세요.

From 7d644a5bcc8ce388da3469b79ed6ddbf68d13857 Mon Sep 17 00:00:00 2001
From: Mohamed Elbahja <melbahja@users.noreply.github.com>
Date: Thu, 11 Jan 2018 15:41:48 +0000
Subject: [PATCH 048/149] Update README-ar.md

---
 README-ar.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README-ar.md b/README-ar.md
index 677db80..317a79d 100644
--- a/README-ar.md
+++ b/README-ar.md
@@ -13,7 +13,7 @@
 - [ ] استخدم `تحديد عدد المحاولات` و `الرمان من الدخول jail feature` في تسجيل الدخول.
 - [ ] استخدم التشفير في كل البيانات الحساسة.
 
-### JWT (JSON Web Token)
+### JSON Web Token) JWT)
 - [ ] إستخدم مفتاح عشوائي و معقد (`JWT Secret`) لتجعل هجوم التخمين بالقوة brute forcing صعب جدا.
 - [ ] لا تقم بإستخراج خوارزمية التشفير من محتوى رمز ال JWT. قم بإجبار الكود بإستخدام خوارزمية (`HS256` or `RS256`).
 - [ ] إجعل مدة انتهاء الرمز (`TTL`, `RTTL`) قليلة قدر الإمكان.

From f9a0e4740d1ec4cb114f8df2cc5b6a7007c52c63 Mon Sep 17 00:00:00 2001
From: Atef Ben Ali <atefBB@users.noreply.github.com>
Date: Sat, 27 Jan 2018 14:09:07 +0100
Subject: [PATCH 049/149] review & fix typo

---
 README-ar.md | 72 ++++++++++++++++++++++++++--------------------------
 1 file changed, 36 insertions(+), 36 deletions(-)

diff --git a/README-ar.md b/README-ar.md
index 317a79d..535a9f9 100644
--- a/README-ar.md
+++ b/README-ar.md
@@ -2,76 +2,76 @@
 <div dir="rtl">
 
 # API Security Checklist
-قائمة تحتوي على أهم الاحتياطات الامنية حينما تقوم بتخطيط و اختبار و اطلاق ال API الخاصة بك
+قائمة تحتوي على أهم الاحتياطات الأمنية حينما تقوم بتخطيط واختبار وإطلاق الـAPI الخاصة بك
 
 
 ---
 
 ## المصادقة (Authentication)
 - [ ] لا تستخدم `Basic Auth` لكن استخدم المعايير القياسية للمصادقة (مثال [JWT](https://jwt.io/), [OAuth](https://oauth.net/)).
-- [ ] لا تعيد اختراع العجله في `المصادقة`, `توليد الرموز`, `تخزين كلمات المرور`. قم بإستخدام المعايير القياسية.
-- [ ] استخدم `تحديد عدد المحاولات` و `الرمان من الدخول jail feature` في تسجيل الدخول.
+- [ ] لا تعيد اختراع العجلة في `المصادقة`، `توليد الرموز`، `تخزين كلمات المرور`. قم باستخدام المعايير القياسية.
+- [ ] استخدم `تحديد عدد المحاولات` و`الرمان من الدخول jail feature` في تسجيل الدخول.
 - [ ] استخدم التشفير في كل البيانات الحساسة.
 
 ### JSON Web Token) JWT)
-- [ ] إستخدم مفتاح عشوائي و معقد (`JWT Secret`) لتجعل هجوم التخمين بالقوة brute forcing صعب جدا.
-- [ ] لا تقم بإستخراج خوارزمية التشفير من محتوى رمز ال JWT. قم بإجبار الكود بإستخدام خوارزمية (`HS256` or `RS256`).
-- [ ] إجعل مدة انتهاء الرمز (`TTL`, `RTTL`) قليلة قدر الإمكان.
-- [ ] لا تقم بتخزين اي بيانات حساسة داخل محتوى رمز ال JWT, لانه يمكن كشف هذه المحتويات بسهولة [easily](https://jwt.io/#debugger-io).
+- [ ] استخدم مفتاح عشوائي ومعقد (`JWT Secret`) لتجعل هجوم التخمين بالقوة brute forcing صعبا جدا.
+- [ ] لا تقم باستخراج خوارزمية التشفير من محتوى رمز الـ JWT. قم بإجبار الكود على استخدام خوارزمية (`HS256` or `RS256`).
+- [ ] اجعل مدة انتهاء الرمز (`TTL`, `RTTL`) قليلة قدر الإمكان.
+- [ ] لا تقم بتخزين أي بيانات حساسة داخل محتوى رمز الـ JWT, لأنه يمكن كشف هذه المحتويات بسهولة [easily](https://jwt.io/#debugger-io).
 
 ### OAuth
-- [ ] تحقق دائما من  `redirect_uri` في كود السيرفر لتسمح فقط بقائمة محددة من الروابط.
-- [ ] دائما حاول ان تقولم بالتبادل و الرد بكود و ليس بالرمز (لا تسمح  `response_type=token`).
-- [ ] إستخدم متغير `state` في الرابط مع مزيج عشوائي من الحروف لتمنع هجمات ال CSRF على عملية المصادقة الخاصة بال OAuth.
-- [ ] حدد الصلاحية و النطاق الافتراضي scope, و قم بالتحقق منه مع كل تطبيق.
+- [ ] تحقق دائما من  `redirect_uri` في كود الخادوم لتسمح فقط بقائمة محددة من الروابط.
+- [ ] دائما حاول أن تقوم بالتبادل والرد بكود وليس بالرمز (لا تسمح  `response_type=token`).
+- [ ] استخدم متغير `state` في الرابط مع مزيج عشوائي من الحروف لتمنع هجمات الـ CSRF على عملية المصادقة الخاصة بالـ OAuth.
+- [ ] حدد الصلاحية والنطاق الافتراضي scope، وقم بالتحقق منه مع كل تطبيق.
 
 ## الوصول
-- [ ] حدد الطلبات (Throttling) لتتجنب هجوم حجب الخدمة  DDoS و هجوم التخمين بالقوة brute-force.
-- [ ] إستخدم HTTPS على السيرفر لتتجنب هجمات التنصت على الطلبات  MITM (Man In The Middle Attack).
-- [ ] إستخدم `HSTS` header مع ال  SSL لتتجنب هجمات ال  SSL Strip.
+- [ ] حدد الطلبات (Throttling) لتتجنب هجوم حجب الخدمة  DDoS وهجوم التخمين بالقوة brute-force.
+- [ ] استخدم HTTPS على الخادوم لتتجنب هجمات التنصت على الطلبات  MITM (Man In The Middle Attack).
+- [ ] استخدم `HSTS` header مع الـ  SSL لتتجنب هجمات الـ  SSL Strip.
 
 ## الإدخال
-- [ ] إستخدم الوسيلة المناسبة  HTTP method حسب العملية التي تريد القيام بها : `GET (للقرائة)`, `POST (إنتاج او اضافة)`, `PUT/PATCH (لإستبدال او تحديث)`, and `DELETE (لحذف سجل)`, و قم بالرد ب  `405 Method Not Allowed` في حالة إذا كانت الوسيلة method غير مناسبة .
-- [ ] قم بالتحقق من  `content-type` في رأس الطلب reuest header أو ما يسمى ب (Content Negotiation) لتسمح فقط بالتنسيقات المدعومة  (مثال `application/xml`, `application/json`, إلى آخره) و قم بالرد ب  `406 Not Acceptable` إذا كان التنسيق غير ذلك.
+- [ ] استخدم الوسيلة المناسبة  HTTP method حسب العملية التي تريد القيام بها : `GET (للقرائة)`, `POST (انتاج أو اضافة)`, `PUT/PATCH (لإستبدال او تحديث)`, and `DELETE (لحذف سجل)`, و قم بالرد بـ  `405 Method Not Allowed` في حالة إذا كانت الوسيلة method غير مناسبة .
+- [ ] قم بالتحقق من  `content-type` في رأس الطلب reuest header أو ما يسمى بـ (Content Negotiation) لتسمح فقط بالتنسيقات المدعومة  (مثال `application/xml`, `application/json`, إلى آخره) وقم بالرد بـ  `406 Not Acceptable` إذا كان التنسيق غير ذلك.
 - [ ] قم بالتحقق من  `content-type` في محتوى الطلب نفسه posted data  (مثال `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json`, إلى آخره).
-- [ ] قم بالتحثث من مدخلات المستخدم لتتجنب الثغرات الشائعة  (مثال `XSS`, `SQL-Injection`, `Remote Code Execution`, إلى آخره).
-- [ ] لا تستخدم اي بيانات حساسة  (`credentials`, `Passwords`, `security tokens`, or `API keys`) في الرابط و لكن استخدم الطريقة القياسية وهي رأس الطلب الخاص بالمصادقة Authorization header.
-- [ ] إستخدم واجهة لل API ل تستفيد من التخزين المؤقت caching و سياسات تحديد عدد الطلبات Rate Limit policies (مثال `الحصة Quota`, `التنبية في الارتفاع المفاجئ Spike Arrest`, `و تحديد عدد الطلبات المتزامنة Concurrent Rate Limit`)
+- [ ] قم بالتحقق من مدخلات المستخدم لتتجنب الثغرات الشائعة  (مثال `XSS`, `SQL-Injection`, `Remote Code Execution`, إلى آخره).
+- [ ] لا تستخدم أي بيانات حساسة  (`credentials`, `Passwords`, `security tokens`, or `API keys`) في الرابط ولكن استخدم الطريقة القياسية وهي رأس الطلب الخاص بالمصادقة Authorization header.
+- [ ] استخدم واجهة للـ API لتستفيد من التخزين المؤقت caching وسياسات تحديد عدد الطلبات Rate Limit policies (مثال `الحصة Quota`, `التنبية في الارتفاع المفاجئ Spike Arrest`, `وتحديد عدد الطلبات المتزامنة Concurrent Rate Limit`)
 
 ## المعالجة
-- [ ] قم بفحص كل النطاقات و الروابط انهم محميين وراء مصادقة authentication لتتجنب المصادقة المكسورة broken authentication.
-- [ ] يجب تجنب استخدام المعرف الخاص بالموارد . قم بإستخدام   `/me/orders` بدلا من `/user/654321/orders`.
-- [ ] لا تقم بإستخدام المعرف التلقائي auto-increment . قم بإستخدام `UUID` بدلا منه.
-- [ ] لو انك تقوم بمعالجة ملفات  XML, تأكد من ان معالجة  entity parsing غير مفعلة لتتجنب هجمات  `XXE` (XML external entity).
-- [ ] لو انك تقوم بمعالجة ملفات  XML, تأكد من ان entity expansion غير مفعلة لتتجنب هجمات `Billion Laughs/XML bomb` من خلال هجوم  exponential entity expansion.
-- [ ] إستخدم شبكات تسليم المحتوى CDN لرفع الملفات.
-- [ ] لو انك تتعامل مع حجم بيانات ضخم, إستخدم عمليات منفصلة Workers , Queues لمعالجة البيانات في الخلفية و الرد على المستخدم بسرعه لتجنب حجب الطلب HTTP Blocking.
-- [ ] لا تنسى و تترك وضع التصحيح DEBUG mode في حالة التشغيل.
+- [ ] قم بفحص كل النطاقات والروابط كونهم محميين وراء مصادقة authentication لتتجنب المصادقة المكسورة broken authentication.
+- [ ] يجب تجنب استخدام المعرف الخاص بالموارد. قم باستخدام   `/me/orders` بدلا من `/user/654321/orders`.
+- [ ] لا تقم باستخدام المعرف التلقائي auto-increment . قم باستخدام `UUID` بدلا منه.
+- [ ] لو قمت بمعالجة ملفات  XML, تأكد من أن معالجة  entity parsing غير مفعلة لتتجنب هجمات  `XXE` (XML external entity).
+- [ ] لو قمت بمعالجة ملفات  XML, تأكد من أن entity expansion غير مفعلة لتتجنب هجمات `Billion Laughs/XML bomb` من خلال هجوم  exponential entity expansion.
+- [ ] استخدم شبكات تسليم المحتوى CDN لرفع الملفات.
+- [ ] لو كنت تتعامل مع حجم بيانات ضخم، استخدم عمليات منفصلة Workers , Queues لمعالجة البيانات في الخلفية والرد على المستخدم بسرعة لتجنب حجب الطلب HTTP Blocking.
+- [ ] لا تنسى وتترك وضع التصحيح DEBUG mode في حالة التشغيل.
 
 ## المخرجات
-- [ ] إستخدم `X-Content-Type-Options: nosniff` في رأس الطلب  header.
-- [ ] إستخدم `X-Frame-Options: deny`  في رأس الطلب  header.
-- [ ] إستخدم `Content-Security-Policy: default-src 'none'`  في رأس الطلب  header.
-- [ ] إحذف الرؤوس headers التي تدل عليك  - `X-Powered-By`, `Server`, `X-AspNet-Version` إلى آخره.
-- [ ] إجبر إرسال `content-type` مع الرد, لو انك تقوم بالرد بمحتويات من توع  `application/json`  فم بالرد ب`content-type`  `application/json`.
-- [ ] لا تقم بالرد بمعلومات  و بيانات حساسة مثل  `credentials`, `Passwords`, `security tokens`.
+- [ ] استخدم `X-Content-Type-Options: nosniff` في رأس الطلب  header.
+- [ ] استخدم `X-Frame-Options: deny`  في رأس الطلب  header.
+- [ ] استخدم `Content-Security-Policy: default-src 'none'`  في رأس الطلب  header.
+- [ ] احذف الرؤوس headers التي تدل عليك  - `X-Powered-By`, `Server`, `X-AspNet-Version` إلى آخره.
+- [ ] قم بإجبار إرسال `content-type` مع الرد، لو قمت بالرد بمحتويات من توع  `application/json`  فمن المستحسن أن يكون الرد ب`content-type`  `application/json`.
+- [ ] لا تقم بالرد بمعلومات  وبيانات حساسة مثل  `credentials`, `Passwords`, `security tokens`.
 - [ ] قم بالرد بكود حالة صحيح status code طبقا للعملية التي تقوم بها. (مثال `200 OK`, `400 Bad Request`, `401 Unauthorized`, `405 Method Not Allowed`, إلى آخره).
 
 ## التكامل المستمر CI & النشر المستمر CD
 - [ ] مراجعة التصميم الخاص بك والتنفيذ مع وحدة / التكامل اختبارات الاختبار unit/integration tests coverage.
 - [ ] استخدام عملية مراجعة الكود وتجاهل الموافقة على الكود الذي قمت بكتابته.
-- [ ] تأكد من أن جميع مكونات الخدمات الخاصة بك يتم فحصها بشكل ثابت بواسطة برامج الفيروسات قبل ارسالها إلى الإنتاج، بما في ذلك المكتبات الخارجية وغيرها من التبعيات.
+- [ ] تأكد من أن جميع مكونات الخدمات الخاصة بك يتم فحصها بشكل ثابت بواسطة برامج الفيروسات قبل إرسالها إلى الإنتاج، بما في ذلك المكتبات الخارجية وغيرها من التبعيات.
 - [ ] تصميم حل التراجع عن عمليات النشر rollback.
 
 
 ---
 
-## أنظر أيضا:
+## انظر أيضا:
 - [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) - مجموعة من الادوات و المصادر لبناء RESTful HTTP+JSON APIs.
 
 
 ---
 
 # المشاركة
-لا تتردد في المساهمة عن طريق اخذ نسخة من هذه القائمة fork ، وإجراء بعض التغييرات، وتقديم طلبات المراجعة pull request.  أي أسئلة الرجاء مراسلتنا على البريد الإلكتروني `team@shieldfy.io`.
+لا تتردد في المساهمة عن طريق أخذ نسخة من هذه القائمة fork ، وإجراء بعض التغييرات، وتقديم طلبات المراجعة pull request.  أي أسئلة الرجاء مراسلتنا على البريد الإلكتروني `team@shieldfy.io`.
 </div>

From 611c7796e6f74439adbae3515849628d909af6b1 Mon Sep 17 00:00:00 2001
From: Atef Ben Ali <atefBB@users.noreply.github.com>
Date: Sat, 27 Jan 2018 15:07:41 +0100
Subject: [PATCH 050/149] fix `code` translation & fix typos & review

---
 README-ar.md | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/README-ar.md b/README-ar.md
index 535a9f9..660d6b5 100644
--- a/README-ar.md
+++ b/README-ar.md
@@ -9,19 +9,19 @@
 
 ## المصادقة (Authentication)
 - [ ] لا تستخدم `Basic Auth` لكن استخدم المعايير القياسية للمصادقة (مثال [JWT](https://jwt.io/), [OAuth](https://oauth.net/)).
-- [ ] لا تعيد اختراع العجلة في `المصادقة`، `توليد الرموز`، `تخزين كلمات المرور`. قم باستخدام المعايير القياسية.
+- [ ] لا تعد اختراع العجلة في `المصادقة`، `توليد الرموز`، `تخزين كلمات المرور`. قم باستخدام المعايير القياسية.
 - [ ] استخدم `تحديد عدد المحاولات` و`الرمان من الدخول jail feature` في تسجيل الدخول.
 - [ ] استخدم التشفير في كل البيانات الحساسة.
 
 ### JSON Web Token) JWT)
 - [ ] استخدم مفتاح عشوائي ومعقد (`JWT Secret`) لتجعل هجوم التخمين بالقوة brute forcing صعبا جدا.
-- [ ] لا تقم باستخراج خوارزمية التشفير من محتوى رمز الـ JWT. قم بإجبار الكود على استخدام خوارزمية (`HS256` or `RS256`).
-- [ ] اجعل مدة انتهاء الرمز (`TTL`, `RTTL`) قليلة قدر الإمكان.
+- [ ] لا تقم باستخراج خوارزمية التشفير من محتوى رمز الـ JWT. قم بإجبار الرمز البرمجي على استخدام خوارزمية (`HS256` or `RS256`).
+- [ ] اجعل مدة انتهاء الرمز (`TTL`, `RTTL`) قصيرة قدر الإمكان.
 - [ ] لا تقم بتخزين أي بيانات حساسة داخل محتوى رمز الـ JWT, لأنه يمكن كشف هذه المحتويات بسهولة [easily](https://jwt.io/#debugger-io).
 
 ### OAuth
-- [ ] تحقق دائما من  `redirect_uri` في كود الخادوم لتسمح فقط بقائمة محددة من الروابط.
-- [ ] دائما حاول أن تقوم بالتبادل والرد بكود وليس بالرمز (لا تسمح  `response_type=token`).
+- [ ] تحقق دائما من  `redirect_uri` في الرمز البرمجي للخادوم لتسمح فقط بقائمة محددة من الروابط.
+- [ ] دائما حاول أن تقوم بالتبادل والرد برمز برمجي وليس بالرمز (لا تسمح  `response_type=token`).
 - [ ] استخدم متغير `state` في الرابط مع مزيج عشوائي من الحروف لتمنع هجمات الـ CSRF على عملية المصادقة الخاصة بالـ OAuth.
 - [ ] حدد الصلاحية والنطاق الافتراضي scope، وقم بالتحقق منه مع كل تطبيق.
 
@@ -39,14 +39,14 @@
 - [ ] استخدم واجهة للـ API لتستفيد من التخزين المؤقت caching وسياسات تحديد عدد الطلبات Rate Limit policies (مثال `الحصة Quota`, `التنبية في الارتفاع المفاجئ Spike Arrest`, `وتحديد عدد الطلبات المتزامنة Concurrent Rate Limit`)
 
 ## المعالجة
-- [ ] قم بفحص كل النطاقات والروابط كونهم محميين وراء مصادقة authentication لتتجنب المصادقة المكسورة broken authentication.
+- [ ] قم بفحص كل النطاقات والروابط للتحقق من كونهم محميين وراء مصادقة authentication لتتجنب المصادقة المكسورة broken authentication.
 - [ ] يجب تجنب استخدام المعرف الخاص بالموارد. قم باستخدام   `/me/orders` بدلا من `/user/654321/orders`.
 - [ ] لا تقم باستخدام المعرف التلقائي auto-increment . قم باستخدام `UUID` بدلا منه.
 - [ ] لو قمت بمعالجة ملفات  XML, تأكد من أن معالجة  entity parsing غير مفعلة لتتجنب هجمات  `XXE` (XML external entity).
 - [ ] لو قمت بمعالجة ملفات  XML, تأكد من أن entity expansion غير مفعلة لتتجنب هجمات `Billion Laughs/XML bomb` من خلال هجوم  exponential entity expansion.
 - [ ] استخدم شبكات تسليم المحتوى CDN لرفع الملفات.
 - [ ] لو كنت تتعامل مع حجم بيانات ضخم، استخدم عمليات منفصلة Workers , Queues لمعالجة البيانات في الخلفية والرد على المستخدم بسرعة لتجنب حجب الطلب HTTP Blocking.
-- [ ] لا تنسى وتترك وضع التصحيح DEBUG mode في حالة التشغيل.
+- [ ] لا تترك وضع التصحيح DEBUG mode في حالة التشغيل.
 
 ## المخرجات
 - [ ] استخدم `X-Content-Type-Options: nosniff` في رأس الطلب  header.
@@ -59,7 +59,7 @@
 
 ## التكامل المستمر CI & النشر المستمر CD
 - [ ] مراجعة التصميم الخاص بك والتنفيذ مع وحدة / التكامل اختبارات الاختبار unit/integration tests coverage.
-- [ ] استخدام عملية مراجعة الكود وتجاهل الموافقة على الكود الذي قمت بكتابته.
+- [ ] استخدام عملية مراجعة الرمز البرمجي وتجاهل الموافقة على الرمز البرمجي الذي قمت بكتابته.
 - [ ] تأكد من أن جميع مكونات الخدمات الخاصة بك يتم فحصها بشكل ثابت بواسطة برامج الفيروسات قبل إرسالها إلى الإنتاج، بما في ذلك المكتبات الخارجية وغيرها من التبعيات.
 - [ ] تصميم حل التراجع عن عمليات النشر rollback.
 

From 1685ecc13caf85f432af24fd46f0e0e041780112 Mon Sep 17 00:00:00 2001
From: Saleumsack <saleumsack16@gmail.com>
Date: Tue, 30 Jan 2018 11:38:15 +0700
Subject: [PATCH 051/149] Create README-lo.md

---
 README-lo.md | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 README-lo.md

diff --git a/README-lo.md b/README-lo.md
new file mode 100644
index 0000000..8b13789
--- /dev/null
+++ b/README-lo.md
@@ -0,0 +1 @@
+

From bd5f973a0e1f66bf1ad5c3bdc76b48466460af7a Mon Sep 17 00:00:00 2001
From: Teerapong Chantakard <azygous13@gmail.com>
Date: Tue, 30 Jan 2018 13:32:27 +0700
Subject: [PATCH 052/149] fix typo

---
 README-th.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README-th.md b/README-th.md
index eb2c27b..660730b 100644
--- a/README-th.md
+++ b/README-th.md
@@ -14,7 +14,7 @@ Checklist ที่ต้องให้ความสำคัญเมื่
 
 ### JWT (JSON Web Token)
 - [ ] key ในการ generate token ควรมีความซับซ้อนสูง เพื่อป้องกันการ brute force หาตัวเข้ารหัส
-- [ ] ไม่ควรมีการแกะข้อมูลหรือขั้นตอนการถอดข้อมูลในฝั่ง client. ให้มีเฉพาะในฝั่ง server เท่านั้น โดยอาจใช้วิธีเข้าหรัสด้วย HS256 หรือ RS256 เอา
+- [ ] ไม่ควรมีการแกะข้อมูลหรือขั้นตอนการถอดข้อมูลในฝั่ง client. ให้มีเฉพาะในฝั่ง server เท่านั้น โดยอาจใช้วิธีเข้ารหัสด้วย HS256 หรือ RS256 เอา
 - [ ] พยายามให้ token หมดอายุให้ไวที่สุดเท่าที่จะเป็นไปได้ (`TTL`, `RTTL`)
 - [ ] ไม่ควรเก็บข้อมูลสำคัญใน payload ของ JWT เพราะอาจถูกแกะได้ [ง่าย](https://jwt.io/#debugger-io).
 

From 70d99792a3952644608a93e4fb8fb06e5efd1f6e Mon Sep 17 00:00:00 2001
From: Saleumsack <saleumsack16@gmail.com>
Date: Tue, 30 Jan 2018 15:02:05 +0700
Subject: [PATCH 053/149] Update README-lo.md

---
 README-lo.md | 76 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 76 insertions(+)

diff --git a/README-lo.md b/README-lo.md
index 8b13789..454b68b 100644
--- a/README-lo.md
+++ b/README-lo.md
@@ -1 +1,77 @@
 
+[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Lao](./README-lo.md)
+
+# API Security Checklist
+Checklist ທີ່ຕ້ອງໃຫ້ຄວາມສຳຄັນເມື່ອມີການສ້າງ API ໃນຊ່ວງການອອກແບບ ທົດສອບລະບົບ ແລະ ການປ່ອຍໃຫ້ຄົນນອກໃຊ້
+
+
+---
+
+## Authentication (ການພິສູດຕົວຕົນ)
+- [ ] ບໍ່ຄວນໃຊ້ `Basic Auth` (ການ authen ປົກກະຕິດ້ວຍ username password) ສຳລັບການພິສູດຕົວຕົນ ແຕ່ໃຫ້ໃຊ້ຮູບແບບມາດຕະຖານສາກົນແທນ(e.g. JWT, OAuth).
+- [ ] ບໍ່ຕ້ອງເສຍເວລາສ້າງວິທີ Authentication ໃໝ່ຂຶ້ນມາ ໃຫ້ໃຊ້ທີ່ມີຢູ່ໃນມາດຕະຖານໄປເລີຍ
+- [ ] ໃຫ້ມີການຈຳກັດຈຳນວນຄັ້ງໃນການພະຍາຍາມ authen ແລະ ສ້າງລະບົບລ໋ອກກໍລະນີພະຍາຍາມເກີນກຳນົດ
+- [ ] ຂໍ້ມູນທີ່ສຳຄັນຄວນມີການເຂົ້າລະຫັດສະເໝີ
+
+### JWT (JSON Web Token)
+- [ ] key ໃນການ generate token ຄວນມີຄວາມສັບຊ້ອນສູງ ເພື່ອປ້ອງກັນການ brute force ຫາຕົວເຂົ້າລະຫັດ
+- [ ] ບໍ່ຄວນມີການແກະຂໍ້ມູນ ຫຼື ຂັ້ນຕອນການຖອດຂໍ້ມູນໃນຝັ່ງ client. ໃຫ້ມີສະເພາະໃນ server ເທົ່ານັ້ນ ໂດຍອາດໃຊ້ວິທີເຂົ້າລະຫັດດ້ວຍ HS256 ຫຼື RS256 ແທນ
+- [ ] ພະຍາຍາມໃຫ້ token ໝົດອາຍຸໄວທີ່ສຸດເທົ່າທີ່ຈະເປັນໄປໄດ້  (`TTL`, `RTTL`)
+- [ ] ບໍ່ຄວນເກັບຂໍ້ມູນທີ່ສຳຄັນໃນ payload ຂອງ JWT ເພາະອາດຈະຖືກແກະໄດ້ [ງ່າຍ](https://jwt.io/#debugger-io).
+
+### OAuth
+- [ ] ມີການ validate `redirect_uri` ໃນຝັ່ງ server ໂດຍຍອມຮັບ uri ສະເພາະທີ່ມີຢູ່ໃນລີສທີ່ເຮົາເຊື່ອຖືເທົ່ານັ້ນ (whitelist)
+- [ ] ບັງຄັບໃຫ້ມີການໃຊ້ response_type ເປັນ code ສະເໝີ (ພະຍາຍາມລ່ຽງບໍ່ໃຊ້ `response_type=token`)
+- [ ] ໂຕແປ `state` ໃຫ້ໃຊ້ random hash ເພື່ອປ້ອງກັນ CSRF (Cross Site Request Forgery) ໃນຕອນ OAuth authentication.
+- [ ] ກຳນົດ scope ແລະ ມີການ validate scope ໂຕແປສຳລັບແຕ່ລະແອັບ
+
+## Access
+- [ ] ຈຳກັດຈຳນວນສູງສຸດຂອງ request ເພື່ອປ້ອງກັນ DDoS / Bruteforce
+- [ ] ໃຊ້ https ເພື່ອປ້ອງກັນ MITM (Man In The Middle Attack).
+- [ ] ໃຊ້ `HSTS` header ກັບ SSL ເພື່ອປ້ອງກັນ SSL Strip attack.
+
+## Input
+- [ ] ໃຊ້ຄຳສັ່ງ HTTP ຕາມ operation ທີ່ເຮັດ ເຊັ່ນ `GET (read)`, `POST (create)`, `PUT/PATCH (replace/update)` and `DELETE (to delete a record)` ແລະ ສົ່ງກັບດ້ວຍ `405 Method Not Allowed` ຖ້າບໍ່ມີການຮອງຮັບ request ດ້ວຍ method ນັ້ນໃນລະບົບ.
+- [ ] Validate `content-type` ໃນ header ຂາ request (Content Negotiation) ໂດຍຍອມໃຫ້ສົ່ງມາສະເພາະ format ທີ່ກຳນົດ (e.g. `application/xml`, `application/json`... ໆລໆ) ແລະ ຕອບກັບດ້ວຍ `406 Not Acceptable` ຖ້າ format ທີ່ສົ່ງມາບໍ່ຖືກ.
+- [ ] Validate `content-type` ຂອງ data ທີ່ຮັບມາທຸກຄັ້ງ(e.g. `application/x-www-form-urlencoded`, `multipart/form-data ,application/json`... ).
+- [ ] Validate ຂໍ້ມູນ user ໃສ່ເຂົ້າມາທຸກຄັ້ງເພື່ອປ້ອງກັນຊ່ອງໂຫວ່ທີ່ຖືກກັນຫຼາຍໆ (e.g. `XSS`, `SQL-Injection`, `Remote Code Execution` ... etc).
+- [ ] ຫ້າມເອົາຂໍ້ມູນທີ່ສຳຄັນໄປໄວ້ໃນ URL (ເຊັ່ນ /servicexxx?creditcardnum=1234) ແຕ່ໃຫ້ໄປໃສ່ໄວ້ໃນ authorization header ແທນ (`credentials`, `Passwords`, `security tokens`, or `API keys`)
+- [ ] ເຮັດ API Gateway ເພື່ອໃຫ້ສາມາດເຮັດ caching, Rate Limit, Spike Arrest, ແລະ ຈັດການຊັບພະຍາກອນສຳລັບ API ໄດ້ຢ່າງຍືດຍຸ່ນ
+
+## Processing
+- [ ] ກວດເບິ່ງວ່າ endpoints ທຸກຈຸດຢູ່ພາຍໃຕ້ authentication ເພື່ອປ້ອງກັນຊ່ອງໂຫວ່ທີ່ເຮັດໃຫ້ຄົນອື່ນມາເອີ້ນໃຊ້ໂດຍບໍ່ຈຳເປັນຕ້ອງພິສູດຕົວຕົນ
+- [ ] ບໍ່ຄວນນຳ resource id ຂອງ user ໄປໃຊ້ (`/user/654321/orders`) ແຕ່ໃຫ້ໄປໃຊ້ແບບ `/me/orders` ແທນ ເພື່ອປ້ອງກັນ user ປ່ຽນໄປໃຊ້ຂອງຄົນອື່ນ
+- [ ] ເລກ id ຂອງ user ບໍ່ຄວນມີການສ້າງແບບໄລ່ລຳດັບໄປເລື້ອຍໆ ແຕ່ໃຫ້ສ້າງ UUID ແທນ
+- [ ] ຖ້າມີການ parsing ຟາຍ XML, ໃຫ້ປິດສ່ວນຂອງ Entity parsing ໄວ້ເພື່ອຫຼີກລ່ຽງທີ່ຈະຖືກຊ່ອງໂຫວ່ຕ່າງໆເຊັ່ນ  (XML external entity attack, Billion Laughs/XML bomb)
+- [ ] ໃຊ້ CDN ເມື່ອຈຳເປັນຕ້ອງມີການ upload ຟາຍຈາກ client
+- [ ] ຫາກຕ້ອງເຈິກັບຂໍ້ມູນຂະໜາດໃຫຍ່ ໃຫ້ໃຊ້ Workers ກັບ ຄິວໃນການຈັດການເພື່ອໃຫ້ມີການຕອບຂໍ້ມູນກັບໄດ້ຢ່າງວ່ອງໄວຈະໄດ້ບໍ່ເກີດຄວາມສ່ຽງຂຶ້ນ
+- [ ] ຢ່າລືມປິດໂໝດ DEBUG ໃນ code ຫາກເຮັດໄວ້
+
+## Output
+- [ ] ຕັ້ງ `X-Content-Type-Options: nosniff` ໃນ header.
+- [ ] ຕັ້ງ`X-Frame-Options: deny` ໃນ header.
+- [ ] ຕັ້ງ `Content-Security-Policy: default-src 'none'` ໃນ header.
+- [ ] ເອົາ fingerprinting headers ອອກ - `X-Powered-By`, `Server`, `X-AspNet-Version` etc.
+- [ ] ກຳນົດ content-type ໃນ response ເຊັ່ນຖ້າຕ້ອງການຂໍ້ມູນທີ່ເປັນ json ກັບໄປ ກໍເຊັດ `content-type` ເປັນ `application/json` ໄປເລີຍ
+- [ ] ບໍ່ຕ້ອງສົ່ງຂໍ້ມູນສຳຄັນກັບໄປຫາ client (`credentials`, `Passwords`, `security tokens`).
+- [ ] ຕອບ status code ທີ່ກົງກັບ operation ກັບໄປ (e.g. `200 OK`, `400 Bad Request`, `401 Unauthorized`, `405 Method Not Allowed` ... etc).
+
+## CI & CD
+- [ ] ກວດສອບ design ກັບ implementation ໃນຂັ້ນ unit/integration test ຢ່າງຄອບຄຸມ
+- [ ] ໃຫ້ໃຊ້ code review process ບໍ່ແມ່ນວ່າໂຕເອງພໍໃຈກໍໂອເຄແລ້ວ
+- [ ] ໝັ້ນໃຈວ່າທຸກຢ່າງ service ປອດໄວລັດແລ້ວກ່ອນຈະນຳຂຶ້ນ production ລວມໄປເຖິງ lib ຂອງພວກ vendor ກັບ dependencies ອື່ນໆ ອີກດ້ວຍ
+- [ ] ອອກແບບວິທີ rollback ໄວ້ກ່ອນຈະນຳຂຶ້ນໄປ ເພາະເວລາເກີດບັນຈະໄດ້ຍ້ອນກັບມາໃຊ້ version ເກົ່າໄປກ່ອນໄດ້ (ອາດເຈິໄດ້ຫຼາຍໃນຕອນພັດທະນາ feature ໃໝ່ໆ)
+
+
+---
+
+## ເບິ່ງສິ່ງນີ້ດ້ວຍ:
+- [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) - ຊຸດແຫຼ່ງຂໍ້ມູນທີ່ເປັນປະໂຫຍດໃນການສ້າງ API RESTful HTTP+JSON.
+
+
+---
+
+# Contribution
+Feel free to contribute by forking this repository, making some changes, and submitting pull requests. For any questions drop us an email at `team@shieldfy.io`.
+
+

From 33504e73b282d35b820c91970b1c65e3cfb13db7 Mon Sep 17 00:00:00 2001
From: Saleumsack <saleumsack16@gmail.com>
Date: Tue, 30 Jan 2018 16:57:07 +0700
Subject: [PATCH 054/149] Update README-lo.md

add Thai language link
---
 README-lo.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README-lo.md b/README-lo.md
index 454b68b..7a5c80b 100644
--- a/README-lo.md
+++ b/README-lo.md
@@ -1,5 +1,5 @@
 
-[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Lao](./README-lo.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Lao](./README-lo.md) | [Thai](./README-th.md)
 
 # API Security Checklist
 Checklist ທີ່ຕ້ອງໃຫ້ຄວາມສຳຄັນເມື່ອມີການສ້າງ API ໃນຊ່ວງການອອກແບບ ທົດສອບລະບົບ ແລະ ການປ່ອຍໃຫ້ຄົນນອກໃຊ້

From e11c2be647c89e0a75c9259e480a66bb182ae3ef Mon Sep 17 00:00:00 2001
From: Caleb Mazalevskis <maikuolan@gmail.com>
Date: Wed, 31 Jan 2018 00:51:36 +0800
Subject: [PATCH 055/149] Sync + some small corrections.

---
 README-ar.md    | 46 +++++++++++++++++++++++-----------------------
 README-de.md    | 12 ++++++------
 README-es.md    |  2 +-
 README-fr.md    |  2 +-
 README-hi.md    | 14 +++++++-------
 README-id.md    |  2 +-
 README-it.md    |  4 ++--
 README-ja.md    |  2 +-
 README-jp.md    |  2 +-
 README-ko.md    |  3 ++-
 README-lo.md    |  9 +++------
 README-mk.md    | 30 ++++++++++++++++--------------
 README-mn.md    |  6 +++---
 README-nl.md    | 12 ++++++------
 README-pl.md    | 10 +++++-----
 README-pt_BR.md |  2 +-
 README-ru.md    |  2 +-
 README-th.md    |  2 +-
 README-tr.md    |  4 ++--
 README-tw.md    |  2 +-
 README-uk.md    | 20 ++++++++++----------
 README-vi.md    |  4 ++--
 README-zh.md    |  2 +-
 README.md       |  2 +-
 24 files changed, 98 insertions(+), 98 deletions(-)

diff --git a/README-ar.md b/README-ar.md
index 660d6b5..f22ba0e 100644
--- a/README-ar.md
+++ b/README-ar.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [Polski](./README-pl.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [Polski](./README-pl.md) | [Македонски](.README-mk.md) | [ລາວ](./README-lo.md)
 <div dir="rtl">
 
 # API Security Checklist
@@ -20,41 +20,41 @@
 - [ ] لا تقم بتخزين أي بيانات حساسة داخل محتوى رمز الـ JWT, لأنه يمكن كشف هذه المحتويات بسهولة [easily](https://jwt.io/#debugger-io).
 
 ### OAuth
-- [ ] تحقق دائما من  `redirect_uri` في الرمز البرمجي للخادوم لتسمح فقط بقائمة محددة من الروابط.
-- [ ] دائما حاول أن تقوم بالتبادل والرد برمز برمجي وليس بالرمز (لا تسمح  `response_type=token`).
+- [ ] تحقق دائما من `redirect_uri` في الرمز البرمجي للخادوم لتسمح فقط بقائمة محددة من الروابط.
+- [ ] دائما حاول أن تقوم بالتبادل والرد برمز برمجي وليس بالرمز (لا تسمح `response_type=token`).
 - [ ] استخدم متغير `state` في الرابط مع مزيج عشوائي من الحروف لتمنع هجمات الـ CSRF على عملية المصادقة الخاصة بالـ OAuth.
 - [ ] حدد الصلاحية والنطاق الافتراضي scope، وقم بالتحقق منه مع كل تطبيق.
 
 ## الوصول
-- [ ] حدد الطلبات (Throttling) لتتجنب هجوم حجب الخدمة  DDoS وهجوم التخمين بالقوة brute-force.
-- [ ] استخدم HTTPS على الخادوم لتتجنب هجمات التنصت على الطلبات  MITM (Man In The Middle Attack).
-- [ ] استخدم `HSTS` header مع الـ  SSL لتتجنب هجمات الـ  SSL Strip.
+- [ ] حدد الطلبات (Throttling) لتتجنب هجوم حجب الخدمة DDoS وهجوم التخمين بالقوة brute-force.
+- [ ] استخدم HTTPS على الخادوم لتتجنب هجمات التنصت على الطلبات MITM (Man In The Middle Attack).
+- [ ] استخدم `HSTS` header مع الـ SSL لتتجنب هجمات الـ SSL Strip.
 
 ## الإدخال
-- [ ] استخدم الوسيلة المناسبة  HTTP method حسب العملية التي تريد القيام بها : `GET (للقرائة)`, `POST (انتاج أو اضافة)`, `PUT/PATCH (لإستبدال او تحديث)`, and `DELETE (لحذف سجل)`, و قم بالرد بـ  `405 Method Not Allowed` في حالة إذا كانت الوسيلة method غير مناسبة .
-- [ ] قم بالتحقق من  `content-type` في رأس الطلب reuest header أو ما يسمى بـ (Content Negotiation) لتسمح فقط بالتنسيقات المدعومة  (مثال `application/xml`, `application/json`, إلى آخره) وقم بالرد بـ  `406 Not Acceptable` إذا كان التنسيق غير ذلك.
-- [ ] قم بالتحقق من  `content-type` في محتوى الطلب نفسه posted data  (مثال `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json`, إلى آخره).
-- [ ] قم بالتحقق من مدخلات المستخدم لتتجنب الثغرات الشائعة  (مثال `XSS`, `SQL-Injection`, `Remote Code Execution`, إلى آخره).
-- [ ] لا تستخدم أي بيانات حساسة  (`credentials`, `Passwords`, `security tokens`, or `API keys`) في الرابط ولكن استخدم الطريقة القياسية وهي رأس الطلب الخاص بالمصادقة Authorization header.
+- [ ] استخدم الوسيلة المناسبة HTTP method حسب العملية التي تريد القيام بها : `GET (للقرائة)`, `POST (انتاج أو اضافة)`, `PUT/PATCH (لإستبدال او تحديث)`, and `DELETE (لحذف سجل)`, و قم بالرد بـ `405 Method Not Allowed` في حالة إذا كانت الوسيلة method غير مناسبة .
+- [ ] قم بالتحقق من `content-type` في رأس الطلب reuest header أو ما يسمى بـ (Content Negotiation) لتسمح فقط بالتنسيقات المدعومة (مثال `application/xml`, `application/json`, إلى آخره) وقم بالرد بـ `406 Not Acceptable` إذا كان التنسيق غير ذلك.
+- [ ] قم بالتحقق من `content-type` في محتوى الطلب نفسه posted data (مثال `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json`, إلى آخره).
+- [ ] قم بالتحقق من مدخلات المستخدم لتتجنب الثغرات الشائعة (مثال `XSS`, `SQL-Injection`, `Remote Code Execution`, إلى آخره).
+- [ ] لا تستخدم أي بيانات حساسة (`credentials`, `Passwords`, `security tokens`, or `API keys`) في الرابط ولكن استخدم الطريقة القياسية وهي رأس الطلب الخاص بالمصادقة Authorization header.
 - [ ] استخدم واجهة للـ API لتستفيد من التخزين المؤقت caching وسياسات تحديد عدد الطلبات Rate Limit policies (مثال `الحصة Quota`, `التنبية في الارتفاع المفاجئ Spike Arrest`, `وتحديد عدد الطلبات المتزامنة Concurrent Rate Limit`)
 
 ## المعالجة
 - [ ] قم بفحص كل النطاقات والروابط للتحقق من كونهم محميين وراء مصادقة authentication لتتجنب المصادقة المكسورة broken authentication.
-- [ ] يجب تجنب استخدام المعرف الخاص بالموارد. قم باستخدام   `/me/orders` بدلا من `/user/654321/orders`.
-- [ ] لا تقم باستخدام المعرف التلقائي auto-increment . قم باستخدام `UUID` بدلا منه.
-- [ ] لو قمت بمعالجة ملفات  XML, تأكد من أن معالجة  entity parsing غير مفعلة لتتجنب هجمات  `XXE` (XML external entity).
-- [ ] لو قمت بمعالجة ملفات  XML, تأكد من أن entity expansion غير مفعلة لتتجنب هجمات `Billion Laughs/XML bomb` من خلال هجوم  exponential entity expansion.
+- [ ] يجب تجنب استخدام المعرف الخاص بالموارد. قم باستخدام `/me/orders` بدلا من `/user/654321/orders`.
+- [ ] لا تقم باستخدام المعرف التلقائي auto-increment. قم باستخدام `UUID` بدلا منه.
+- [ ] لو قمت بمعالجة ملفات XML, تأكد من أن معالجة entity parsing غير مفعلة لتتجنب هجمات `XXE` (XML external entity).
+- [ ] لو قمت بمعالجة ملفات XML, تأكد من أن entity expansion غير مفعلة لتتجنب هجمات `Billion Laughs/XML bomb` من خلال هجوم exponential entity expansion.
 - [ ] استخدم شبكات تسليم المحتوى CDN لرفع الملفات.
-- [ ] لو كنت تتعامل مع حجم بيانات ضخم، استخدم عمليات منفصلة Workers , Queues لمعالجة البيانات في الخلفية والرد على المستخدم بسرعة لتجنب حجب الطلب HTTP Blocking.
+- [ ] لو كنت تتعامل مع حجم بيانات ضخم، استخدم عمليات منفصلة Workers, Queues لمعالجة البيانات في الخلفية والرد على المستخدم بسرعة لتجنب حجب الطلب HTTP Blocking.
 - [ ] لا تترك وضع التصحيح DEBUG mode في حالة التشغيل.
 
 ## المخرجات
-- [ ] استخدم `X-Content-Type-Options: nosniff` في رأس الطلب  header.
-- [ ] استخدم `X-Frame-Options: deny`  في رأس الطلب  header.
-- [ ] استخدم `Content-Security-Policy: default-src 'none'`  في رأس الطلب  header.
-- [ ] احذف الرؤوس headers التي تدل عليك  - `X-Powered-By`, `Server`, `X-AspNet-Version` إلى آخره.
-- [ ] قم بإجبار إرسال `content-type` مع الرد، لو قمت بالرد بمحتويات من توع  `application/json`  فمن المستحسن أن يكون الرد ب`content-type`  `application/json`.
-- [ ] لا تقم بالرد بمعلومات  وبيانات حساسة مثل  `credentials`, `Passwords`, `security tokens`.
+- [ ] استخدم `X-Content-Type-Options: nosniff` في رأس الطلب header.
+- [ ] استخدم `X-Frame-Options: deny` في رأس الطلب header.
+- [ ] استخدم `Content-Security-Policy: default-src 'none'` في رأس الطلب header.
+- [ ] احذف الرؤوس headers التي تدل عليك - `X-Powered-By`, `Server`, `X-AspNet-Version` إلى آخره.
+- [ ] قم بإجبار إرسال `content-type` مع الرد، لو قمت بالرد بمحتويات من توع `application/json` فمن المستحسن أن يكون الرد ب`content-type` `application/json`.
+- [ ] لا تقم بالرد بمعلومات وبيانات حساسة مثل `credentials`, `Passwords`, `security tokens`.
 - [ ] قم بالرد بكود حالة صحيح status code طبقا للعملية التي تقوم بها. (مثال `200 OK`, `400 Bad Request`, `401 Unauthorized`, `405 Method Not Allowed`, إلى آخره).
 
 ## التكامل المستمر CI & النشر المستمر CD
@@ -73,5 +73,5 @@
 ---
 
 # المشاركة
-لا تتردد في المساهمة عن طريق أخذ نسخة من هذه القائمة fork ، وإجراء بعض التغييرات، وتقديم طلبات المراجعة pull request.  أي أسئلة الرجاء مراسلتنا على البريد الإلكتروني `team@shieldfy.io`.
+لا تتردد في المساهمة عن طريق أخذ نسخة من هذه القائمة fork ، وإجراء بعض التغييرات، وتقديم طلبات المراجعة pull request. أي أسئلة الرجاء مراسلتنا على البريد الإلكتروني `team@shieldfy.io`.
 </div>
diff --git a/README-de.md b/README-de.md
index 0ad9451..b29327d 100644
--- a/README-de.md
+++ b/README-de.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](.README-mk.md) | [ລາວ](./README-lo.md)
 
 # API Security Checkliste
 Checkliste für die wichtigsten Sicherheitsmaßnahmen beim Designen, Testen und Veröffentlichen deiner API.
@@ -31,9 +31,9 @@ Checkliste für die wichtigsten Sicherheitsmaßnahmen beim Designen, Testen und
 
 ## Input
 - [ ] Nutze für Requests die passenden HTTP Methoden: `GET (Lesen)`, `POST (Erzeugen)`, `PUT/PATCH (Ersetzen/Aktualisieren)`, and `DELETE (Datensatz löschen)`, und gib `405 Method Not Allowed`, wenn die angeforderte Methode nicht auf die Ressource passt.
-- [ ] Validiere den `content-type` im "Accept" Header der Anfrage und erlaube nur unterstützte Formate (wie `application/xml`, `application/json`, etc.). Gib den Response `406 Not Acceptable` zurück, wenn keine der übergebenen Content-Typen unterstützt wird.
-- [ ] Validiere den `Content-Type`  im Header der Anfrage für übertragene Daten (bspw. POST oder PUT) wie bspw. `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json`, usw.
-- [ ] Validiere immer alle Eingaben im Request und allen Parametern um allgemeine Angriffsmöglichkeiten zu verhindern (bspw. `XSS`, `SQL-Injection`, `Remote Code Execution`, etc.).
+- [ ] Validiere den `content-type` im "Accept" Header der Anfrage und erlaube nur unterstützte Formate (wie `application/xml`, `application/json`, usw). Gib den Response `406 Not Acceptable` zurück, wenn keine der übergebenen Content-Typen unterstützt wird.
+- [ ] Validiere den `Content-Type` im Header der Anfrage für übertragene Daten (bspw. POST oder PUT) wie bspw. `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json`, usw.
+- [ ] Validiere immer alle Eingaben im Request und allen Parametern um allgemeine Angriffsmöglichkeiten zu verhindern (bspw. `XSS`, `SQL-Injection`, `Remote Code Execution`, usw).
 - [ ] Verwende niemals sensitive Daten (`Anmeldedaten`, `Passwörter`, `Security Tokens`, oder `API-Schlüssel`) in der URL, aber nutze den standardisierten "Authorization" Header.
 - [ ] Nutze ein API Gateway Service für Caching, Rate Limit Regeln (bspw. `Quota`, `Spike Arrest`, `Concurrent Rate Limit`) und der Bereitstellung dynamischer API Ressourcen.
 
@@ -51,10 +51,10 @@ Checkliste für die wichtigsten Sicherheitsmaßnahmen beim Designen, Testen und
 - [ ] Sende `X-Content-Type-Options: nosniff` im Header.
 - [ ] Sende `X-Frame-Options: deny` im Header.
 - [ ] Sende `Content-Security-Policy: default-src 'none'` im Header.
-- [ ] Entferne Header wie `X-Powered-By`, `Server`, `X-AspNet-Version` etc., um eventuell veraltete Softwareversionen nicht zu verraten.
+- [ ] Entferne Header wie `X-Powered-By`, `Server`, `X-AspNet-Version` usw, um eventuell veraltete Softwareversionen nicht zu verraten.
 - [ ] Sende immer einen `Content-Type` bei Antworten. Wenn du ein JSON lieferst gib als `Content-Type` `application/json` an.
 - [ ] Gib niemals sensitive Daten zurück wie `Anmeldedaten`, `Passwörter` oder `Sicherheitsschlüssel`.
-- [ ] Verwende immer einen passenden HTTP Statuscode je nach Status der Operation (bspw. `200 OK`, `400 Bad Request`, `401 Unauthorized`, `405 Method Not Allowed`, etc.).
+- [ ] Verwende immer einen passenden HTTP Statuscode je nach Status der Operation (bspw. `200 OK`, `400 Bad Request`, `401 Unauthorized`, `405 Method Not Allowed`, usw).
 
 ## Kontinuierliche Integration (CI) & Continuous Delivery (CD)
 - [ ] Nutze Unit- und Integrationstest und deren Abdeckung (Test Coverage), um deine Implementierungen und Design zu kontrollieren.
diff --git a/README-es.md b/README-es.md
index 14f881b..85166ac 100644
--- a/README-es.md
+++ b/README-es.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](.README-mk.md) | [ລາວ](./README-lo.md)
 
 # Lista de seguridad en APIs
 Lista de las contramedidas de seguridad más importantes en cuanto al diseño, testing y publicación de tu API.
diff --git a/README-fr.md b/README-fr.md
index b0c02a1..2aee423 100644
--- a/README-fr.md
+++ b/README-fr.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](.README-mk.md) | [ລາວ](./README-lo.md)
 
 # API Security Checklist
 Checklist des points de sécurité les plus importants lors de la conception, du test et de la mise en production de votre API.
diff --git a/README-hi.md b/README-hi.md
index 75b949d..01d4381 100644
--- a/README-hi.md
+++ b/README-hi.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](.README-mk.md) | [ລາວ](./README-lo.md)
 
 # API सुरक्षा जांच-सूची
 अपने एपीआई को डिजाइन करने, परीक्षण करने और जारी करने के दौरान सबसे महत्वपूर्ण सुरक्षा प्रतिवाद की जांच सूची|
@@ -9,7 +9,7 @@
 ## प्रमाणीकरण (Authentication)
 - [ ] `बेसिक एथ` का उपयोग मानक प्रमाणन का उपयोग न करें (जैसे [JWT](https://jwt.io/), [OAuth](https://oauth.net/))।
 - [ ] `प्रमाणीकरण`, `टोकन पीढ़ी`, `पासवर्ड भंडारण` में पहिया को फिर से न बदलें। मानकों का उपयोग करें।
-- [ ] लॉग इन में `मैक्स पुन: प्रयास`  और `जेल` सुविधाओं का उपयोग करें।
+- [ ] लॉग इन में `मैक्स पुन: प्रयास` और `जेल` सुविधाओं का उपयोग करें।
 - [ ] सभी संवेदनशील डेटा पर एन्क्रिप्शन का उपयोग करें।
 
 ## JWT (JSON वेब टोकन)
@@ -32,9 +32,9 @@
 ## Input
 - [ ] ऑपरेशन के अनुसार उचित HTTP विधि का प्रयोग करें: अनुरोधित विधि है, अगर `GET (पढ़ें)`, `पोस्ट (बनाएं)`, `पुट / पैच (प्रतिस्थापित / अद्यतन)`, और `हटाएं (रिकॉर्ड को हटाने के लिए)`, और `405 Method Not Allowed` के साथ प्रतिक्रिया न दें अनुरोधित संसाधन के लिए उचित नहीं है
 - [ ] अनुरोध पर `content-type` मान्य करें केवल अपने समर्थित प्रारूप (जैसे `application/xml`, `application/json`, आदि) को अनुमति देने के लिए हेडर (सामग्री वार्ता-Content Negotiation) स्वीकार करें और `406 Not Acceptable` करें यदि स्वीकार्य न हो तो।
-- [ ] जैसा कि आप स्वीकार करते हैं, उतनी ही पोस्ट की गई  `content-type` की पुष्टि करें (जैसे `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json`,  इत्यादि)।
+- [ ] जैसा कि आप स्वीकार करते हैं, उतनी ही पोस्ट की गई `content-type` की पुष्टि करें (जैसे `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json`, इत्यादि)।
 - [ ] सामान्य कमजोरियों (जैसे `XSS`, `SQL-Injection`, `Remote Code Execution`, आदि) से बचने के लिए उपयोगकर्ता इनपुट मान्य करें।
-- [ ] URL में किसी भी संवेदनशील डेटा (`credentials`, `Passwords`, `security tokens`, या  `API keys`) का उपयोग न करें, लेकिन मानक प्राधिकरण शीर्ष लेख का उपयोग करें।
+- [ ] URL में किसी भी संवेदनशील डेटा (`credentials`, `Passwords`, `security tokens`, या `API keys`) का उपयोग न करें, लेकिन मानक प्राधिकरण शीर्ष लेख का उपयोग करें।
 - [ ] कैशिंग, दर सीमा नीतियों (`Quota`, `Spike Arrest`, `Concurrent Rate Limit`) को सक्षम करने के लिए एपीआई गेटवे सेवा का उपयोग करें और गतिशील रूप से API संसाधनों की तैनाती करें।
 
 ## Processing
@@ -42,7 +42,7 @@
 - [ ] उपयोगकर्ता के स्वयं के संसाधन आईडी से बचना चाहिए। `/user/654321/orders` के बजाय `/me/orders` का उपयोग करें।
 - [ ] auto-increment आईडी न करें। बजाय यूयूआईडी का प्रयोग करें।
 - [ ] यदि आप XML फ़ाइलों को पार्स कर रहे हैं, तो सुनिश्चित करें कि इकाई पार्सिंग XXE (XML external entity attack) से बचने के लिए सक्षम है।
-- [ ] यदि आप XML फ़ाइलों को पार्स कर रहे हैं, तो सुनिश्चित करें कि `Billion Laughs/XML bomb` (exponential entity expansion attack) के हमले से बचने के लिए सक्षम  है।
+- [ ] यदि आप XML फ़ाइलों को पार्स कर रहे हैं, तो सुनिश्चित करें कि `Billion Laughs/XML bomb` (exponential entity expansion attack) के हमले से बचने के लिए सक्षम है।
 - [ ] फ़ाइल अपलोड के लिए CDN का उपयोग करें।
 - [ ] यदि आप बड़ी मात्रा में डेटा के साथ काम कर रहे हैं, तो Workers और Queues का उपयोग पृष्ठभूमि में यथासंभव प्रक्रिया करने के लिए और HTTP अवरोधन(Blocking) से बचने के लिए तेज़ी से return response करें।
 - [ ] DEBUG मोड बंद करने के लिए मत भूलना।
@@ -52,7 +52,7 @@
 - [ ] `X-Frame-Options: deny`हेडर भेजें।
 - [ ] `Content-Security-Policy: default-src 'none'`हेडर भेजें।
 - [ ] `X-Powered-By`, `Server`, `X-AspNet-Version` फिंगरप्रिंटिंग हेडर हटाएं।
-- [ ]  आपकी प्रतिक्रिया के लिए `content-type` को बल दें, यदि आप `application/json` वापस करते हैं तो आपकी प्रतिक्रिया `content-type` `application/json` है।
+- [ ] आपकी प्रतिक्रिया के लिए `content-type` को बल दें, यदि आप `application/json` वापस करते हैं तो आपकी प्रतिक्रिया `content-type` `application/json` है।
 - [ ] `credentials`, `Passwords`, `security tokens` जैसे संवेदनशील डेटा वापस न करें।
  ऑपरेशन के अनुसार उचित स्थिति कोड वापस करें। (जैसे `200 OK`, `400 Bad Request`, `401 Unauthorized`, `405 Method Not Allowed`, आदि)।
 
@@ -66,7 +66,7 @@
 ---
 
 ## यह भी देखें:
-[yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) RESTful HTTP+JSON APIs  के निर्माण के लिए उपयोगी संसाधनों का संग्रह।
+[yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) RESTful HTTP+JSON APIs के निर्माण के लिए उपयोगी संसाधनों का संग्रह।
 
 
 ---
diff --git a/README-id.md b/README-id.md
index 5e57974..285fbcb 100644
--- a/README-id.md
+++ b/README-id.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](.README-mk.md) | [ລາວ](./README-lo.md)
 
 # Checklist Keamanan API
 Checklist penanggulangan keamanan yang paling penting ketika merancang, menguji, dan melepaskan API ke khalayak
diff --git a/README-it.md b/README-it.md
index 0b9b8e2..a27401d 100644
--- a/README-it.md
+++ b/README-it.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](.README-mk.md) | [ລາວ](./README-lo.md)
 
 # Checklist per la sicurezza delle API
 Una checklist per le più importanti contromisure da mettere in pratica quando strutturiamo, testiamo e rilasciamo le nostre API.
@@ -32,7 +32,7 @@ Una checklist per le più importanti contromisure da mettere in pratica quando s
 ## Input
 - [ ] Utilizzare il metodo HTTP appropriato in base all'azione: `GET (lettura)`, `POST (scrittura)`, `PUT/PATCH (sostituzione/modifica)`, e `DELETE (cancellazione)`, e rispondere con uno status `405 Method Not Allowed` se il metodo della richiesta non è appropriato.
 - [ ] Validare il `content-type` rispetto all' Accept header (Content Negotiation) per consentire solo i formati supportati (es. `application/xml`, `application/json`, ecc.) e rispondere con un `406 Not Acceptable` se la risposta non coincide.
-- [ ] Validare il `content-type` in base alle strutture accettate (es. `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json`, etc).
+- [ ] Validare il `content-type` in base alle strutture accettate (es. `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json`, ecc.).
 - [ ] Validare sempre gli input dell'utente per evitare attacchi comuni (es. `XSS`, `SQL-Injection`, `Remote Code Execution`, ecc.).
 - [ ] Non utilizzare mai dati sensibili (`credenziali`, `password`, `security tokens`, o `API keys`) nell'url, utilizzare piuttosto gli Authorization header.
 - [ ] Utilizzare un gateway per abilitare il caching delle API, con sistema di controllo delle chiamate (es. `Quota`, `Spike Arrest`, `Concurrent Rate Limit`).
diff --git a/README-ja.md b/README-ja.md
index 3ce0cb9..6e3aabb 100644
--- a/README-ja.md
+++ b/README-ja.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](.README-mk.md) | [ລາວ](./README-lo.md)
 
 # APIセキュリティチェックリスト
 APIを設計、テスト、リリースするときの最も重要なセキュリティ対策のチェックリスト
diff --git a/README-jp.md b/README-jp.md
index a2f84f8..8a262a1 100644
--- a/README-jp.md
+++ b/README-jp.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](.README-mk.md) | [ລາວ](./README-lo.md)
 
 # API Security Checklist
 これはAPIの設計, テスト, リリース時における、重要なセキュリティ対策チェックリストです。
diff --git a/README-ko.md b/README-ko.md
index 75afd0e..ad0d1d0 100644
--- a/README-ko.md
+++ b/README-ko.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](.README-mk.md) | [ລາວ](./README-lo.md)
 
 # API 보안 점검표
 API를 설계하고 테스트하고 배포할 때 고려해야 할 중요한 보안 대책 점검입니다.
@@ -62,6 +62,7 @@ API를 설계하고 테스트하고 배포할 때 고려해야 할 중요한 보
 - [ ] 제품 출시전에 백신 소프트웨어로 공급 업체의 라이브러리 및 기타 종속적인 것을 포함한 서비스의 모든 구성 요소들을 정적으로 검사했는지 확인하세요.
 - [ ] 배포에 대한 롤백 솔루션을 설계하세요.
 
+
 ---
 
 ## 참조 :
diff --git a/README-lo.md b/README-lo.md
index 7a5c80b..56748c4 100644
--- a/README-lo.md
+++ b/README-lo.md
@@ -1,5 +1,4 @@
-
-[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Lao](./README-lo.md) | [Thai](./README-th.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](.README-mk.md)
 
 # API Security Checklist
 Checklist ທີ່ຕ້ອງໃຫ້ຄວາມສຳຄັນເມື່ອມີການສ້າງ API ໃນຊ່ວງການອອກແບບ ທົດສອບລະບົບ ແລະ ການປ່ອຍໃຫ້ຄົນນອກໃຊ້
@@ -16,7 +15,7 @@ Checklist ທີ່ຕ້ອງໃຫ້ຄວາມສຳຄັນເມື່
 ### JWT (JSON Web Token)
 - [ ] key ໃນການ generate token ຄວນມີຄວາມສັບຊ້ອນສູງ ເພື່ອປ້ອງກັນການ brute force ຫາຕົວເຂົ້າລະຫັດ
 - [ ] ບໍ່ຄວນມີການແກະຂໍ້ມູນ ຫຼື ຂັ້ນຕອນການຖອດຂໍ້ມູນໃນຝັ່ງ client. ໃຫ້ມີສະເພາະໃນ server ເທົ່ານັ້ນ ໂດຍອາດໃຊ້ວິທີເຂົ້າລະຫັດດ້ວຍ HS256 ຫຼື RS256 ແທນ
-- [ ] ພະຍາຍາມໃຫ້ token ໝົດອາຍຸໄວທີ່ສຸດເທົ່າທີ່ຈະເປັນໄປໄດ້  (`TTL`, `RTTL`)
+- [ ] ພະຍາຍາມໃຫ້ token ໝົດອາຍຸໄວທີ່ສຸດເທົ່າທີ່ຈະເປັນໄປໄດ້ (`TTL`, `RTTL`)
 - [ ] ບໍ່ຄວນເກັບຂໍ້ມູນທີ່ສຳຄັນໃນ payload ຂອງ JWT ເພາະອາດຈະຖືກແກະໄດ້ [ງ່າຍ](https://jwt.io/#debugger-io).
 
 ### OAuth
@@ -42,7 +41,7 @@ Checklist ທີ່ຕ້ອງໃຫ້ຄວາມສຳຄັນເມື່
 - [ ] ກວດເບິ່ງວ່າ endpoints ທຸກຈຸດຢູ່ພາຍໃຕ້ authentication ເພື່ອປ້ອງກັນຊ່ອງໂຫວ່ທີ່ເຮັດໃຫ້ຄົນອື່ນມາເອີ້ນໃຊ້ໂດຍບໍ່ຈຳເປັນຕ້ອງພິສູດຕົວຕົນ
 - [ ] ບໍ່ຄວນນຳ resource id ຂອງ user ໄປໃຊ້ (`/user/654321/orders`) ແຕ່ໃຫ້ໄປໃຊ້ແບບ `/me/orders` ແທນ ເພື່ອປ້ອງກັນ user ປ່ຽນໄປໃຊ້ຂອງຄົນອື່ນ
 - [ ] ເລກ id ຂອງ user ບໍ່ຄວນມີການສ້າງແບບໄລ່ລຳດັບໄປເລື້ອຍໆ ແຕ່ໃຫ້ສ້າງ UUID ແທນ
-- [ ] ຖ້າມີການ parsing ຟາຍ XML, ໃຫ້ປິດສ່ວນຂອງ Entity parsing ໄວ້ເພື່ອຫຼີກລ່ຽງທີ່ຈະຖືກຊ່ອງໂຫວ່ຕ່າງໆເຊັ່ນ  (XML external entity attack, Billion Laughs/XML bomb)
+- [ ] ຖ້າມີການ parsing ຟາຍ XML, ໃຫ້ປິດສ່ວນຂອງ Entity parsing ໄວ້ເພື່ອຫຼີກລ່ຽງທີ່ຈະຖືກຊ່ອງໂຫວ່ຕ່າງໆເຊັ່ນ (XML external entity attack, Billion Laughs/XML bomb)
 - [ ] ໃຊ້ CDN ເມື່ອຈຳເປັນຕ້ອງມີການ upload ຟາຍຈາກ client
 - [ ] ຫາກຕ້ອງເຈິກັບຂໍ້ມູນຂະໜາດໃຫຍ່ ໃຫ້ໃຊ້ Workers ກັບ ຄິວໃນການຈັດການເພື່ອໃຫ້ມີການຕອບຂໍ້ມູນກັບໄດ້ຢ່າງວ່ອງໄວຈະໄດ້ບໍ່ເກີດຄວາມສ່ຽງຂຶ້ນ
 - [ ] ຢ່າລືມປິດໂໝດ DEBUG ໃນ code ຫາກເຮັດໄວ້
@@ -73,5 +72,3 @@ Checklist ທີ່ຕ້ອງໃຫ້ຄວາມສຳຄັນເມື່
 
 # Contribution
 Feel free to contribute by forking this repository, making some changes, and submitting pull requests. For any questions drop us an email at `team@shieldfy.io`.
-
-
diff --git a/README-mk.md b/README-mk.md
index 8b26ce5..47900c8 100644
--- a/README-mk.md
+++ b/README-mk.md
@@ -1,25 +1,27 @@
-[繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Македонски](.README-mk.md) 
+[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [ລາວ](./README-lo.md)
 
 # API Безбедносна контролна листа
 Безбедносна контролна листа од најважните безбедносни контрамерки при дизајнирање, тестирање и пуштање во употреба на вашето API.
+
+
 ---
 
 ## Автентикација
 - [ ] Не користете `Basic Auth` Користете стандардна автентикација (п.р. [JWT](https://jwt.io/), [OAuth](https://oauth.net/)).
-- [ ] Не измислувајте топла вода за  `Authentication`,` generation token `, `password storage`. Користете ги стандардите.
+- [ ] Не измислувајте топла вода за `Authentication`, `generation token`, `password storage`. Користете ги стандардите.
 - [ ] Користете `Max Retry` и затворските функции во Login.
 - [ ] Користете енкрипција на сите чувствителни податоци.
 
 ### JWT (JSON Web Token)
 - [ ] Користете случајно генериран и комплициран клуч (`JWT Secret`) за да направите што можно потешко погодување на токенот со испробување на секоја можна комбинација
 - [ ] Don't extract the algorithm from the payload. Force the algorithm in the backend (`HS256` or `RS256`).
-- [ ] Направете токенот да истече (`TTL`, `RTTL`) што е можно побрзо .
+- [ ] Направете токенот да истече (`TTL`, `RTTL`) што е можно побрзо.
 - [ ] Не чувајте чувствителни податоци во JWR payload, може да се декодира [лесно](https://jwt.io/#debugger-io).
 
 ### OAuth
 - [ ] Секогаш проверувајте ја `redirect_uri` од страна на серверот за да дозволите само бела листа на адреси.
 - [ ] Секогаш обидувајте се да разменувате за код, а не токени (не дозволувајте `response_type = token`).
-- [ ] Користете  `state` параметар со случаен хаш за да се спречи CSRF на процесот на автентикација на OAuth
+- [ ] Користете `state` параметар со случаен хаш за да се спречи CSRF на процесот на автентикација на OAuth
 - [ ] Дефинирајте го основниот опсег и проверете ги параметрите на опсегот за секоја апликација.
 
 ## Пристап
@@ -29,9 +31,9 @@
 
 ## Влез
 - [ ] Користете ја соодветната HTTP-метод според операцијата: "GET (read)", "POST (создади)", "PUT / PATCH (замени / ажурирај)" и "DELETE (за бришење на запис) 405 Метод не е дозволено` ако бараниот метод не е соодветен за бараниот ресурс.
-- [ ] Потврдете `content-type` на барање Accept header (Content Negotiation) за да го дозволите само вашиот поддржан формат (на пр.`application/xml`, `application/json`, etc) И да одговори со 406 Not Acceptable` одговор ако не се совпаѓа.
-- [ ] Потврдете ги  `content-type` на објавените податоци што ги прифаќате (на пр., `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json`, итн.).
-- [ ] Потврдете го корисничкиот влез за да избегнете вообичаени слабости (e.g. `XSS`, `SQL-Injection`, `Remote Code Execution`, etc).
+- [ ] Потврдете `content-type` на барање Accept header (Content Negotiation) за да го дозволите само вашиот поддржан формат (на пр.`application/xml`, `application/json`, итн) И да одговори со 406 Not Acceptable` одговор ако не се совпаѓа.
+- [ ] Потврдете ги `content-type` на објавените податоци што ги прифаќате (на пр., `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json`, итн.).
+- [ ] Потврдете го корисничкиот влез за да избегнете вообичаени слабости (e.g. `XSS`, `SQL-Injection`, `Remote Code Execution`, итн).
 - [ ] Не користете чувствителни податоци(`credentials`, `Passwords`, `security tokens`, или `API keys`) во URL-то, но користете стандарден заглавие за авторизација.
 - [ ] Користете API Gateway-услуга за да овозможите кеширање, политики за ограничување на тарифите (пр. `Quota`, `Spike Arrest`, `Concurrent Rate Limit`) и динамички да ги распоредите ресурсите за API-то.
 
@@ -41,29 +43,29 @@
 - [ ] Не автоматско зголемување на ID-ите. Наместо тоа, употребете `UUID`.
 - [ ] Ако ги анализирате XML-датотеките, проверете дали парсирањето на ентитетот не е овозможено за да се избегне `XXE` (напад на надворешен ентитет на XML).
 - [ ] Ако анализирате XML-датотеки, проверете дали проширувањето на ентитетот не е овозможено за да се избегне `Billion Laughs / XML бомба` преку експоненцијален напад на експанзија на ентитетот.
-- [ ] Користете  CDN за закачување на фајлови.
+- [ ] Користете CDN за закачување на фајлови.
 - [ ] Ако се занимавате со огромни количини на податоци, користете Workers and Queues за да процесирате што е можно повеќе во позадина и да го вратите одговорот брзо за да избегнете блокирање на HTTP
 - [ ] Не заборавајте да го исклучите режимот DEBUG.
 
 ## Излез
-- [ ] Праќај `X-Content-Type-Options: nosniff` хедер .
+- [ ] Праќај `X-Content-Type-Options: nosniff` хедер.
 - [ ] Праќај `X-Frame-Options: deny` хедер.
 - [ ] Праќај `Content-Security-Policy: default-src 'none'` хедер.
-- [ ] Отстранете ги хедерите кој издаваат отповеќе податоци - `X-Powered-By`, `Server`, `X-AspNet-Version` etc.
-- [ ] Присилувај `content-type` " за твојот одговор, ако се вратиш `application/json` тогаш твојот одговор  `content-type` е  `application/json`.
+- [ ] Отстранете ги хедерите кој издаваат отповеќе податоци - `X-Powered-By`, `Server`, `X-AspNet-Version` итн.
+- [ ] Присилувај `content-type` " за твојот одговор, ако се вратиш `application/json` тогаш твојот одговор `content-type` е `application/json`.
 - [ ] Не враќајте чувствителни податоци како `credentials`, `Passwords`, `security tokens`.
-- [ ] Врати го соодветниот код за статусот според завршената операција. (e.g. `200 OK`, `400 Bad Request`, `401 Unauthorized`, `405 Method Not Allowed`, etc).
+- [ ] Врати го соодветниот код за статусот според завршената операција. (e.g. `200 OK`, `400 Bad Request`, `401 Unauthorized`, `405 Method Not Allowed`, итн).
 
 ## CI & CD
 - [ ] Ревизија на вашиот дизајн и имплементација со покриеност тестови за единица / интеграција.
 - [ ] Користете процес на прегледување на кодот и не дозволувајте самоодобрување
 - [ ] Осигурајте се дека сите компоненти на вашите услуги се статички скенирани од AV-софтверот пред да се изврши притисок за производство, вклучувајќи библиотеки на продавачи и други зависности.
-      
 - [ ] Дизајн на rollback за во продукција
 
+
 ---
 
-## See also:
+## Исто така види:
 - [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) - A collection of useful resources for building RESTful HTTP+JSON APIs.
 
 
diff --git a/README-mn.md b/README-mn.md
index 18ea6e0..a1b1ef9 100644
--- a/README-mn.md
+++ b/README-mn.md
@@ -1,7 +1,7 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](.README-mk.md) | [ລາວ](./README-lo.md)
 
 # API Аюулгүйн жагсаалт
-API гаргах, загварчлах, тестлэхэд аюулгүйн талаас авах сөрөг арга хэмжээний жагсаалт
+API гаргах, загварчлах, тестлэхэд аюулгүйн талаас авах сөрөг арга хэмжээний жагсаалт.
 
 
 ---
@@ -31,7 +31,7 @@ API гаргах, загварчлах, тестлэхэд аюулгүйн та
 
 ## Input
 - [ ] Яг зөв HTTP хүсэлтийг ашигла: `GET (унших)`, `POST (үүсгэх)`, `PUT/PATCH (орлуулах/солих)`, мөн `DELETE (устгах)`, бас `405 Method Not Allowed` -ыг хүсэлтийн төрөл тодорхойгүй үед ашигла.
-- [ ] `content-type` -ыг хүсэлтийн header (Content Negotiation) дээр шалгаж зөвхөн дэмжигдсэн төрлийг зөвшөөр (Жнь. `application/xml`, `application/json`, etc) бас төрөл нь таарахгүй бол `406 Not Acceptable` хариу буцаа.
+- [ ] `content-type` -ыг хүсэлтийн header (Content Negotiation) дээр шалгаж зөвхөн дэмжигдсэн төрлийг зөвшөөр (Жнь. `application/xml`, `application/json`, гэх мэт) бас төрөл нь таарахгүй бол `406 Not Acceptable` хариу буцаа.
 - [ ] `content-type` -ыг post хийх өгөгдөл дээр шалга (Жнь. `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json`, г.м).
 - [ ] Хэрэглэгчээс гараас оруулсан утгыг шалгаж түгээмэл нүхнүүдээс сэргийлнэ. (Жнь. `XSS`, `SQL-Injection`, `Remote Code Execution`, г.м).
 - [ ] Чухал өгөгдлүүдийг (`credentials`, `Passwords`, `security tokens`, or `API keys`) URL ээр бүү явуул, оронд нь стандарт Authorization header ашигла.
diff --git a/README-nl.md b/README-nl.md
index 459eae9..6341f2c 100644
--- a/README-nl.md
+++ b/README-nl.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](.README-mk.md) | [ລາວ](./README-lo.md)
 
 # API Security Checklist
 Checklist met de belangrijkste tegenmaatregelen bij het ontwerpen, testen en uitbrengen van een API.
@@ -31,9 +31,9 @@ Checklist met de belangrijkste tegenmaatregelen bij het ontwerpen, testen en uit
 
 ## Invoer
 - [ ] Gebruik de correcte HTTP methode voor de operatie, `GET (lezen)`, `POST (schrijven)`, `PUT (vervangen/updaten)` and `DELETE (verwijderen)`.
-- [ ] Valideer de `content-type` header bij een request Accept header (Content Negotiation) om alleen de ondersteunde formaten toe te staan (e.g. `application/xml`, `application/json` ... etc) en stuur een `406 Not Acceptable` response als de `content-type` niet ondersteund is.
-- [ ] Valideer de `content-type` header van gestuurde data (e.g. `application/x-www-form-urlencoded`, `multipart/form-data ,application/json` ... etc ).
-- [ ] Valideer de gebruiker invoer om veel voorkomende kwetsbaarheden te voorkomen (v.b. `XSS`, `SQL-Injection`, `Remote Code Execution` ... etc).
+- [ ] Valideer de `content-type` header bij een request Accept header (Content Negotiation) om alleen de ondersteunde formaten toe te staan (e.g. `application/xml`, `application/json` ... enz) en stuur een `406 Not Acceptable` response als de `content-type` niet ondersteund is.
+- [ ] Valideer de `content-type` header van gestuurde data (e.g. `application/x-www-form-urlencoded`, `multipart/form-data ,application/json` ... enz).
+- [ ] Valideer de gebruiker invoer om veel voorkomende kwetsbaarheden te voorkomen (v.b. `XSS`, `SQL-Injection`, `Remote Code Execution` ... enz).
 - [ ] Gebruik geen gevoelige data (`credentials`, `Wachtwoorden`, `security tokens`, of `API keys`) in de URL, maar gebruik de standaard Authorization header.
 - [ ] Gebruik een API Gateway service voor caching, policies (b.v. `Quota`, `Spike Arrest`, `Concurrent Rate Limit`) en voor het dynamisch deployen van API middelen.
 
@@ -51,10 +51,10 @@ Checklist met de belangrijkste tegenmaatregelen bij het ontwerpen, testen en uit
 - [ ] Stel de `X-Content-Type-Options: nosniff` header in.
 - [ ] Stel de `X-Frame-Options: deny` header in.
 - [ ] Stel de `Content-Security-Policy: default-src 'none'` header in.
-- [ ] Verwijder vingerafdruk headers - `X-Powered-By`, `Server`, `X-AspNet-Version` etc.
+- [ ] Verwijder vingerafdruk headers - `X-Powered-By`, `Server`, `X-AspNet-Version` enz.
 - [ ] Dwing `content-type` headers af voor de response. Als je `application/json` antwoordt, dan is de `content-type` : `application/json`.
 - [ ] Stuur geen gevoelige data terug: `Gebruikersnamen`, `Wachtwoorden`, `security tokens`.
-- [ ] Geef de correcte HTTP antwoord code terug op basis van de uitgevoerde operatie (v.b. `200 OK`, `400 Bad Request`, `401 Unauthorized`, `405 Method Not Allowed` ... etc).
+- [ ] Geef de correcte HTTP antwoord code terug op basis van de uitgevoerde operatie (v.b. `200 OK`, `400 Bad Request`, `401 Unauthorized`, `405 Method Not Allowed` ... enz).
 
 ## CI & CD
 - [ ] Controleer het ontwerp en de implementatie met unit/integration test dekking.
diff --git a/README-pl.md b/README-pl.md
index 45e7d62..f08f5f7 100644
--- a/README-pl.md
+++ b/README-pl.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Македонски](.README-mk.md) | [ລາວ](./README-lo.md)
 
 # Lista kontrolna bezpieczeństwa API
 Lista kontrolna najważniejszych metod zabezpieczenia podczas projektowania, testowania oraz wypuszczania własnego API.
@@ -15,7 +15,7 @@ Lista kontrolna najważniejszych metod zabezpieczenia podczas projektowania, tes
 ### JWT (JSON Web Token)
 - [ ] Użyj losowego, skomplikowanego klucza (`JWT Secret`) aby uczynić token bezpieczniejszym przeciw atakom typu `brute force`.
 - [ ] Algorytmy trzymaj w backendzie, nie upubliczniaj algorytmów.
-- [ ] Ustaw wygaszanie tokenów  (`TTL`, `RTTL`) najkrótsze jak to możliwe.
+- [ ] Ustaw wygaszanie tokenów (`TTL`, `RTTL`) najkrótsze jak to możliwe.
 - [ ] Nie przechowuj wrażliwych danych w `JWT payload`, mogą był łatwo dekodowane przy pomocy [easily](https://jwt.io/#debugger-io).
 
 ### OAuth
@@ -26,13 +26,13 @@ Lista kontrolna najważniejszych metod zabezpieczenia podczas projektowania, tes
 
 ## Dostęp
 - [ ] Ustaw limit zapytań (Throttling) aby uniknąć ataku DDoS / brute-force.
-- [ ] Użyj HTTPS aby uniknąć MITM (Man In The Middle Attack) - ataku polegającego na pośrednictwie w wymianie informacji pomiędzy dwoma punktami np. klientem i serwerem.
+- [ ] Użyj HTTPS aby uniknąć MITM (Man In The Middle Attack) - Ataku polegającego na pośrednictwie w wymianie informacji pomiędzy dwoma punktami np. klientem i serwerem.
 - [ ] Użyj nagłówka `HSTS` z SSL aby uniknąć SSL Strip attack.
 
 ## Wejście
 - [ ] Użyj odpowiedniej metody protokołu HTTP dla danej operacji: `GET (odczyt)`, `POST (tworzenie)`, `PUT/PATCH (zmiana)`, and `DELETE (usuwanie)`, i odpowiadaj `405 Method Not Allowed` jeżeli metoda zapytania jest niepoprawna.
 - [ ] Waliduj `content-type` podczas zapytań i zezwalaj jedynie na wymagane typy danych (np. `application/xml`, `application/json`) oraz odpowiadaj `406 Not Acceptable` jeżeli nie pasują.
-- [ ] Waliduj  `content-type` informacji przekazywanych metodą POST (np. `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json`).
+- [ ] Waliduj `content-type` informacji przekazywanych metodą POST (np. `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json`).
 - [ ] Waliduj informacje wprowadzane przez użytkownika, aby uniknąć zagrożeń (np.. `XSS`, `SQL-Injection`, `Zdalne Wykonanie Skryptu`).
 - [ ] Nie używaj żadnych wrażliwych danych w URL, zamiast tego użyj standardowego nagłówka Autoryzującego.
 - [ ] Użyj usługi API Gateway aby włączyć caching oraz np. `Quota`, `Spike Arrest`, `Concurrent Rate Limit`.
@@ -50,7 +50,7 @@ Lista kontrolna najważniejszych metod zabezpieczenia podczas projektowania, tes
 - [ ] Wyślij nagłówek `X-Content-Type-Options: nosniff`.
 - [ ] Wyślij nagłówek `X-Frame-Options: deny`.
 - [ ] Wyślij nagłówek `Content-Security-Policy: default-src 'none'`.
-- [ ] Usuń nagłówki cyfrowego odcisku palca (digital fingerprint)  - `X-Powered-By`, `Server`, `X-AspNet-Version`.
+- [ ] Usuń nagłówki cyfrowego odcisku palca (digital fingerprint) - `X-Powered-By`, `Server`, `X-AspNet-Version`.
 - [ ] Wymuś `content-type` podczas zwracania danych. Jeżeli zwracasz `application/json` wtedy twój `content-type` to `application/json`.
 - [ ] Nie zwracaj ważnych informacji jak `dane uwierzytelniające`, `hasła`, `tokeny bezpieczeństwa`.
 - [ ] Zwróc odpowiedni status w zależności od operacji. (np. `200 OK`, `400 Bad Request`, `401 Unauthorized`, `405 Method Not Allowed`).
diff --git a/README-pt_BR.md b/README-pt_BR.md
index ed6e23f..25135c9 100644
--- a/README-pt_BR.md
+++ b/README-pt_BR.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](.README-mk.md) | [ລາວ](./README-lo.md)
 
 # API Security Checklist
 Lista das mais importantes medidas de segurança para o desenvolvimento, teste e publicação da sua API.
diff --git a/README-ru.md b/README-ru.md
index 9b7cae6..984a36a 100644
--- a/README-ru.md
+++ b/README-ru.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](.README-mk.md) | [ລາວ](./README-lo.md)
 
 # Контрольный список безопасности API
 Контрольный список наиболее важных контрмер безопасности при разработке, тестировании и выпуске вашего API.
diff --git a/README-th.md b/README-th.md
index 660730b..e865077 100644
--- a/README-th.md
+++ b/README-th.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](.README-mk.md) | [ລາວ](./README-lo.md)
 
 # API Security Checklist
 Checklist ที่ต้องให้ความสำคัญเมื่อมีการสร้าง API ในช่วงการออกแบบ ทดสอบระบบ และการปล่อยให้คนนอกใช้
diff --git a/README-tr.md b/README-tr.md
index 16a093c..2b7c3af 100644
--- a/README-tr.md
+++ b/README-tr.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](.README-mk.md) | [ລາວ](./README-lo.md)
 
 # API Güvenlik Kontrol Listesi
 API'nizi tasarlarken, test ederken ve yayınlarken en önemli güvenlik önlemlerinin kontrol listesi.
@@ -42,7 +42,7 @@ API'nizi tasarlarken, test ederken ve yayınlarken en önemli güvenlik önlemle
 - [ ] Kullanıcı kendi kaynak ID'sinden kaçınmalıdır. `/me/orders` yerine `/user/654321/orders` kullanmalıdır.
 - [ ] Otomotik artan ID'ler kullanmayın. Yerine `UUID` kullanın.
 - [ ] Eğer XML dosyarını (parse) ayrıştırıyorsanız, varlık ayrıştırmasını önlemek için etkin olmadığını doğrulayın `XXE` (XML external entity attack).
-- [ ] Eğer XML dosyarını (parse) ayrıştırıyorsanız, `Billion Laughs/XML bomb` varlık genişletme saldırısı yoluyla,varlığın genişlemesinin önlemek için etkinleştirilmediğinden emin olun .
+- [ ] Eğer XML dosyarını (parse) ayrıştırıyorsanız, `Billion Laughs/XML bomb` varlık genişletme saldırısı yoluyla,varlığın genişlemesinin önlemek için etkinleştirilmediğinden emin olun.
 - [ ] Dosya yüklemeleri için bir CDN kullanın.
 - [ ] Büyük miktarda veri ile uğraşıyorsanız, HTTP engellemeyi önlemek için İşçi ve Kuyrukları arka planda olabildiğince işlem yapmak ve yanıtı hızlı bir şekilde yanıtlamak için kullanın.
 - [ ] DEBUG modunu kapatmayı unutmayın!.
diff --git a/README-tw.md b/README-tw.md
index ac22cf8..b70cdc4 100644
--- a/README-tw.md
+++ b/README-tw.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md)
+[English](./README.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](.README-mk.md) | [ລາວ](./README-lo.md)
 
 # 開發安全的 API 所需要核對的清單
 以下是當你在設計, 測試以及發佈你的 API 的時候所需要核對的重要安全措施.
diff --git a/README-uk.md b/README-uk.md
index bb78dd5..8acb8bb 100644
--- a/README-uk.md
+++ b/README-uk.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](.README-mk.md) | [ລາວ](./README-lo.md)
 
 # Контрольний список безпеки API
 Контрольний список найбільш важливих контрзаходів безпеки при розробці, тестуванні та випуску вашого API.
@@ -8,14 +8,14 @@
 
 ## Аутентифікація
 - [ ] Не використовуйте `Basic Auth` Використовуйте стандартну перевірку справжності (наприклад: JWT, OAuth).
-- [ ] Не "винаходьте колесо" в `аутентіфікаціі`,` створенні токенів`, `зберіганні паролей`. Використовуйте стандарти.
+- [ ] Не "винаходьте колесо" в `аутентіфікаціі`, `створенні токенів`, `зберіганні паролей`. Використовуйте стандарти.
 - [ ] Використовуйте `Max Retry` і функції jail в Login.
 - [ ] Користуйтеся шифруванням для всіх конфіденційних даних.
 
 ### JWT (JSON Web Token)
 - [ ] Використовуйте випадковий складний ключ (`JWT Secret`), щоб зробити брут форс токена дуже складним.
 - [ ] Не виймайте алгоритм з корисного навантаження. Внесіть алгоритм в бекенда (`HS256` або` RS256`).
-- [ ] Зробіть термін дії токена (`TTL`,` RTTL`) якомога коротшим.
+- [ ] Зробіть термін дії токена (`TTL`, `RTTL`) якомога коротшим.
 - [ ] Не зберігайте конфіденційні дані в корисне навантаження JWT, її можна [легко декодувати.](Https://jwt.io/#debugger-io).
 
 ### OAuth
@@ -31,15 +31,15 @@
 
 ## Введення
 - [ ] Використовуйте відповідний HTTP-метод відповідно до операції: `GET (читання),` POST (створення) `,` PUT / PATCH (заміна / оновлення) `і` DELETE (для видалення запису) `, а також дайте відповідь` 405 Method Not Allowed`, якщо запитаний метод не підходить для запитуваного ресурсу.
-- [ ] Підтвердіть `тип вмісту` за запитом "Прийняти заголовок" (Консолідація контенту), щоб дозволити тільки підтримуваний формат (наприклад: ` application/xml`, `application/json` і т.д.) І відповідайте з неприпустимим відповіддю 406, якщо він не узгоджений.
-- [ ] Перевіряйте вміст опублікованих даних `типу контенту` в міру їх прийняття (наприклад,` application/x-www-form-urlencoded`, `multipart/form-data`,` application/json` і т.д.).
-- [ ] Перевірте користувальницьке введення щоб уникнути поширених вразливостей (наприклад: `XSS`,` SQL-ін'єкцій`, `віддалене виконання коду` і т.д.).
-- [ ] Не використовуйте конфіденційні дані (`облікові дані`,` паролі`, `маркери безпеки` або` ключі API`) в URL-адресі, але використовуйте стандартний заголовок авторизації.
+- [ ] Підтвердіть `тип вмісту` за запитом "Прийняти заголовок" (Консолідація контенту), щоб дозволити тільки підтримуваний формат (наприклад: `application/xml`, `application/json` і т.д.) І відповідайте з неприпустимим відповіддю 406, якщо він не узгоджений.
+- [ ] Перевіряйте вміст опублікованих даних `типу контенту` в міру їх прийняття (наприклад,` application/x-www-form-urlencoded`, `multipart/form-data`, `application/json` і т.д.).
+- [ ] Перевірте користувальницьке введення щоб уникнути поширених вразливостей (наприклад: `XSS`, `SQL-ін'єкцій`, `віддалене виконання коду` і т.д.).
+- [ ] Не використовуйте конфіденційні дані (`облікові дані`, `паролі`, `маркери безпеки` або `ключі API`) в URL-адресі, але використовуйте стандартний заголовок авторизації.
 - [ ] Використовуйте службу шлюзу API, щоб активувати кешування, обмеження швидкості, спайк-арешт і динамічне розгортання ресурсів API.
 
 ## Обробка
 - [ ] Перевірте, чи захищені всі кінцеві точки за аутентифікацією, щоб не порушити процедуру перевірки автентичності.
-- [ ] Слід уникати ідентифікатора користувача власного ресурсу. Використовуйте `/me/orders` замість`/user/654321/orders`.
+- [ ] Слід уникати ідентифікатора користувача власного ресурсу. Використовуйте `/me/orders` замість `/user/654321/orders`.
 - [ ] Не використовуйте автоінкремент для ID. Замість цього використовуйте `UUID`.
 - [ ] Якщо ви розбираєте XML-файли, переконайтеся, що синтаксичний аналіз сутностей не включений, щоб уникнути `атаки на зовнішній об'єкт XML` (XML external entity).
 - [ ] Якщо ви розбираєте XML-файли, переконайтеся, що розширення суті не включено, щоб уникнути `Billion Laughs / XML bomb` за допомогою експоненційної атаки розширення сутностей.
@@ -53,8 +53,8 @@
 - [ ] Надсилайте заголовок `Content-Security-Policy: default-src 'none'`.
 - [ ] Видаліть заголовки відбитків пальців - `X-Powered-By`,` Server`, `X-AspNet-Version` і т.д.
 - [ ] Примусите `тип вмісту` для вашої відповіді, якщо ви повернете` application/json`, тоді ваш тип вмісту відповіді буде `application/json`.
-- [ ] Не повертайте конфіденційні дані, такі як `облікові дані`,` паролі`, `токени безпеки`.
-- [ ] Завжди повертайте код стану відповідно до завершеною роботою. (Наприклад: `200 OK`,` 400 Bad Request`, `401 Unauthorized`,` 405 Method Not Allowed` і т.д.).
+- [ ] Не повертайте конфіденційні дані, такі як `облікові дані`, `паролі`, `токени безпеки`.
+- [ ] Завжди повертайте код стану відповідно до завершеною роботою. (Наприклад: `200 OK`, `400 Bad Request`, `401 Unauthorized`, `405 Method Not Allowed` і т.д.).
 
 ## Безперервна інтеграція і Безперервне постачання (CI & CD)
 - [ ] Аудит вашого дизайну і реалізації з охопленням модулів / інтеграційних тестів.
diff --git a/README-vi.md b/README-vi.md
index 66e4ed1..ab898ed 100644
--- a/README-vi.md
+++ b/README-vi.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](.README-mk.md) | [ລາວ](./README-lo.md)
 
 # Danh sách các giải pháp an toàn cho API
 Những giải pháp an toàn và cách khắc phục khi thiết kế, kiểm tra và phát hành API cho ứng dụng của bạn.
@@ -52,7 +52,7 @@ Những giải pháp an toàn và cách khắc phục khi thiết kế, kiểm t
 - [ ] Thêm `X-Frame-Options: deny` vào response headers.
 - [ ] Thêm `Content-Security-Policy: default-src 'none'` vào response headers.
 - [ ] Loại bỏ các header chứa thông tin nhạy cảm như phiên bản web server, ví dụ: `X-Powered-By`, `Server`, `X-AspNet-Version`, v.v...
-- [ ] Bắt buộc có `content-type` trong response headers, nếu bạn trả về `application/json` thì header `content-type` sẽ có  giá trị `application/json`.
+- [ ] Bắt buộc có `content-type` trong response headers, nếu bạn trả về `application/json` thì header `content-type` sẽ có giá trị `application/json`.
 - [ ] Không gửi các thông tin nhạy cảm như `credentials`, `Passwords`, `security tokens`.
 - [ ] Trả về status code tương ứng với hành động đã hoàn thành. (chẳng hạn. `200 OK`, `400 Bad Request`, `401 Unauthorized`, 405 `Method Not Allowed`, v.v...).
 
diff --git a/README-zh.md b/README-zh.md
index 581bf0c..55175f5 100644
--- a/README-zh.md
+++ b/README-zh.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](.README-mk.md) | [ລາວ](./README-lo.md)
 
 # 开发安全的 API 所需要核对的清单
 以下是当你在设计, 测试以及发布你的 API 的时候所需要核对的重要安全措施.
diff --git a/README.md b/README.md
index 79a6120..ccbde15 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,4 @@
-[繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md)
+[繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](.README-mk.md) | [ລາວ](./README-lo.md)
 
 # API Security Checklist
 Checklist of the most important security countermeasures when designing, testing, and releasing your API.

From be20f66adc51bcfd9db0d44b58ea44a497381d68 Mon Sep 17 00:00:00 2001
From: PlanB <planb@ab180.co>
Date: Wed, 7 Mar 2018 22:50:57 +0900
Subject: [PATCH 056/149] Update README-ko.md

respons_type to response_type
---
 README-ko.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README-ko.md b/README-ko.md
index ad0d1d0..eccfa37 100644
--- a/README-ko.md
+++ b/README-ko.md
@@ -20,7 +20,7 @@ API를 설계하고 테스트하고 배포할 때 고려해야 할 중요한 보
 
 ### OAuth
 - [ ] 허용된 URL만 받기 위해서는 서버 단에서 `redirect_uri`가 유효한지 항상 검증하세요.
-- [ ] 토큰 대신 항상 코드를 주고받으세요. (`respons_type=token`을 허용하지 마세요)
+- [ ] 토큰 대신 항상 코드를 주고받으세요. (`response_type=token`을 허용하지 마세요)
 - [ ] OAuth 인증 프로세스에서 CSRF를 방지하기 위해 랜덤 해쉬값을 가진 `state` 파라미터를 사용하세요.
 - [ ] 디폴트 스코프를 정의하고 각 애플리케이션마다 스코프 파라미터의 유효성을 검증하세요.
 

From 10b14d391c2508a1d169fdf838eb260db0e196d8 Mon Sep 17 00:00:00 2001
From: PlanB <planb@ab180.co>
Date: Fri, 9 Mar 2018 14:36:45 +0900
Subject: [PATCH 057/149] Update README-ko.md

- Translated a little cleaner
- Add missing content : about 'Input - 405 Method not allowed'
---
 README-ko.md | 26 +++++++++++++-------------
 1 file changed, 13 insertions(+), 13 deletions(-)

diff --git a/README-ko.md b/README-ko.md
index eccfa37..c1543fc 100644
--- a/README-ko.md
+++ b/README-ko.md
@@ -1,7 +1,7 @@
 [English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](.README-mk.md) | [ລາວ](./README-lo.md)
 
 # API 보안 점검표
-API를 설계하고 테스트하고 배포할 때 고려해야 할 중요한 보안 대책 점검입니다.
+API를 설계하고, 테스트하고, 배포할 때 고려해야 할 중요한 보안 대책에 대한 점검 목록입니다.
 
 
 ---
@@ -10,7 +10,7 @@ API를 설계하고 테스트하고 배포할 때 고려해야 할 중요한 보
 - [ ] `Basic Auth`를 사용하지 말고 표준 인증방식을 사용하세요. (예로, JWT, OAuth 등)
 - [ ] `인증`, `토큰 생성`, `패스워드 저장`은 직접 개발하지 말고 표준을 사용하세요.
 - [ ] 로그인에서 `Max Retry`와 격리 기능을 사용하세요.
-- [ ] 민감한 데이터는 암호화하세요.
+- [ ] 민감한 데이터는 모두 암호화하세요.
 
 ### JWT (JSON Web Token)
 - [ ] 무작위 대입 공격을 어렵게 하기 위해 랜덤하고 복잡한 키값 (`JWT Secret`)을 사용하세요.
@@ -19,8 +19,8 @@ API를 설계하고 테스트하고 배포할 때 고려해야 할 중요한 보
 - [ ] JWT 페이로드는 [디코딩이 쉽기](https://jwt.io/#debugger-io) 때문에 민감한 데이터는 저장하지 마세요.
 
 ### OAuth
-- [ ] 허용된 URL만 받기 위해서는 서버 단에서 `redirect_uri`가 유효한지 항상 검증하세요.
-- [ ] 토큰 대신 항상 코드를 주고받으세요. (`response_type=token`을 허용하지 마세요)
+- [ ] 허용된 URL만 받기 위해서는 서버 단에서 `redirect_uri`의 유효성을 항상 검증하세요.
+- [ ] 항상 토큰 대신 코드를 주고받으세요. (`response_type=token`을 허용하지 마세요)
 - [ ] OAuth 인증 프로세스에서 CSRF를 방지하기 위해 랜덤 해쉬값을 가진 `state` 파라미터를 사용하세요.
 - [ ] 디폴트 스코프를 정의하고 각 애플리케이션마다 스코프 파라미터의 유효성을 검증하세요.
 
@@ -30,21 +30,21 @@ API를 설계하고 테스트하고 배포할 때 고려해야 할 중요한 보
 - [ ] SSL Strip 공격을 피하려면 `HSTS` 헤더를 SSL과 함께 사용하세요.
 
 ## 입력 및 요청 (Input)
-- [ ] 각 요청 연산에 맞는 적절한 HTTP 메서드를 사용하세요. `GET (읽기)`, `POST (생성)`, `PUT (대체/갱신)`, `DELETE (삭제)`
-- [ ] 여러분이 지원하는 포맷 (예를 들어 `application/xml`이나 `application/json` 등)만을 허용하기 위해서는 요청의 Accept 헤더의 `content-type`을 검증하여 매칭되는 게 없을 경우엔 `406 Not Acceptable`로 응답하세요.
+- [ ] 각 요청의 연산에 맞는 적절한 HTTP 메서드를 사용하세요. `GET (읽기)`, `POST (생성)`, `PUT (대체/갱신)`, `DELETE (삭제)`. 그리고 요청 메소드가 리소스에 적합하지 않은 경우 `405 Method Not Allowed`로 응답하세요.
+- [ ] 여러분이 지원하는 포맷 (예를 들어 `application/xml`이나 `application/json` 등)만을 허용하려면 요청의 Accept 헤더에서 `content-type`의 유효성을 검사하고 일치하지 않으면 `406 Not Acceptable`로 응답하세요.
 - [ ] 요청받은 POST 데이터의 `content-type`을 검증하세요. (예를 들어 `application/x-www-form-urlencoded`나 `multipart/form-data` 또는 `application/json` 등)
 - [ ] 일반적인 취약점들을 피하기 위해선 사용자 입력의 유효성을 검증하세요. (예를 들어 `XSS`, `SQL-Injection` 또는 `Remote Code Execution` 등)
 - [ ] URL에는 그 어떤 민감한 데이터 (`자격 인증 (crendentials)`, `패스워드`, `보안 토큰` 또는 `API 키`)도 포함하고 있어서는 안 되며 이러한 것들은 표준 인증 방식의 헤더를 사용하세요.
-- [ ] 캐싱과 속도 제한 정책을(예를 들어 `Quota`, `Spike Arrest`, `Concurrent Rate Limit`) 제공하는 API 게이트웨이 서비스를 사용하세요. 그리고 API 리소스를 동적으로 배포하세요.
+- [ ] 캐싱과 속도 제한 정책을 제공하는 API 게이트웨이 서비스 (예를 들어 `Quota`, `Spike Arrest`, `Concurrent Rate Limit`)를 사용하고, API 리소스를 동적으로 배포하세요.
 
 ## 서버 처리
-- [ ] 잘못된 인증을 피하기 위해 모든 엔드포인트가 인증 프로세스 뒤에서 보호되고 있는지 확인하세요.
-- [ ] 사용자의 리소스 식별자를 사용하는 건 지양하세요. `/user/654321/orders` 대신 `/me/orders`를 사용하세요.
+- [ ] 인증 프로세스가 손상되는 것을 피하기 위해 모든 엔드포인트가 인증 프로세스 뒤에서 보호되고 있는지 확인하세요.
+- [ ] 사용자 소유의 리소스 식별자는 피해야 합니다. `/user/654321/orders` 대신 `/me/orders`를 사용하세요.
 - [ ] 자동 증가 (auto-increment) 식별자 대신 `UUID`를 사용하세요.
 - [ ] XML 파일을 파싱하고 있다면, `XXE` (XML 외부 엔티티 공격, XML external entity attack)를 피하기 위해 엔티티 파싱을 비활성화하세요.
 - [ ] XML 파일을 파싱하고 있다면, 지수적 엔티티 확장 공격을 통한 빌리언 러프/XML 폭탄을 피하기 위해 엔티티 확장을 비활성화하세요.
 - [ ] 파일 업로드에는 CDN을 사용하세요.
-- [ ] 거대한 양의 데이터를 다루고 있다면, HTTP 블로킹을 피하고 응답을 빠르게 반환하기 위해 워커나 큐를 사용하세요.
+- [ ] 거대한 양의 데이터를 다루고 있다면, 워커나 큐를 사용하여 가능한 한 백그라운드에서 처리하고, HTTP 블로킹을 피하기 위해 응답을 빠르게 반환하세요.
 - [ ] 디버그 모드를 꺼놓는 일을 절대 잊지 마세요.
 
 ## 반환 및 응답 (Output)
@@ -54,7 +54,7 @@ API를 설계하고 테스트하고 배포할 때 고려해야 할 중요한 보
 - [ ] `X-Powered-By`, `Server`, `X-AspNet-Version` 등의 디지털 지문 (fingerprinting) 성격의 헤더는 제거하세요.
 - [ ] 응답에 `content-type`을 강제하세요. 만약 `application/json` 데이터를 반환하고 있다면 응답의 `content-type`은 `application/json`입니다.
 - [ ] `자격 인증 (crendentials)`, `패스워드`, `보안 토큰`과 같은 민감한 데이터는 반환하지 마세요.
-- [ ] 각 연산에 맞는 적절한 상태 코드를 반환하세요. (예를 들어 `200 OK`, `400 Bad Request`, `401 Unauthorized`, `405 Method Not Allowed` 등)
+- [ ] 각 작업에 맞는 적절한 상태 코드를 반환하세요. (예를 들어 `200 OK`, `400 Bad Request`, `401 Unauthorized`, `405 Method Not Allowed` 등)
 
 ## CI & CD
 - [ ] 단위/통합 테스트 범위로 설계 및 구현을 검토하세요.
@@ -66,10 +66,10 @@ API를 설계하고 테스트하고 배포할 때 고려해야 할 중요한 보
 ---
 
 ## 참조 :
-- [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) - RESTful HTTP+JSON API를 빌드하는 데 유용한 자원의 콜렉션.
+- [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) - RESTful HTTP+JSON API를 만드는 데 유용한 자원의 콜렉션.
 
 
 ---
 
 # 기여하기
-이 저장소를 분기, 변경, pull request를 보내는 것으로 자유롭게 기여하세요. 질문은 `team@shieldfy.io`로 이메일을 보내주세요.
+포크, 변경, pull request를 보내 자유롭게 기여하세요. 질문은 `team@shieldfy.io`로 이메일을 보내주세요.

From 84a956458a5f51b10da67cbd96c74b828abb06ec Mon Sep 17 00:00:00 2001
From: Omer Levi Hevroni <omerlh@users.noreply.github.com>
Date: Wed, 14 Mar 2018 06:37:34 +0200
Subject: [PATCH 058/149] Added security tests and dependency scan

---
 README.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/README.md b/README.md
index ccbde15..a417508 100644
--- a/README.md
+++ b/README.md
@@ -60,6 +60,8 @@ Checklist of the most important security countermeasures when designing, testing
 - [ ] Audit your design and implementation with unit/integration tests coverage.
 - [ ] Use a code review process and disregard self-approval.
 - [ ] Ensure that all components of your services are statically scanned by AV software before push to production, including vendor libraries and other dependencies.
+- [ ] Continuesly run security tests (static/dynamic analysis) on your code.
+- [ ] Check your dependency (both software and OS) for known vulnerabilities.
 - [ ] Design a rollback solution for deployments.
 
 

From d03205590c0e129b527adc4114f583fd34168ea6 Mon Sep 17 00:00:00 2001
From: Terry Yun <nooheat1228@gmail.com>
Date: Wed, 28 Mar 2018 16:19:00 +0900
Subject: [PATCH 059/149] Fix typo (crendentials -> credentials)

Modified `credentials` to `credentials`.
---
 README-ko.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README-ko.md b/README-ko.md
index c1543fc..c17a5be 100644
--- a/README-ko.md
+++ b/README-ko.md
@@ -53,7 +53,7 @@ API를 설계하고, 테스트하고, 배포할 때 고려해야 할 중요한 
 - [ ] `Content-Security-Policy: default-src 'none'` 헤더를 반환하세요.
 - [ ] `X-Powered-By`, `Server`, `X-AspNet-Version` 등의 디지털 지문 (fingerprinting) 성격의 헤더는 제거하세요.
 - [ ] 응답에 `content-type`을 강제하세요. 만약 `application/json` 데이터를 반환하고 있다면 응답의 `content-type`은 `application/json`입니다.
-- [ ] `자격 인증 (crendentials)`, `패스워드`, `보안 토큰`과 같은 민감한 데이터는 반환하지 마세요.
+- [ ] `자격 인증 (credentials)`, `패스워드`, `보안 토큰`과 같은 민감한 데이터는 반환하지 마세요.
 - [ ] 각 작업에 맞는 적절한 상태 코드를 반환하세요. (예를 들어 `200 OK`, `400 Bad Request`, `401 Unauthorized`, `405 Method Not Allowed` 등)
 
 ## CI & CD

From a12fa5e3b0a7a07cdc2c638a14054f79f4bfbb89 Mon Sep 17 00:00:00 2001
From: Terry Yun <nooheat1228@gmail.com>
Date: Wed, 28 Mar 2018 22:47:12 +0900
Subject: [PATCH 060/149] Fix typo (crendentials -> credentials)

---
 README-ko.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README-ko.md b/README-ko.md
index c17a5be..e3ac91f 100644
--- a/README-ko.md
+++ b/README-ko.md
@@ -34,7 +34,7 @@ API를 설계하고, 테스트하고, 배포할 때 고려해야 할 중요한 
 - [ ] 여러분이 지원하는 포맷 (예를 들어 `application/xml`이나 `application/json` 등)만을 허용하려면 요청의 Accept 헤더에서 `content-type`의 유효성을 검사하고 일치하지 않으면 `406 Not Acceptable`로 응답하세요.
 - [ ] 요청받은 POST 데이터의 `content-type`을 검증하세요. (예를 들어 `application/x-www-form-urlencoded`나 `multipart/form-data` 또는 `application/json` 등)
 - [ ] 일반적인 취약점들을 피하기 위해선 사용자 입력의 유효성을 검증하세요. (예를 들어 `XSS`, `SQL-Injection` 또는 `Remote Code Execution` 등)
-- [ ] URL에는 그 어떤 민감한 데이터 (`자격 인증 (crendentials)`, `패스워드`, `보안 토큰` 또는 `API 키`)도 포함하고 있어서는 안 되며 이러한 것들은 표준 인증 방식의 헤더를 사용하세요.
+- [ ] URL에는 그 어떤 민감한 데이터 (`자격 인증 (credentials)`, `패스워드`, `보안 토큰` 또는 `API 키`)도 포함하고 있어서는 안 되며 이러한 것들은 표준 인증 방식의 헤더를 사용하세요.
 - [ ] 캐싱과 속도 제한 정책을 제공하는 API 게이트웨이 서비스 (예를 들어 `Quota`, `Spike Arrest`, `Concurrent Rate Limit`)를 사용하고, API 리소스를 동적으로 배포하세요.
 
 ## 서버 처리

From 35d9bf1732b4dae9dccc055734abaea1dab970db Mon Sep 17 00:00:00 2001
From: Yaroslav <y.surilov@infomir.com>
Date: Sat, 26 May 2018 14:31:58 +0300
Subject: [PATCH 061/149] fix typo

---
 README-ru.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README-ru.md b/README-ru.md
index 984a36a..a45ba9b 100644
--- a/README-ru.md
+++ b/README-ru.md
@@ -59,7 +59,7 @@
 ## Непрерывная интеграция и Непрерывная доставка (CI & CD)
 - [ ] Аудит вашего дизайна и реализации с охватом модулей/интеграционных тестов.
 - [ ] Используйте процесс проверки кода и игнорируйте самоокупаемость.
-- [ ] Убедитесь, что все компоненты ваших служб статически сканируются с помощью антивирусов перед отпракой на производство, включая библиотеки поставщиков и другие зависимости.
+- [ ] Убедитесь, что все компоненты ваших служб статически сканируются с помощью антивирусов перед отправкой на производство, включая библиотеки поставщиков и другие зависимости.
 - [ ] Создайте решение отката для развертывания.
 
 

From ff5d758dce4040f0248084662f15563dd6c4fd8b Mon Sep 17 00:00:00 2001
From: Disconnect3d <dominik.b.czarnota@gmail.com>
Date: Tue, 24 Jul 2018 00:53:41 +0200
Subject: [PATCH 062/149] Fix polish translation about decoding JWT payload

---
 README-pl.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README-pl.md b/README-pl.md
index f08f5f7..703dec9 100644
--- a/README-pl.md
+++ b/README-pl.md
@@ -16,7 +16,7 @@ Lista kontrolna najważniejszych metod zabezpieczenia podczas projektowania, tes
 - [ ] Użyj losowego, skomplikowanego klucza (`JWT Secret`) aby uczynić token bezpieczniejszym przeciw atakom typu `brute force`.
 - [ ] Algorytmy trzymaj w backendzie, nie upubliczniaj algorytmów.
 - [ ] Ustaw wygaszanie tokenów (`TTL`, `RTTL`) najkrótsze jak to możliwe.
-- [ ] Nie przechowuj wrażliwych danych w `JWT payload`, mogą był łatwo dekodowane przy pomocy [easily](https://jwt.io/#debugger-io).
+- [ ] Nie przechowuj wrażliwych danych w payloadzie `JWT`, mogą być one [łatwo zdekodowane](https://jwt.io/#debugger-io).
 
 ### OAuth
 - [ ] Zawsze waliduj `redirect_uri` po stronie serwera aby zezwolić tylko URL-om z dozwolonej listy (`whitelist`).

From c18dfbd9e7f5c91552bc32d8292618439974e0fc Mon Sep 17 00:00:00 2001
From: ping <trungstp@gmail.com>
Date: Thu, 4 Oct 2018 14:50:20 +0700
Subject: [PATCH 063/149] improve Vietnamese translation

---
 README-vi.md | 50 +++++++++++++++++++++++++-------------------------
 1 file changed, 25 insertions(+), 25 deletions(-)

diff --git a/README-vi.md b/README-vi.md
index ab898ed..728d604 100644
--- a/README-vi.md
+++ b/README-vi.md
@@ -7,44 +7,44 @@ Những giải pháp an toàn và cách khắc phục khi thiết kế, kiểm t
 ---
 
 ## Xác thực (Authentication)
-- [ ] Không sử dụng `Basic Auth` Sử dụng giao thức xác thực tiêu chuẩn (chẳng hạn. [JWT](https://jwt.io/), [OAuth](https://oauth.net/)).
-- [ ] Không cung cấp các thông tin `Authentication`, `token generation`, `password storage`. Sử dụng các tiêu chuẩn.
+- [ ] Không sử dụng `Basic Auth`. Sử dụng giao thức xác thực tiêu chuẩn (chẳng hạn [JWT](https://jwt.io/) hay [OAuth](https://oauth.net/)).
+- [ ] Không tự thiết kế lại các giải pháp `Authentication`, `token generation`, `password storage`. Hãy sử dụng các giải pháp tiêu chuẩn.
 - [ ] Sử dụng `Max Retry` và chức năng Auto Block ở trang Login.
 - [ ] Mã hóa các dữ liệu nhạy cảm.
 
 ### JWT (JSON Web Token)
-- [ ] Sử dụng các mã ngẫu nhiên (`JWT Secret`) để tăng sự khó khăn của việc tấn công Brute Force.
-- [ ] Không loại bỏ các thuật toán từ tải trọng. Bắt buộc sử dụng thuật toán trong backend (`HS256` hoặc `RS256`).
-- [ ] Đặt thời hạn hết hạn token (`TTL`, `RTTL`) càng ngắn càng tốt.
+- [ ] Sử dụng khóa ngẫu nhiên (`JWT Secret`) để tăng sự khó khăn của việc tấn công Brute Force.
+- [ ] Không sử dụng các thuật toán có trong `Payload` của người dùng. Bắt buộc sử dụng thuật toán phía backend (`HS256` hoặc `RS256`).
+- [ ] Đặt thời hạn token (`TTL`, `RTTL`) càng ngắn càng tốt.
 - [ ] Không lưu các thông tin nhạy cảm trong JWT, nó có thể [dễ dàng](https://jwt.io/#debugger-io) được giải mã.
 
 ### OAuth Ủy quyền hoặc chứng thực giao thức
-- [ ] Luôn xác nhận `redirect_uri` server-side để chỉ cho phép các URL trong danh sách.
-- [ ] Luôn luôn cố gắng trao đổi mã và không phải là các tokens (không cho phép `response_type=token`).
-- [ ] Sử dụng tham số `state` cùng với bảng băm ngẫu nhiên để bảo vệ CSRF ở tiến trình xác thực OAuth.
-- [ ] Xác định phạm vi mặc định, và xác nhận các tham số phạm vi cho mỗi ứng dụng..
+- [ ] Luôn xác nhận `redirect_uri` phía server để chỉ cho phép redirect đến các URL tin cậy.
+- [ ] Ưu tiên sử dụng `response_type=code` thay vì `response_type=token`).
+- [ ] Sử dụng tham số `state` cùng một giá trị hash ngẫu nhiên để chống lại tấn công CSRF trong quá trình xác thực OAuth.
+- [ ] Định nghĩa phạm vi mặc định, và xác nhận các tham số phạm vi cho mỗi ứng dụng.
 
 ## Quyền
-- [ ] Giới hạn truy cập (Throttling) để phòng tránh các tấn công DDoS / brute-force.
+- [ ] Giới hạn request (Throttling) để phòng tránh các tấn công DDoS / brute-force.
 - [ ] Sử dụng giao thức HTTPS ở phía server để tránh MITM (Man In The Middle Attack).
-- [ ] Sử dụng tiêu đề `HSTS` với SSL để tránh tấn công SSL Strip.
+- [ ] Sử dụng `HSTS` header với SSL để tránh tấn công SSL Strip.
 
 ## Input
-- [ ] Sử dụng các phương thức HTTP phù hợp với từng phương thức: `GET (đọc)`, `POST (tạo mới)`, `PUT/PATCH (cập nhật/sửa)`, and `DELETE (để xóa bản ghi)`, và phản hồi với `405 Method Not Allowed` nếu yêu cầu không phù hợp với tài nguyên được yêu cầu.
+- [ ] Sử dụng các HTTP method phù hợp với từng hành động: `GET (đọc)`, `POST (tạo mới)`, `PUT/PATCH (cập nhật/sửa)`, `DELETE (để xóa bản ghi)`, và phản hồi `405 Method Not Allowed` nếu HTTP method không phù hợp với tài nguyên được request.
 - [ ] Xác nhận dữ liệu `content-type` ở mỗi tiêu đề (Content Negotiation) chỉ cho phép những định dạng được hỗ trợ (chẳng hạn như. `application/xml`, `application/json`, vv) và phản hồi `406 Not Acceptable` nếu không khớp.
-- [ ] Xác nhận dữ liệu `content-type` được chấp nhận khi gửi lên (chẳng hạn như. `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json`, vv).
-- [ ] Xác nhận đầu vào dữ liệu người dùng để tránh các lỗ hổng phổ biến (chẳng hạn như. `XSS`, `SQL-Injection`, `Remote Code Execution`, vv).
-- [ ] Không sử dụng các dữ liệu nhạy cảm như (`credentials`, `Passwords`, `security tokens`, or `API keys`) tại URL, tuy nhiên có thể sử dụng header Authorization để xác thực.
-- [ ] Sử dụng các dịch vụ API Gateway để bật bộ nhớ cache, Rate Limit policies (chẳng hạng như. `Quota`, `Spike Arrest`, `Concurrent Rate Limit`) và deploy APIs resources linh động hơn.
+- [ ] Xác nhận dữ liệu `content-type` được chấp nhận khi gửi lên (chẳng hạn như. `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json`...).
+- [ ] Kiểm tra dữ liệu truyền lên từ người dùng để tránh các lỗ hổng phổ biến (chẳng hạn như `XSS`, `SQL-Injection`, `Remote Code Execution`...).
+- [ ] Không sử dụng các dữ liệu nhạy cảm như (`credentials`, `Passwords`, `security tokens`, or `API keys`) tại URL, sử dụng header Authorization để xác thực.
+- [ ] Sử dụng API Gateway để kích hoạt cache, Rate Limit policies (chẳng hạng như. `Quota`, `Spike Arrest`, `Concurrent Rate Limit`) và deploy APIs resources linh động hơn.
 
 ## Processing
-- [ ] Kiểm tra các điểm đầu cuối đều được bảo vệ để tránh các tiến trình xác thực bị hỏng.
+- [ ] Đảm bảo rằng các endpoint chỉ xử lý dữ liệu sau khi đã qua bước xác thực
 - [ ] Nên tránh việc sử dụng ID của tài nguyên. Sử dụng `/me/orders` thay vì `/user/654321/orders`.
-- [ ] Không tự động tăng ID. Sử dụng UUID để thay thế.
-- [ ] Nếu bạn muốn phân tích các tập tin XML, hãy chắc chắn các phần tử không được bật để tránh `XXE` (XML tấn công thực thể từ bên ngoài).
-- [ ] Nếu bạn muốn phân tích các tập tin XML, đảm bảo việc mở rộng thực thể không được kích hoạt để tránh để tránh `Billion Laughs/XML bomb` qua việc tấn công.
+- [ ] Không nên thiết kế ID dạng tự động tăng. Sử dụng UUID để thay thế.
+- [ ] Nếu bạn muốn parse XML, hãy chắc chắn rằng `entity parsing` không được kích hoạt để tránh tấn công `XXE` (XML external entity attack).
+- [ ] Nếu bạn muốn parse XML, hãy chắc chắn rằng `entity expansion` không được kích hoạt để tránh tấn công `Billion Laughs/XML bomb`.
 - [ ] Sử dụng CDN để tải lên tệp tin.
-- [ ] Nếu bạn đang cần xử lý với lượng dữ liệu lớn, sử dụng các kỹ thuật Workers và Queues để xử lý tác vụ dưới nền càng nhiều càng tốt và giúp phản hồi nhanh để tránh bị chặn HTTP.
+- [ ] Nếu bạn đang cần xử lý với lượng dữ liệu lớn, sử dụng các kỹ thuật Workers và Queues để xử lý tác vụ dưới nền càng nhiều càng tốt và giúp phản hồi nhanh để tránh bị timeout HTTP.
 - [ ] Đừng quên tắt chế độ DEBUG.
 
 ## Output
@@ -53,14 +53,14 @@ Những giải pháp an toàn và cách khắc phục khi thiết kế, kiểm t
 - [ ] Thêm `Content-Security-Policy: default-src 'none'` vào response headers.
 - [ ] Loại bỏ các header chứa thông tin nhạy cảm như phiên bản web server, ví dụ: `X-Powered-By`, `Server`, `X-AspNet-Version`, v.v...
 - [ ] Bắt buộc có `content-type` trong response headers, nếu bạn trả về `application/json` thì header `content-type` sẽ có giá trị `application/json`.
-- [ ] Không gửi các thông tin nhạy cảm như `credentials`, `Passwords`, `security tokens`.
-- [ ] Trả về status code tương ứng với hành động đã hoàn thành. (chẳng hạn. `200 OK`, `400 Bad Request`, `401 Unauthorized`, 405 `Method Not Allowed`, v.v...).
+- [ ] Không trả về client các thông tin nhạy cảm như `credentials`, `Passwords`, `security tokens`.
+- [ ] Trả về status code tương ứng với hành động đã hoàn thành. (chẳng hạn. `200 OK`, `400 Bad Request`, `401 Unauthorized`, `405 Method Not Allowed`...).
 
 ## CI & CD ( Tích hợp và triển khai liên tục)
 - [ ] Kiểm tra thiết kế và thực hiện đầy đủ việc test với unit/integration.
 - [ ] Áp dụng quy trình đánh giá code và bỏ qua việc tự phê duyệt.
-- [ ] Đảm bảo các thành phần của dịch vụ được duyệt với phần mềm AV trước khi được đẩy lên bản chính, bao gồm các thư viện và các sự phụ thuộc khác.
-- [ ] Thiết kế một giải pháp rollback (quản lý dữ liệu) cho việc triển khai.
+- [ ] Đảm bảo các thành phần của dịch vụ được quét với các anti virus trước khi đưa ra phiên bản production, bao gồm các thư viện và các gói khác.
+- [ ] Thiết kế một giải pháp rollback cho việc triển khai.
 
 
 ---

From b536a1a47fd2fa29602ecfc2ba317604f9282955 Mon Sep 17 00:00:00 2001
From: Rowayda-Khayri <rowayda_khayri@yahoo.com>
Date: Sun, 7 Oct 2018 00:51:02 +0200
Subject: [PATCH 064/149]  fix typos in README.md

---
 README.md | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/README.md b/README.md
index ccbde15..fc6683d 100644
--- a/README.md
+++ b/README.md
@@ -7,7 +7,7 @@ Checklist of the most important security countermeasures when designing, testing
 ---
 
 ## Authentication
-- [ ] Don't use `Basic Auth` Use standard authentication (e.g. [JWT](https://jwt.io/), [OAuth](https://oauth.net/)).
+- [ ] Don't use `Basic Auth`. Use standard authentication (e.g. [JWT](https://jwt.io/), [OAuth](https://oauth.net/)).
 - [ ] Don't reinvent the wheel in `Authentication`, `token generation`, `password storage`. Use the standards.
 - [ ] Use `Max Retry` and jail features in Login.
 - [ ] Use encryption on all sensitive data.
@@ -26,14 +26,14 @@ Checklist of the most important security countermeasures when designing, testing
 
 ## Access
 - [ ] Limit requests (Throttling) to avoid DDoS / brute-force attacks.
-- [ ] Use HTTPS on server side to avoid MITM (Man In The Middle Attack).
+- [ ] Use HTTPS on server side to avoid MITM (Man in the Middle Attack).
 - [ ] Use `HSTS` header with SSL to avoid SSL Strip attack.
 
 ## Input
 - [ ] Use the proper HTTP method according to the operation: `GET (read)`, `POST (create)`, `PUT/PATCH (replace/update)`, and `DELETE (to delete a record)`, and respond with `405 Method Not Allowed` if the requested method isn't appropriate for the requested resource.
 - [ ] Validate `content-type` on request Accept header (Content Negotiation) to allow only your supported format (e.g. `application/xml`, `application/json`, etc) and respond with `406 Not Acceptable` response if not matched.
 - [ ] Validate `content-type` of posted data as you accept (e.g. `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json`, etc).
-- [ ] Validate User input to avoid common vulnerabilities (e.g. `XSS`, `SQL-Injection`, `Remote Code Execution`, etc).
+- [ ] Validate user input to avoid common vulnerabilities (e.g. `XSS`, `SQL-Injection`, `Remote Code Execution`, etc).
 - [ ] Don't use any sensitive data (`credentials`, `Passwords`, `security tokens`, or `API keys`) in the URL, but use standard Authorization header.
 - [ ] Use an API Gateway service to enable caching, Rate Limit policies (e.g. `Quota`, `Spike Arrest`, `Concurrent Rate Limit`) and deploy APIs resources dynamically.
 
@@ -51,15 +51,15 @@ Checklist of the most important security countermeasures when designing, testing
 - [ ] Send `X-Content-Type-Options: nosniff` header.
 - [ ] Send `X-Frame-Options: deny` header.
 - [ ] Send `Content-Security-Policy: default-src 'none'` header.
-- [ ] Remove fingerprinting headers - `X-Powered-By`, `Server`, `X-AspNet-Version` etc.
+- [ ] Remove fingerprinting headers - `X-Powered-By`, `Server`, `X-AspNet-Version`, etc.
 - [ ] Force `content-type` for your response, if you return `application/json` then your response `content-type` is `application/json`.
-- [ ] Don't return sensitive data like `credentials`, `Passwords`, `security tokens`.
+- [ ] Don't return sensitive data like `credentials`, `Passwords` or `security tokens`.
 - [ ] Return the proper status code according to the operation completed. (e.g. `200 OK`, `400 Bad Request`, `401 Unauthorized`, `405 Method Not Allowed`, etc).
 
 ## CI & CD
 - [ ] Audit your design and implementation with unit/integration tests coverage.
 - [ ] Use a code review process and disregard self-approval.
-- [ ] Ensure that all components of your services are statically scanned by AV software before push to production, including vendor libraries and other dependencies.
+- [ ] Ensure that all components of your services are statically scanned by AV software before pushing to production, including vendor libraries and other dependencies.
 - [ ] Design a rollback solution for deployments.
 
 

From 710023d45eb47db69e93423746cc51d2a56ddb73 Mon Sep 17 00:00:00 2001
From: Rowayda-Khayri <rowayda_khayri@yahoo.com>
Date: Sun, 7 Oct 2018 01:02:35 +0200
Subject: [PATCH 065/149]  fix typos in README.md

---
 README.md | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/README.md b/README.md
index fc6683d..ed50fd3 100644
--- a/README.md
+++ b/README.md
@@ -31,11 +31,11 @@ Checklist of the most important security countermeasures when designing, testing
 
 ## Input
 - [ ] Use the proper HTTP method according to the operation: `GET (read)`, `POST (create)`, `PUT/PATCH (replace/update)`, and `DELETE (to delete a record)`, and respond with `405 Method Not Allowed` if the requested method isn't appropriate for the requested resource.
-- [ ] Validate `content-type` on request Accept header (Content Negotiation) to allow only your supported format (e.g. `application/xml`, `application/json`, etc) and respond with `406 Not Acceptable` response if not matched.
-- [ ] Validate `content-type` of posted data as you accept (e.g. `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json`, etc).
-- [ ] Validate user input to avoid common vulnerabilities (e.g. `XSS`, `SQL-Injection`, `Remote Code Execution`, etc).
+- [ ] Validate `content-type` on request Accept header (Content Negotiation) to allow only your supported format (e.g. `application/xml`, `application/json`, etc.) and respond with `406 Not Acceptable` response if not matched.
+- [ ] Validate `content-type` of posted data as you accept (e.g. `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json`, etc.).
+- [ ] Validate user input to avoid common vulnerabilities (e.g. `XSS`, `SQL-Injection`, `Remote Code Execution`, etc.).
 - [ ] Don't use any sensitive data (`credentials`, `Passwords`, `security tokens`, or `API keys`) in the URL, but use standard Authorization header.
-- [ ] Use an API Gateway service to enable caching, Rate Limit policies (e.g. `Quota`, `Spike Arrest`, `Concurrent Rate Limit`) and deploy APIs resources dynamically.
+- [ ] Use an API Gateway service to enable caching, Rate Limit policies (e.g. `Quota`, `Spike Arrest`, or `Concurrent Rate Limit`) and deploy APIs resources dynamically.
 
 ## Processing
 - [ ] Check if all the endpoints are protected behind authentication to avoid broken authentication process.
@@ -53,8 +53,8 @@ Checklist of the most important security countermeasures when designing, testing
 - [ ] Send `Content-Security-Policy: default-src 'none'` header.
 - [ ] Remove fingerprinting headers - `X-Powered-By`, `Server`, `X-AspNet-Version`, etc.
 - [ ] Force `content-type` for your response, if you return `application/json` then your response `content-type` is `application/json`.
-- [ ] Don't return sensitive data like `credentials`, `Passwords` or `security tokens`.
-- [ ] Return the proper status code according to the operation completed. (e.g. `200 OK`, `400 Bad Request`, `401 Unauthorized`, `405 Method Not Allowed`, etc).
+- [ ] Don't return sensitive data like `credentials`, `Passwords`, or `security tokens`.
+- [ ] Return the proper status code according to the operation completed. (e.g. `200 OK`, `400 Bad Request`, `401 Unauthorized`, `405 Method Not Allowed`, etc.).
 
 ## CI & CD
 - [ ] Audit your design and implementation with unit/integration tests coverage.

From 9a6af564c744b8114f9001cc36187efb77cb3b6c Mon Sep 17 00:00:00 2001
From: pilotpirxie <10637666+pilotpirxie@users.noreply.github.com>
Date: Wed, 10 Oct 2018 14:40:00 +0200
Subject: [PATCH 066/149] Added non-exec, deep linking, and server side rules

---
 README.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/README.md b/README.md
index 79a6120..4fd36ad 100644
--- a/README.md
+++ b/README.md
@@ -28,6 +28,7 @@ Checklist of the most important security countermeasures when designing, testing
 - [ ] Limit requests (Throttling) to avoid DDoS / brute-force attacks.
 - [ ] Use HTTPS on server side to avoid MITM (Man In The Middle Attack).
 - [ ] Use `HSTS` header with SSL to avoid SSL Strip attack.
+- [ ] Turn off directory listings.
 
 ## Input
 - [ ] Use the proper HTTP method according to the operation: `GET (read)`, `POST (create)`, `PUT/PATCH (replace/update)`, and `DELETE (to delete a record)`, and respond with `405 Method Not Allowed` if the requested method isn't appropriate for the requested resource.
@@ -36,6 +37,7 @@ Checklist of the most important security countermeasures when designing, testing
 - [ ] Validate User input to avoid common vulnerabilities (e.g. `XSS`, `SQL-Injection`, `Remote Code Execution`, etc).
 - [ ] Don't use any sensitive data (`credentials`, `Passwords`, `security tokens`, or `API keys`) in the URL, but use standard Authorization header.
 - [ ] Use an API Gateway service to enable caching, Rate Limit policies (e.g. `Quota`, `Spike Arrest`, `Concurrent Rate Limit`) and deploy APIs resources dynamically.
+- [ ] Use only server side encryption.
 
 ## Processing
 - [ ] Check if all the endpoints are protected behind authentication to avoid broken authentication process.
@@ -46,6 +48,7 @@ Checklist of the most important security countermeasures when designing, testing
 - [ ] Use a CDN for file uploads.
 - [ ] If you are dealing with huge amount of data, use Workers and Queues to process as much as possible in background and return response fast to avoid HTTP Blocking.
 - [ ] Do not forget to turn the DEBUG mode OFF.
+- [ ] Use non-executable stacks when available.
 
 ## Output
 - [ ] Send `X-Content-Type-Options: nosniff` header.

From a73db5962d0925d5a59860e4ebcf353cb388e056 Mon Sep 17 00:00:00 2001
From: Tsvetilian Yankov <tsvetilian.ty@gmail.com>
Date: Wed, 31 Oct 2018 17:49:40 +0200
Subject: [PATCH 067/149] update broken link to Macedonian translation

---
 README-ar.md    | 2 +-
 README-de.md    | 2 +-
 README-es.md    | 2 +-
 README-fr.md    | 2 +-
 README-hi.md    | 2 +-
 README-id.md    | 2 +-
 README-it.md    | 2 +-
 README-ja.md    | 2 +-
 README-jp.md    | 2 +-
 README-ko.md    | 2 +-
 README-lo.md    | 2 +-
 README-mn.md    | 2 +-
 README-nl.md    | 2 +-
 README-pl.md    | 2 +-
 README-pt_BR.md | 2 +-
 README-ru.md    | 2 +-
 README-th.md    | 2 +-
 README-tr.md    | 2 +-
 README-tw.md    | 2 +-
 README-uk.md    | 2 +-
 README-vi.md    | 2 +-
 README-zh.md    | 2 +-
 README.md       | 2 +-
 23 files changed, 23 insertions(+), 23 deletions(-)

diff --git a/README-ar.md b/README-ar.md
index f22ba0e..5de554d 100644
--- a/README-ar.md
+++ b/README-ar.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [Polski](./README-pl.md) | [Македонски](.README-mk.md) | [ລາວ](./README-lo.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md)
 <div dir="rtl">
 
 # API Security Checklist
diff --git a/README-de.md b/README-de.md
index b29327d..a553df8 100644
--- a/README-de.md
+++ b/README-de.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](.README-mk.md) | [ລາວ](./README-lo.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md)
 
 # API Security Checkliste
 Checkliste für die wichtigsten Sicherheitsmaßnahmen beim Designen, Testen und Veröffentlichen deiner API.
diff --git a/README-es.md b/README-es.md
index 85166ac..ca020fd 100644
--- a/README-es.md
+++ b/README-es.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](.README-mk.md) | [ລາວ](./README-lo.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md)
 
 # Lista de seguridad en APIs
 Lista de las contramedidas de seguridad más importantes en cuanto al diseño, testing y publicación de tu API.
diff --git a/README-fr.md b/README-fr.md
index 2aee423..67cdf8f 100644
--- a/README-fr.md
+++ b/README-fr.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](.README-mk.md) | [ລາວ](./README-lo.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md)
 
 # API Security Checklist
 Checklist des points de sécurité les plus importants lors de la conception, du test et de la mise en production de votre API.
diff --git a/README-hi.md b/README-hi.md
index 01d4381..0be0895 100644
--- a/README-hi.md
+++ b/README-hi.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](.README-mk.md) | [ລາວ](./README-lo.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md)
 
 # API सुरक्षा जांच-सूची
 अपने एपीआई को डिजाइन करने, परीक्षण करने और जारी करने के दौरान सबसे महत्वपूर्ण सुरक्षा प्रतिवाद की जांच सूची|
diff --git a/README-id.md b/README-id.md
index 285fbcb..5f8534a 100644
--- a/README-id.md
+++ b/README-id.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](.README-mk.md) | [ລາວ](./README-lo.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md)
 
 # Checklist Keamanan API
 Checklist penanggulangan keamanan yang paling penting ketika merancang, menguji, dan melepaskan API ke khalayak
diff --git a/README-it.md b/README-it.md
index a27401d..c1c7408 100644
--- a/README-it.md
+++ b/README-it.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](.README-mk.md) | [ລາວ](./README-lo.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md)
 
 # Checklist per la sicurezza delle API
 Una checklist per le più importanti contromisure da mettere in pratica quando strutturiamo, testiamo e rilasciamo le nostre API.
diff --git a/README-ja.md b/README-ja.md
index 6e3aabb..e4f0e91 100644
--- a/README-ja.md
+++ b/README-ja.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](.README-mk.md) | [ລາວ](./README-lo.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md)
 
 # APIセキュリティチェックリスト
 APIを設計、テスト、リリースするときの最も重要なセキュリティ対策のチェックリスト
diff --git a/README-jp.md b/README-jp.md
index 8a262a1..e3179d7 100644
--- a/README-jp.md
+++ b/README-jp.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](.README-mk.md) | [ລາວ](./README-lo.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md)
 
 # API Security Checklist
 これはAPIの設計, テスト, リリース時における、重要なセキュリティ対策チェックリストです。
diff --git a/README-ko.md b/README-ko.md
index e3ac91f..14c13c3 100644
--- a/README-ko.md
+++ b/README-ko.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](.README-mk.md) | [ລາວ](./README-lo.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md)
 
 # API 보안 점검표
 API를 설계하고, 테스트하고, 배포할 때 고려해야 할 중요한 보안 대책에 대한 점검 목록입니다.
diff --git a/README-lo.md b/README-lo.md
index 56748c4..23789df 100644
--- a/README-lo.md
+++ b/README-lo.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](.README-mk.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md)
 
 # API Security Checklist
 Checklist ທີ່ຕ້ອງໃຫ້ຄວາມສຳຄັນເມື່ອມີການສ້າງ API ໃນຊ່ວງການອອກແບບ ທົດສອບລະບົບ ແລະ ການປ່ອຍໃຫ້ຄົນນອກໃຊ້
diff --git a/README-mn.md b/README-mn.md
index a1b1ef9..ff372e2 100644
--- a/README-mn.md
+++ b/README-mn.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](.README-mk.md) | [ລາວ](./README-lo.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md)
 
 # API Аюулгүйн жагсаалт
 API гаргах, загварчлах, тестлэхэд аюулгүйн талаас авах сөрөг арга хэмжээний жагсаалт.
diff --git a/README-nl.md b/README-nl.md
index 6341f2c..035f323 100644
--- a/README-nl.md
+++ b/README-nl.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](.README-mk.md) | [ລາວ](./README-lo.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md)
 
 # API Security Checklist
 Checklist met de belangrijkste tegenmaatregelen bij het ontwerpen, testen en uitbrengen van een API.
diff --git a/README-pl.md b/README-pl.md
index 703dec9..2510643 100644
--- a/README-pl.md
+++ b/README-pl.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Македонски](.README-mk.md) | [ລາວ](./README-lo.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md)
 
 # Lista kontrolna bezpieczeństwa API
 Lista kontrolna najważniejszych metod zabezpieczenia podczas projektowania, testowania oraz wypuszczania własnego API.
diff --git a/README-pt_BR.md b/README-pt_BR.md
index 25135c9..5542ffa 100644
--- a/README-pt_BR.md
+++ b/README-pt_BR.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](.README-mk.md) | [ລາວ](./README-lo.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md)
 
 # API Security Checklist
 Lista das mais importantes medidas de segurança para o desenvolvimento, teste e publicação da sua API.
diff --git a/README-ru.md b/README-ru.md
index a45ba9b..0f1096d 100644
--- a/README-ru.md
+++ b/README-ru.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](.README-mk.md) | [ລາວ](./README-lo.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md)
 
 # Контрольный список безопасности API
 Контрольный список наиболее важных контрмер безопасности при разработке, тестировании и выпуске вашего API.
diff --git a/README-th.md b/README-th.md
index e865077..37ac27a 100644
--- a/README-th.md
+++ b/README-th.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](.README-mk.md) | [ລາວ](./README-lo.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md)
 
 # API Security Checklist
 Checklist ที่ต้องให้ความสำคัญเมื่อมีการสร้าง API ในช่วงการออกแบบ ทดสอบระบบ และการปล่อยให้คนนอกใช้
diff --git a/README-tr.md b/README-tr.md
index 2b7c3af..4b3242f 100644
--- a/README-tr.md
+++ b/README-tr.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](.README-mk.md) | [ລາວ](./README-lo.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md)
 
 # API Güvenlik Kontrol Listesi
 API'nizi tasarlarken, test ederken ve yayınlarken en önemli güvenlik önlemlerinin kontrol listesi.
diff --git a/README-tw.md b/README-tw.md
index b70cdc4..56562e3 100644
--- a/README-tw.md
+++ b/README-tw.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](.README-mk.md) | [ລາວ](./README-lo.md)
+[English](./README.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md)
 
 # 開發安全的 API 所需要核對的清單
 以下是當你在設計, 測試以及發佈你的 API 的時候所需要核對的重要安全措施.
diff --git a/README-uk.md b/README-uk.md
index 8acb8bb..10f98a1 100644
--- a/README-uk.md
+++ b/README-uk.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](.README-mk.md) | [ລາວ](./README-lo.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md)
 
 # Контрольний список безпеки API
 Контрольний список найбільш важливих контрзаходів безпеки при розробці, тестуванні та випуску вашого API.
diff --git a/README-vi.md b/README-vi.md
index 728d604..ea84821 100644
--- a/README-vi.md
+++ b/README-vi.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](.README-mk.md) | [ລາວ](./README-lo.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md)
 
 # Danh sách các giải pháp an toàn cho API
 Những giải pháp an toàn và cách khắc phục khi thiết kế, kiểm tra và phát hành API cho ứng dụng của bạn.
diff --git a/README-zh.md b/README-zh.md
index 55175f5..44749fb 100644
--- a/README-zh.md
+++ b/README-zh.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](.README-mk.md) | [ລາວ](./README-lo.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md)
 
 # 开发安全的 API 所需要核对的清单
 以下是当你在设计, 测试以及发布你的 API 的时候所需要核对的重要安全措施.
diff --git a/README.md b/README.md
index ccbde15..4c2cd7e 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,4 @@
-[繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](.README-mk.md) | [ລາວ](./README-lo.md)
+[繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md)
 
 # API Security Checklist
 Checklist of the most important security countermeasures when designing, testing, and releasing your API.

From 6da83315178114a98a58ea07b9f0a0989ca8672c Mon Sep 17 00:00:00 2001
From: Alex <alex.avlonitis@makeitcheaper.com>
Date: Thu, 3 Jan 2019 16:43:00 +0000
Subject: [PATCH 068/149] Add greek translation

---
 README-el.md | 75 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 README.md    |  2 +-
 2 files changed, 76 insertions(+), 1 deletion(-)
 create mode 100644 README-el.md

diff --git a/README-el.md b/README-el.md
new file mode 100644
index 0000000..2f75ecc
--- /dev/null
+++ b/README-el.md
@@ -0,0 +1,75 @@
+[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md)
+
+# API λίστα ελέγχου ασφαλείας
+Λίστα με τα πιο σημαντικά μέτρα ασφαλείας στον σχεδιασμό, έλεγχο, και την έκδοση του API σας.
+
+
+---
+
+## Επικύρωση ασφαλείας (Authentication)
+- [ ] Μη χρησιμοποιήτε `Basic Auth`. Χρησιμοποιήστε standard authentication (π.χ. [JWT](https://jwt.io/), [OAuth](https://oauth.net/)).
+- [ ] Μην προσπαθήσετε να επανεφεύρετε τον τροχό για `Authentication`, `token generation`, `password storage`. Χρησιμοποιήστε ήδη υπάρχων βιβλιοθήκες.
+- [ ] Χρησιμοποιήστε `Max Retry` και jail features κατά τη σύνδεση (Login).
+- [ ] Χρησιμοποιήστε κρυπτογράφηση (encryption) για όλα τα σημαντικά δεδομένα.
+
+### JWT (JSON Web Token)
+- [ ] Χρησιμοποιήστε τυχαίο περίπλοκο κλειδί (`JWT Secret`) για να γίνει αρκετά δύσκολο να αποκρυπτογραφηθεί με brute forcing.
+- [ ] Μη χρησιμοποιήτε/αφαιρήτε τον αλγόριθμο απο το payload. Ο αλγόριθμος πρέπει να πραγματοποιήτε στο backend (`HS256` or `RS256`).
+- [ ] Κάντε το token να λήγει (token expiration) (`TTL`, `RTTL`) όσο πιο σύντομα γίνεται.
+- [ ] Μη καταχωρείτε ευαίσθητα δεδομένα στο JWT payload, μπορεί να αποκρυπτογραφηθεί εύκολα [easily](https://jwt.io/#debugger-io).
+
+### OAuth
+- [ ] Πάντα να επαληθεύετε το `redirect_uri` στο server-side και επιτρέπετε μόνο whitelisted URLs.
+- [ ] Πάντα να προσπαθήτε να ανταλλάσετε auth code και όχι tokens (μην επιτρέπετε `response_type=token`).
+- [ ] Χρησιμοποιήστε `state` παράμετρο με τυχαίο περίπλοκο κλειδί (hash) για να αποτρέψετε CSRF κατα τη διάρκεια της OAuth authentication διαδικασίας.
+- [ ] Ορίστε το προεπιλεγμένο πεδίο (default scope), και επικυρώστε τις παραμέτρους πεδίου (scope parameters) για κάθε εφαρμογή.
+
+## Πρόσβαση (Access)
+- [ ] Περιορίστε τα αιτήματα (requests) (Throttling) για να αποφύγετε επιθέσεις DDoS / brute-force.
+- [ ] Χρησιμοποιήστε HTTPS στο server side για να αποφύγετε επιθέσεις MITM (Man in the Middle Attack).
+- [ ] Χρησιμοποιήστε `HSTS` κεφαλίδα (header) με SSL για να αποφύγετε SSL Strip επιθέσεις.
+
+## Είσοδος δεδομένων (Input)
+- [ ] Χρησιμοποιήστε την κατάλληλη HTTP μέθοδο σύμφωνα με τη λειτουργία που χρειάζεστε: `GET (read)`, `POST (create)`, `PUT/PATCH (replace/update)`, και `DELETE (για διαγραφή αρχείου)`, και απαντήστε με `405 Method Not Allowed` εάν η ζητούμενη μέθοδος δεν είναι κατάλληλη για την αιτούμενη εφαρμογή.
+- [ ] Επικυρώστε `content-type` στη ζητούμενη Accept κεφαλίδα (Content Negotiation) για να επιτρέψετε μόνο το format που υποστηρίζετε (π.χ. `application/xml`, `application/json`, κτλ.) και απαντήστε με `406 Not Acceptable` εάν δεν το υποστηρίζετε.
+- [ ] Επικυρώστε `content-type` δεδομένα που στέλνετε, με τον ίδιο τρόπο όπως τα δέχεστε (π.χ. `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json`, κτλ.).
+- [ ] Επικυρώστε την οποιαδήποτε είσοδο δεδομένων απο τους χρήστες, για να αποφύγετε τα κοινά κενά ασφαλείας (π.χ. `XSS`, `SQL-Injection`, `Remote Code Execution`, κτλ.).
+- [ ] Μη χρησιμοποιήτε ευαίσθητα δεδομένα (`credentials`, `Passwords`, `security tokens`, ή `API keys`) στο URL, αλλά χρησιμοποιήστε τη κοινή Authorization κεφαλίδα (standard Authorization header).
+- [ ] Χρησιμοποιήστε API Gateway service για να ενεργοποιήσετε caching, Rate Limit policies (π.χ. `Quota`, `Spike Arrest`, ή `Concurrent Rate Limit`) και κάντε deploy APIs resources δυναμικά.
+
+## Επεξεργασία (Processing)
+- [ ] Ελέγξτε ότι όλα τα endpoints είναι προστατευμένα πίσω από επικύρωση ασφαλείας(authentication) για να αποφύγετε προβλήματα λανθασμένης επικύρωσης (broken authentication process).
+- [ ] Μη χρησιμοποιήτε το ID των χρηστών. Χρησιμοποιήστε `/me/orders` αντί `/user/654321/orders`.
+- [ ] Μη χρησιμοποιήτε την αυτόματη αύξηση των IDs. Χρησιμοποιήστε `UUID` αντι αυτου.
+- [ ] Εάν επεργάζεστε XML αρχεία, σιγουρευτείτε ότι το entity parsing δεν είναι ενεργοποιημένο, για να αποφύγετε `XXE` (επίθεση XML external entity).
+- [ ] Εάν επεργάζεστε XML αρχεία, σιγουρευτείτε ότι το entity expansion δεν είναι ενεργοποιημένο, για να αποφύγετε `Billion Laughs/XML bomb` δια μέσου exponential entity expansion επίθεσης.
+- [ ] Χρησιμοποιήστε CDN για την φόρτωση αρχείων (file uploads).
+- [ ] Εάν επεξεργάζεστε μεγάλο αριθμο δεδομένων, χρησιμοποιήστε Workers και Queues για να γίνετε η επεξεργασία στο background και να γίνεται η επιστροφή απάντησης πολύ πιο γρήγορα, αποφεύγοντας HTTP Blocking.
+- [ ] Μην ξεχνάτε να απενεργοποιήσετε το DEBUG mode.
+
+## Αποστολή/Επιστροφή δεδομένων (Output)
+- [ ] Αποστέλετε `X-Content-Type-Options: nosniff` κεφαλίδα (header).
+- [ ] Αποστέλετε `X-Frame-Options: deny` κεφαλίδα (header).
+- [ ] Αποστέλετε `Content-Security-Policy: default-src 'none'` κεφαλίδα (header).
+- [ ] Αφαιρέστε fingerprinting κεφαλίδεs (headers) - `X-Powered-By`, `Server`, `X-AspNet-Version`, κτλ.
+- [ ] Εξαναγκάστε το `content-type` να υπάρχει στην απάντηση (response), εάν η απάντηση είναι `application/json` τότε η απάντηση `content-type` πρέπει να είναι `application/json`.
+- [ ] Μην επιστρέφετε ευαίσθητα δεδομένα, όπως: `credentials`, `Passwords`, ή `security tokens`.
+- [ ] Επιστρέψτε τον κατάλληλο κωδικό κατάστασης σύμφωνα με τη διαδικασία που ολοκληρώθηκε. (π.χ. `200 OK`, `400 Bad Request`, `401 Unauthorized`, `405 Method Not Allowed`, κτλ.).
+
+## CI & CD
+- [ ] Ελέγξτε το σχεδιασμό και την κατάσταση της εφαρμογή σας με επαρκή κάλυψη τεστ Unit / integration.
+- [ ] Χρησιμοποιήτε code review διαδικασίες και μη δέχεστε self-approval απο την ομάδα.
+- [ ] Εξασφαλίστε ότι όλα τα στοιχέια των υπηρεσιών σας περνούν απο στατικό έλεγχο με AV software πριν τα αναρτήσετε στο production, συμπεριλαμβανομένου οποιασδήποτε εξωτερικής βιβλιοθήκης που μπορει να χρησιμοποιήτε.
+- [ ] Σχεδιάστε rollback διαδικασίες για deployments.
+
+
+---
+
+## Δείτε επίσης:
+- [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) - Λίστα με χρήσιμες πληροφορίες για τον σχεδιασμό RESTful HTTP+JSON APIs.
+
+
+---
+
+# Συνεισφορά
+Μη διστάσετε να συμβάλλετε με το να κάνετε forking αυτό το repository, κάνοντας αλλαγές και υποβάλλοντας pull requests. Για οποιεσδήποτε ερωτήσεις στείλτε μας ένα email στο `team@shieldfy.io`.
diff --git a/README.md b/README.md
index d349f44..bdd803d 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,4 @@
-[繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md)
+[繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [Ελληνικά](./README-el.md)
 
 # API Security Checklist
 Checklist of the most important security countermeasures when designing, testing, and releasing your API.

From 1925e5d02064732585e362957a3d502cbad7ea0d Mon Sep 17 00:00:00 2001
From: Caleb Mazalevskis <maikuolan@gmail.com>
Date: Sun, 26 May 2019 17:08:18 +0800
Subject: [PATCH 069/149] Fix for #120

---
 README-ar.md    | 2 +-
 README-de.md    | 2 +-
 README-el.md    | 2 +-
 README-es.md    | 2 +-
 README-fr.md    | 2 +-
 README-hi.md    | 2 +-
 README-id.md    | 2 +-
 README-it.md    | 2 +-
 README-ja.md    | 2 +-
 README-jp.md    | 2 +-
 README-ko.md    | 2 +-
 README-lo.md    | 2 +-
 README-mk.md    | 2 +-
 README-mn.md    | 2 +-
 README-nl.md    | 2 +-
 README-pl.md    | 2 +-
 README-pt_BR.md | 2 +-
 README-ru.md    | 2 +-
 README-th.md    | 2 +-
 README-tr.md    | 2 +-
 README-tw.md    | 2 +-
 README-uk.md    | 2 +-
 README-vi.md    | 2 +-
 README.md       | 2 +-
 24 files changed, 24 insertions(+), 24 deletions(-)

diff --git a/README-ar.md b/README-ar.md
index 5de554d..937bfbd 100644
--- a/README-ar.md
+++ b/README-ar.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md)
 <div dir="rtl">
 
 # API Security Checklist
diff --git a/README-de.md b/README-de.md
index a553df8..bc23be0 100644
--- a/README-de.md
+++ b/README-de.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md)
 
 # API Security Checkliste
 Checkliste für die wichtigsten Sicherheitsmaßnahmen beim Designen, Testen und Veröffentlichen deiner API.
diff --git a/README-el.md b/README-el.md
index 2f75ecc..a55c5a6 100644
--- a/README-el.md
+++ b/README-el.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md)
 
 # API λίστα ελέγχου ασφαλείας
 Λίστα με τα πιο σημαντικά μέτρα ασφαλείας στον σχεδιασμό, έλεγχο, και την έκδοση του API σας.
diff --git a/README-es.md b/README-es.md
index ca020fd..af72f6e 100644
--- a/README-es.md
+++ b/README-es.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md)
 
 # Lista de seguridad en APIs
 Lista de las contramedidas de seguridad más importantes en cuanto al diseño, testing y publicación de tu API.
diff --git a/README-fr.md b/README-fr.md
index 67cdf8f..a39e1ba 100644
--- a/README-fr.md
+++ b/README-fr.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md)
 
 # API Security Checklist
 Checklist des points de sécurité les plus importants lors de la conception, du test et de la mise en production de votre API.
diff --git a/README-hi.md b/README-hi.md
index 0be0895..1e02ed5 100644
--- a/README-hi.md
+++ b/README-hi.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md)
 
 # API सुरक्षा जांच-सूची
 अपने एपीआई को डिजाइन करने, परीक्षण करने और जारी करने के दौरान सबसे महत्वपूर्ण सुरक्षा प्रतिवाद की जांच सूची|
diff --git a/README-id.md b/README-id.md
index 5f8534a..8c4ed44 100644
--- a/README-id.md
+++ b/README-id.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md)
 
 # Checklist Keamanan API
 Checklist penanggulangan keamanan yang paling penting ketika merancang, menguji, dan melepaskan API ke khalayak
diff --git a/README-it.md b/README-it.md
index c1c7408..8cd8258 100644
--- a/README-it.md
+++ b/README-it.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md)
 
 # Checklist per la sicurezza delle API
 Una checklist per le più importanti contromisure da mettere in pratica quando strutturiamo, testiamo e rilasciamo le nostre API.
diff --git a/README-ja.md b/README-ja.md
index e4f0e91..c7f464b 100644
--- a/README-ja.md
+++ b/README-ja.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md)
 
 # APIセキュリティチェックリスト
 APIを設計、テスト、リリースするときの最も重要なセキュリティ対策のチェックリスト
diff --git a/README-jp.md b/README-jp.md
index e3179d7..e47f414 100644
--- a/README-jp.md
+++ b/README-jp.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md)
 
 # API Security Checklist
 これはAPIの設計, テスト, リリース時における、重要なセキュリティ対策チェックリストです。
diff --git a/README-ko.md b/README-ko.md
index 14c13c3..90572fd 100644
--- a/README-ko.md
+++ b/README-ko.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md)
 
 # API 보안 점검표
 API를 설계하고, 테스트하고, 배포할 때 고려해야 할 중요한 보안 대책에 대한 점검 목록입니다.
diff --git a/README-lo.md b/README-lo.md
index 23789df..3287287 100644
--- a/README-lo.md
+++ b/README-lo.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md)
 
 # API Security Checklist
 Checklist ທີ່ຕ້ອງໃຫ້ຄວາມສຳຄັນເມື່ອມີການສ້າງ API ໃນຊ່ວງການອອກແບບ ທົດສອບລະບົບ ແລະ ການປ່ອຍໃຫ້ຄົນນອກໃຊ້
diff --git a/README-mk.md b/README-mk.md
index 47900c8..bbc7292 100644
--- a/README-mk.md
+++ b/README-mk.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [ລາວ](./README-lo.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [ລາວ](./README-lo.md)
 
 # API Безбедносна контролна листа
 Безбедносна контролна листа од најважните безбедносни контрамерки при дизајнирање, тестирање и пуштање во употреба на вашето API.
diff --git a/README-mn.md b/README-mn.md
index ff372e2..63de21d 100644
--- a/README-mn.md
+++ b/README-mn.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md)
 
 # API Аюулгүйн жагсаалт
 API гаргах, загварчлах, тестлэхэд аюулгүйн талаас авах сөрөг арга хэмжээний жагсаалт.
diff --git a/README-nl.md b/README-nl.md
index 035f323..22bb7f8 100644
--- a/README-nl.md
+++ b/README-nl.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md)
 
 # API Security Checklist
 Checklist met de belangrijkste tegenmaatregelen bij het ontwerpen, testen en uitbrengen van een API.
diff --git a/README-pl.md b/README-pl.md
index 2510643..3e04a90 100644
--- a/README-pl.md
+++ b/README-pl.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md)
 
 # Lista kontrolna bezpieczeństwa API
 Lista kontrolna najważniejszych metod zabezpieczenia podczas projektowania, testowania oraz wypuszczania własnego API.
diff --git a/README-pt_BR.md b/README-pt_BR.md
index 5542ffa..6e78c28 100644
--- a/README-pt_BR.md
+++ b/README-pt_BR.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md)
 
 # API Security Checklist
 Lista das mais importantes medidas de segurança para o desenvolvimento, teste e publicação da sua API.
diff --git a/README-ru.md b/README-ru.md
index 0f1096d..e847162 100644
--- a/README-ru.md
+++ b/README-ru.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md)
 
 # Контрольный список безопасности API
 Контрольный список наиболее важных контрмер безопасности при разработке, тестировании и выпуске вашего API.
diff --git a/README-th.md b/README-th.md
index 37ac27a..7960355 100644
--- a/README-th.md
+++ b/README-th.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md)
 
 # API Security Checklist
 Checklist ที่ต้องให้ความสำคัญเมื่อมีการสร้าง API ในช่วงการออกแบบ ทดสอบระบบ และการปล่อยให้คนนอกใช้
diff --git a/README-tr.md b/README-tr.md
index 4b3242f..b32a20a 100644
--- a/README-tr.md
+++ b/README-tr.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md)
 
 # API Güvenlik Kontrol Listesi
 API'nizi tasarlarken, test ederken ve yayınlarken en önemli güvenlik önlemlerinin kontrol listesi.
diff --git a/README-tw.md b/README-tw.md
index 56562e3..7104686 100644
--- a/README-tw.md
+++ b/README-tw.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md)
+[English](./README.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md)
 
 # 開發安全的 API 所需要核對的清單
 以下是當你在設計, 測試以及發佈你的 API 的時候所需要核對的重要安全措施.
diff --git a/README-uk.md b/README-uk.md
index 10f98a1..f91beb3 100644
--- a/README-uk.md
+++ b/README-uk.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md)
 
 # Контрольний список безпеки API
 Контрольний список найбільш важливих контрзаходів безпеки при розробці, тестуванні та випуску вашого API.
diff --git a/README-vi.md b/README-vi.md
index ea84821..bf42c79 100644
--- a/README-vi.md
+++ b/README-vi.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md)
 
 # Danh sách các giải pháp an toàn cho API
 Những giải pháp an toàn và cách khắc phục khi thiết kế, kiểm tra và phát hành API cho ứng dụng của bạn.
diff --git a/README.md b/README.md
index bdd803d..0ab2684 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,4 @@
-[繁中版](./README-tw.md) | [簡中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [Ελληνικά](./README-el.md)
+[繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [Ελληνικά](./README-el.md)
 
 # API Security Checklist
 Checklist of the most important security countermeasures when designing, testing, and releasing your API.

From e383c19e5896a5861bced2fa0f33f0ecb873c0a4 Mon Sep 17 00:00:00 2001
From: donchan922 <donchan922@gmail.com>
Date: Tue, 2 Jul 2019 12:46:35 +0900
Subject: [PATCH 070/149] Japanese translations merged #79

---
 README-ja.md | 75 ++++++++++++++++++++++++++--------------------------
 README-jp.md | 75 ----------------------------------------------------
 2 files changed, 37 insertions(+), 113 deletions(-)
 delete mode 100644 README-jp.md

diff --git a/README-ja.md b/README-ja.md
index c7f464b..2281afd 100644
--- a/README-ja.md
+++ b/README-ja.md
@@ -7,60 +7,59 @@ APIを設計、テスト、リリースするときの最も重要なセキュ
 ---
 
 ## 認証
-- [ ] Basic認証を利用せず、標準的な認証を利用する (例: JWT、OAuth)
-- [ ] 「認証」、「トークンの生成」、「パスワードの保管」の車輪の再発明を行わず、標準のものを利用する
-- [ ] ログインでは「最大再試行回数(Max Retry)」とjail機能を利用する
-- [ ] 全ての機密データは暗号化する
+- [ ] `Basic認証`を利用せず、標準的な認証を利用する（例: [JWT](https://jwt.io/)、[OAuth](https://oauth.net/)）
+- [ ] `認証`、`トークンの生成`、`パスワードの保管`の車輪の再発明を行わず、標準化されているものを利用する。
+- [ ] ログインでは`最大リトライ回数（Max Retry）`とjail機能を利用する。
+- [ ] 全ての機密情報は暗号化する。
 
 ### JWT (JSON Web Token)
-- [ ] ランダムで複雑なキー (`JWT Secret`) を利用し、トークンに対するブルートフォース攻撃を困難にする
-- [ ] ペイロードからアルゴリズムを取り出さない。バックエンドでアルゴリズムを強制する。(`HS256` か `RS256`)
-- [ ] トークンの有効期限 (`TTL`, `RTTL`) を可能な限り短くする。
-- [ ] 機密データをJWTペイロードに格納しない。それは[簡単に](https://jwt.io/#debugger-io)復号できる。
+- [ ] ブルートフォース攻撃を困難にするため、ランダムで複雑なキー（`JWT Secret`）を使用する。
+- [ ] ペイロードからアルゴリズムを抽出してはいけない。必ずバックエンドで暗号化する（`HS256`または`RS256`）。
+- [ ] トークンの有効期限（`TTL`, `RTTL`）を可能な限り短くする。
+- [ ] JWTのペイロードに機密情報を格納してはいけない。それは[簡単に](https://jwt.io/#debugger-io)復号できる。
 
 ### OAuth
-- [ ] 常に `redirect_uri` をサーバ側でホワイトリストされたURLのみを許可するよう検証する。
-- [ ] 常に token ではなく code を交換するよう試行する (`response_type=token` を許可しない)。
-- [ ] `state` パラメータをランダムなハッシュと共に利用し、OAuth認証プロセスでのCSRFを防ぐ。
+- [ ] サーバサイドで常に`redirect_uri`を検証し、ホワイトリストに含まれるURLのみを許可する。
+- [ ] 常にtokenではなくcodeを交換するようにする（`response_type=token`を許可しない）。
+- [ ] `state`パラメータをランダムなハッシュと共に利用し、OAuth認証プロセスでのCSRFを防ぐ。
 - [ ] デフォルトのscopeを定義し、アプリケーション毎にscopeパラメータを検証する。
 
 ## アクセス
-- [ ] DDoS / ブルートフォース攻撃を防ぐためリクエストの制限 (スロットリング) を行う。
-- [ ] HTTPSをサーバ側で利用しMITM (Man In The Middle Attack) を回避する。
-- [ ] `HSTS`ヘッダをSSLと共に利用し、SSL Strip攻撃を回避する。
+- [ ] DDoSやブルートフォース攻撃を回避するため、リクエストを制限（スロットリング）する。
+- [ ] MITM（Man in the Middle Attack）を防ぐため、サーバサイドではHTTPSを使用する。
+- [ ] SSL Strip attackを防ぐため、SSL化とともに`HSTS`ヘッダを設定する。
 
 ## 入力
-- [ ] 操作に準じて適切なHTTPメソッドを利用する、`GET (読み込み)`、`POST (作成)`、`PUT/PATCH (置き換え/更新)`、`DELETE (単一レコードの削除)。もし要求されたメソッドがリソースに存在しない場合は `405 Method Not Allowed` を返却する。
-- [ ] リクエストのAcceptヘッダ (Content Negotiation) の `content-type` を検証し、サポートしているフォーマットのみを許可し (例: `application/xml`、`application/json` 等)、もし合致しなければ `406 Not Acceptable` レスポンスを応答する。
-- [ ] 受け取るPOSTされたデータの`content-type` を検証する (例: `application/x-www-form-urlencoded`、`multipart/form-data ,application/json` 等)。
-- [ ] 一般的な脆弱性を避けるためユーザ入力を検証する (例: `XSS`, `SQLインジェクション`, `リモートコード実行` 等)。
-- [ ] URL中で機密データ (`クレデンシャル`、`パスワード`、`セキュリティトークン`) を利用せず、標準的な認証ヘッダで利用する。
-- [ ] キャッシュ、レート制限、スパイク阻止、そしてAPIリソースのデプロイを動的に行うため、APIゲートウェイサービスを利用する。
+- [ ] 操作に応じて適切なHTTPメソッドを利用する。`GET（読み込み）`, `POST（作成）`, `PUT/PATCH（置き換え/更新）`, `DELETE（単一レコードの削除）`。リクエストメソッドがリソースに対して適切ではない場合、`405 Method Not Allowed`を返す。
+- [ ] リクエストのAcceptヘッダ（コンテンツネゴシエーション）の`content-type`を検証する。サポートしているフォーマット（例: `application/xml`, `application/json`等）は許可し、そうでない場合は`406 Not Acceptable`を返す。
+- [ ] POSTされたデータの`content-type`が受け入れ可能（例: `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json`等）かどうかを検証する。
+- [ ] ユーザーの入力に一般的な脆弱性が含まれていないことを検証する（例: `XSS`, `SQLインジェクション`, `リモートコード実行`等）。
+- [ ] URLの中に機密情報（`認証情報`, `パスワード`, `セキュリティトークン`）を利用せず、標準的な認証ヘッダを使用する。
+- [ ] キャッシュ、Rate Limit policies（例: `Quota`, `Spike Arrest`, `Concurrent Rate Limit`）を有効化し、APIリソースのデプロイを動的に行うため、APIゲートウェイサービスを利用する。
 
 ## 処理
-- [ ] 壊れた認証プロセスを回避するため、全てのエンドポイントが認証の背後で保護されているかを確認する。
-- [ ] ユーザ所有リソースのIDの利用は避ける。`/user/654321/orders` の代わりに `/me/orders` を利用する。
-- [ ] オートインクリメントのIDを利用せず、代わりに`UUID`を利用する。
-- [ ] XMLファイルをパースする場合は、`XXE` (XML external entity attack) を回避するため entity parsing が有効でないことを確認する。
-- [ ] XMLファイルをパースする場合は、exponential entity expansion attack による `Billion Laughs/XML bomb` 攻撃を回避するため entity expansion が有効でないことを確認する。
-- [ ] ファイルアップロードにCDNを利用する。
-- [ ] 非常に多量のデータを扱う場合は、ワーカーとキューを利用して可能な限りバックグラウンドで処理をするようにし、早く応答を返却し、HTTP Blockingを避ける。
-- [ ] DEBUGモードをオフにするのを忘れない。
+- [ ] 壊れた認証プロセスを回避するため、全てのエンドポイントが認証により守られていることを確かめる。
+- [ ] ユーザーに紐付いたリソースIDを使用してはならない。`/user/654321/orders`の代わりに`/me/orders`を利用する。
+- [ ] オートインクリメントなIDを利用せず、代わりに`UUID`を利用する。
+- [ ] XMLファイルをパースする場合、`XXE`（XML external entity attack）を回避するため、entity parsingが有効でないことを確認する。
+- [ ] XMLファイルをパースする場合、exponential entity expansion attackによる`Billion Laughs/XML bomb`攻撃を回避するためentity expansion が有効でないことを確認する。
+- [ ] ファイルアップロードにはCDNを利用する。
+- [ ] 大量のデータを扱う場合、バックグラウンドでWorkerプロセスやキューを出来る限り使用し、レスポンスを速く返すことでHTTPブロッキングを避ける。
 
 ## 出力
-- [ ] `X-Content-Type-Options: nosniff` ヘッダを送信する。
-- [ ] `X-Frame-Options: deny` ヘッダを送信する。
-- [ ] `Content-Security-Policy: default-src 'none'` ヘッダを送信する。
-- [ ] フィンガープリントヘッダを削除する - `X-Powered-By`, `Server`, `X-AspNet-Version` 等。
-- [ ] `content-type` を応答で強制する。もし `application/json` を返却するのなら、レスポンスの `content-type` は `application/json` にする。
-- [ ] `認証情報`、`パスワード`、`セキュリティトークン` といった機密データを返却しない。
-- [ ] 完了した操作に一致した適切なステータスコードを返却する (例: `200 OK`、`400 Bad Request`、`401 Unauthorized`、`405 Method Not Allowed` ... 等)。
+- [ ] `X-Content-Type-Options: nosniff`をヘッダに付与する。
+- [ ] `X-Frame-Options: deny`をヘッダに付与する。
+- [ ] `Content-Security-Policy: default-src 'none'`をヘッダに付与する。
+- [ ] フィンガープリントヘッダを削除する - `X-Powered-By`, `Server`, `X-AspNet-Version`等。
+- [ ] `content-type`を必ず付与する。もし`application/json`を返す場合、`content-type`は`application/json`にする。
+- [ ] `認証情報`, `パスワード`, `セキュリティトークン`といった機密情報を返さない。
+- [ ] 処理の終了時に適切なステータスコードを返す（例: `200 OK`, `400 Bad Request`, `401 Unauthorized`, `405 Method Not Allowed`等）。
 
 ## CI & CD (継続的インテグレーションと継続的デリバリー)
-- [ ] 設計と実装をユニットテスト、インテグレーションテストのカバレッジで監査する。
+- [ ] ユニットテスト/結合テストのカバレッジで、設計と実装を継続的に検査する。
 - [ ] コードレビューのプロセスを採用し、自身による承認を無視する。
-- [ ] プロダクションへプッシュする前に、ベンダのライブラリ、その他の依存関係を含め、サービスの全ての要素がアンチウィルスソフトウェアで静的スキャンを確実に実施する。
-- [ ] デプロイについてロールバックソリューションを開発する。
+- [ ] プロダクションへプッシュする前に、ベンダのライブラリ、その他の依存関係を含め、サービスの全ての要素をアンチウイルスソフトで静的スキャンする。
+- [ ] デプロイのロールバックを用意する。
 
 
 ---
diff --git a/README-jp.md b/README-jp.md
deleted file mode 100644
index e47f414..0000000
--- a/README-jp.md
+++ /dev/null
@@ -1,75 +0,0 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md)
-
-# API Security Checklist
-これはAPIの設計, テスト, リリース時における、重要なセキュリティ対策チェックリストです。
-
-
----
-
-## 認証(Authentication)
-- [ ] `Basic認証`を使用してはならない。標準的な認証を使う。(例 JWT, OAuth)
-- [ ] `認証`, `トークン生成`, `パスワードの保管`において車輪の再発明をしてはならない。
-- [ ] `最大ログイン試行回数` (Max Retry) と、jail featuresを使用する。
-- [ ] 全ての秘匿情報を暗号化する。
-
-### JWT (JSON Web Token)
-- [ ] ブルートフォース攻撃を困難にするため、ランダムで複雑なキー (`JWT Secret`) を使用する。
-- [ ] ペイロードからアルゴリズムを抽出してはならない。必ずバックエンドで暗号化する。(`HS256`若しくは`RS256`)
-- [ ] トークンの有効期限 (`TTL`, `RTTL`) は、可能な限り短くする。
-- [ ] JWTのペイロードに秘匿情報を含めてはならない。それは[簡単に](https://jwt.io/#debugger-io)復号化される。
-
-### OAuth
-- [ ] サーバサイドで常に`redirect_uri`を検証し、ホワイトリストに含まれるURLのみを許可する。
-- [ ] tokenではなく、codeでのやり取りを心がける。(`response_type=token`を許可しない)
-- [ ] OAuthの認証プロセスでのCSRFを防ぐため、`state`パラメータはランダムなハッシュと合わせて使用する。
-- [ ] デフォルトのscopeを指定し、各アプリケーションでscopeパラメータを検証する。
-
-## 通信 (Access)
-- [ ] DDoSやブルートフォース攻撃を避けるため、リクエストの制限 (スロットリング) を設ける。
-- [ ] MITM (Man In The Middle Attack) を防ぐため、サーバサイドではHTTPSを使用する。
-- [ ] SSL Strip attackを防ぐため、SSL化して`HSTS`を設定する。
-
-## 入力 (Input)
-- [ ] 処理内容に応じて、適切なHTTPメソッドを使用する。: `GET (read)`, `POST (create)`, `PUT/PATCH (replace/update)`, `DELETE (レコード削除)`。リクエストメソッドがリソースに対して適切ではない場合、`405 Method Not Allowed`を返す。
-- [ ] HTTPヘッダーのAccept (コンテンツネゴシエーション) の`content-type`を検証する。サポートしているフォーマット (例 `application/xml`, `application/json` 等) は許可し、そうでない場合は`406 Not Acceptable`を返す。
-- [ ] 受け取ったデータの`content-type`が、受け入れ可能かどうか検証する。(例 `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json` 等)
-- [ ] ユーザーの入力に一般的な脆弱性が含まれていないことを検証する。(例 `XSS`, `SQL-Injection`, `Remote Code Execution` 等)
-- [ ] 秘匿情報 (`クレデンシャル情報`, `パスワード`, `セキュリティトークン`, `APIキー`) をURLに使用してはならない。標準のAuthorizationヘッダを使用する。
-- [ ] APIゲートウェイを使用し、キャッシュ, Rate Limit policies (例 `Quota`, `Spike Arrest`, `Concurrent Rate Limit`), 動的なAPIリソースのデプロイを有効化する。
-
-## 処理 (Processing)
-- [ ] 壊れた認証プロセスを避けるため、全てのエンドポイントが認証により守られていることを確かめる。
-- [ ] ユーザーに紐付いたリソースIDを使用してはならない。`/user/654321/orders`ではなく`/me/orders`を使用する。
-- [ ] auto-incrementなIDではなく、`UUID`を使用する。
-- [ ] XMLファイルをパースする時、エンティティのパースが有効ではないことを確認する。`XXE攻撃` (XML external entity attack) を避けるため。
-- [ ] XMLファイルをパースする時、エンティティ参照が有効ではないことを確認する。指数関数的エンティティ展開 (exponential entity expansion) による`Billion Laughs/XML bomb`を避けるため。
-- [ ] ファイルのアップロードにはCDNを使用する。
-- [ ] 大量のデータを扱う場合、バックグラウンドでWorkerプロセスやキューを出来る限り沢山使用し、返答を速く返すことでHTTPブロッキングを避ける。
-- [ ] デバッグモードをOFFにすることを忘れてはならない。
-
-## 出力 (Output)
-- [ ] `X-Content-Type-Options: nosniff`をヘッダに付与する。
-- [ ] `Send X-Frame-Options: deny`をヘッダに付与する。
-- [ ] `Content-Security-Policy: default-src 'none'`をヘッダに付与する。
-- [ ] fingerpringing headersを削除する。 - `X-Powered-By`, `Server`, `X-AspNet-Version` 等
-- [ ] `content-type`を必ず付与する。`application/json`を返す時は、レスポンスの`content-type`を`application/json`にする。
-- [ ] 秘匿情報 (`クレデンシャル情報`, `パスワード`, `セキュリティトークン`) を返してはならない。
-- [ ] 処理の終了時に適切なステータスコードを返す。(例 `200 OK`, `400 Bad Request`, `401 Unauthorized`, `405 Method Not Allowed` 等)
-
-## CI & CD
-- [ ] ユニットテスト/結合テストのカバレッジで、設計と実装を継続的に検査する。
-- [ ] コードレビュープロセスを導入し、自画自賛を止める。
-- [ ] productionにpushする前に、そのサービスの全てのコンポーネントをアンチウイルスソフトで静的スキャンする。ベンダーのライブラリやその他の依存するものも含めて。
-- [ ] デプロイのロールバックを用意する。
-
-
----
-
-## 参照：
-- [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) - RESTful HTTP+JSON APIを構築するための有用なリソースの集まり。
-
-
----
-
-# コントリビュート (Contribution)
-お気軽にこのリポジトリをフォークし、変更を加え、プルリクエストを送って下さい。ご質問はこちらのメールアドレスまでお願い致します。`team@shieldfy.io`

From 3421441e33132914667a724646eb34e552efd036 Mon Sep 17 00:00:00 2001
From: Caleb Mazalevskis <maikuolan@gmail.com>
Date: Tue, 2 Jul 2019 13:15:09 +0800
Subject: [PATCH 071/149] Sync some missing entries; fix some typos; etc.

---
 README-id.md | 12 +++++------
 README-ja.md |  3 ++-
 README-lo.md | 59 ++++++++++++++++++++++++++--------------------------
 README-mk.md | 14 ++++++-------
 README-nl.md |  4 ++--
 README-pl.md |  7 +++++++
 README-th.md |  4 ++--
 README-vi.md |  2 +-
 README-zh.md |  2 +-
 README.md    |  2 +-
 10 files changed, 59 insertions(+), 50 deletions(-)

diff --git a/README-id.md b/README-id.md
index 8c4ed44..7d7d326 100644
--- a/README-id.md
+++ b/README-id.md
@@ -7,8 +7,8 @@ Checklist penanggulangan keamanan yang paling penting ketika merancang, menguji,
 ---
 
 ## Autentikasi
-- [ ] Jangan gunakan `Basic Auth`. Gunakan autentikasi baku (Contoh: JWT, Oauth)
-- [ ] Gunakan mekanisme baku untuk `autentikasi`, `pembuatan token`, dan `penyimpanan kata sandi`
+- [ ] Jangan gunakan `Basic Auth`. Gunakan autentikasi baku (Contoh: JWT, Oauth).
+- [ ] Gunakan mekanisme baku untuk `autentikasi`, `pembuatan token`, dan `penyimpanan kata sandi`.
 - [ ] Gunakan maksimal percobaan berulang dan fitur penjara pada Login.
 - [ ] Gunakan enkripsi untuk seluruh data sensitif.
 
@@ -32,15 +32,15 @@ Checklist penanggulangan keamanan yang paling penting ketika merancang, menguji,
 ## Masuk
 - [ ] Gunakan metode HTTP yang sesuai dengan operasi yang digunakan, `GET untuk membaca catatan`, `POST untuk membuat catatan baru`, `PUT/PATCH untuk mengganti secara keseluruhan/mengubah sebagian catatan`, `DELETE untuk menghapus catatan` dan tanggapan `405 Method Not Allowed` jika metode permintaan tidak dikenali pada sumber daya.
 - [ ] Validasi `content-type` pada tajuk _Accept_ pada permintaan (Negosiasi konten) sehingga hanya mengijinkan format yang dikenali (Contoh: `application/xml`, `application/json`, dan lain sebagainya). Berikan tanggapan `406 Not Acceptable` jika nilai tajuk _Accept_ tidak dikenali.
-- [ ] Validasi `content-type` dari data yang dipos oleh pengguna (Contoh: `application/x-www-form-urlencoded`, `multipart/form-data ,application/json`, dan lain sebagainya).
+- [ ] Validasi `content-type` dari data yang dipos oleh pengguna (Contoh: `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json`, dan lain sebagainya).
 - [ ] Validasi masukan dari pengguna untuk menghindari kerentanan umum (Contoh: `XSS`, `SQL-Injection`, `Remote Code Execution`, dan lain sebagainya).
 - [ ] Jangan gunakan data sensitif seperti `kredensial`, `kata sandi`, `token keamanan`, atau `kunci API` pada URL. Gunakan tajuk _Authorization_ baku.
-- [ ] Gunakan layanan pintu gerbang API (_API Gateway_) untuk memungkinan singgahan, pembatasan laju, pendeteksian lalu lintas tinggi, dan penyebaran sumber daya API secara dinamis
+- [ ] Gunakan layanan pintu gerbang API (_API Gateway_) untuk memungkinan singgahan, pembatasan laju, pendeteksian lalu lintas tinggi, dan penyebaran sumber daya API secara dinamis.
 
 ## Pemrosesan
 - [ ] Cek apakah seluruh titik akhir terlindungi oleh autentikasi untuk menghindari proses autentikasi yang rusak.
-- [ ] Sumber daya id kepunyaan pengguna sebaiknya dihindari. Lebih baik menggunakan`/me/orders` daripada `/user/654321/orders`.
-- [ ] Jangan gunakan id yang bertambah secara otomatis. Sebaiknya gunakan `UUID`.
+- [ ] Sumber daya ID kepunyaan pengguna sebaiknya dihindari. Lebih baik menggunakan`/me/orders` daripada `/user/654321/orders`.
+- [ ] Jangan gunakan ID yang bertambah secara otomatis. Sebaiknya gunakan `UUID`.
 - [ ] Jika hendak menguraikan berkas XML, pastikan penguraian entitas tidak diaktikan untuk menghindari serangan `XXE` (XML External Entity).
 - [ ] Jika hendak menguraikan berkas XML, pastikan perluasan entitas tidak diaktifkan untuk menghindari `Billion Laughs/XML bomb` melalui serangan perluasan entitas eksponensial.
 - [ ] Gunakan CDN untuk unggah berkas.
diff --git a/README-ja.md b/README-ja.md
index 2281afd..0e4cb1a 100644
--- a/README-ja.md
+++ b/README-ja.md
@@ -7,7 +7,7 @@ APIを設計、テスト、リリースするときの最も重要なセキュ
 ---
 
 ## 認証
-- [ ] `Basic認証`を利用せず、標準的な認証を利用する（例: [JWT](https://jwt.io/)、[OAuth](https://oauth.net/)）
+- [ ] `Basic認証`を利用せず、標準的な認証を利用する（例: [JWT](https://jwt.io/)、[OAuth](https://oauth.net/)）。
 - [ ] `認証`、`トークンの生成`、`パスワードの保管`の車輪の再発明を行わず、標準化されているものを利用する。
 - [ ] ログインでは`最大リトライ回数（Max Retry）`とjail機能を利用する。
 - [ ] 全ての機密情報は暗号化する。
@@ -45,6 +45,7 @@ APIを設計、テスト、リリースするときの最も重要なセキュ
 - [ ] XMLファイルをパースする場合、exponential entity expansion attackによる`Billion Laughs/XML bomb`攻撃を回避するためentity expansion が有効でないことを確認する。
 - [ ] ファイルアップロードにはCDNを利用する。
 - [ ] 大量のデータを扱う場合、バックグラウンドでWorkerプロセスやキューを出来る限り使用し、レスポンスを速く返すことでHTTPブロッキングを避ける。
+- [ ] デバッグ・モードを無効にすることを忘れないでください。
 
 ## 出力
 - [ ] `X-Content-Type-Options: nosniff`をヘッダに付与する。
diff --git a/README-lo.md b/README-lo.md
index 3287287..9ee1cf7 100644
--- a/README-lo.md
+++ b/README-lo.md
@@ -8,58 +8,59 @@ Checklist ທີ່ຕ້ອງໃຫ້ຄວາມສຳຄັນເມື່
 
 ## Authentication (ການພິສູດຕົວຕົນ)
 - [ ] ບໍ່ຄວນໃຊ້ `Basic Auth` (ການ authen ປົກກະຕິດ້ວຍ username password) ສຳລັບການພິສູດຕົວຕົນ ແຕ່ໃຫ້ໃຊ້ຮູບແບບມາດຕະຖານສາກົນແທນ(e.g. JWT, OAuth).
-- [ ] ບໍ່ຕ້ອງເສຍເວລາສ້າງວິທີ Authentication ໃໝ່ຂຶ້ນມາ ໃຫ້ໃຊ້ທີ່ມີຢູ່ໃນມາດຕະຖານໄປເລີຍ
-- [ ] ໃຫ້ມີການຈຳກັດຈຳນວນຄັ້ງໃນການພະຍາຍາມ authen ແລະ ສ້າງລະບົບລ໋ອກກໍລະນີພະຍາຍາມເກີນກຳນົດ
-- [ ] ຂໍ້ມູນທີ່ສຳຄັນຄວນມີການເຂົ້າລະຫັດສະເໝີ
+- [ ] ບໍ່ຕ້ອງເສຍເວລາສ້າງວິທີ Authentication ໃໝ່ຂຶ້ນມາ ໃຫ້ໃຊ້ທີ່ມີຢູ່ໃນມາດຕະຖານໄປເລີຍ.
+- [ ] ໃຫ້ມີການຈຳກັດຈຳນວນຄັ້ງໃນການພະຍາຍາມ authen ແລະ ສ້າງລະບົບລ໋ອກກໍລະນີພະຍາຍາມເກີນກຳນົດ.
+- [ ] ຂໍ້ມູນທີ່ສຳຄັນຄວນມີການເຂົ້າລະຫັດສະເໝີ.
 
 ### JWT (JSON Web Token)
-- [ ] key ໃນການ generate token ຄວນມີຄວາມສັບຊ້ອນສູງ ເພື່ອປ້ອງກັນການ brute force ຫາຕົວເຂົ້າລະຫັດ
-- [ ] ບໍ່ຄວນມີການແກະຂໍ້ມູນ ຫຼື ຂັ້ນຕອນການຖອດຂໍ້ມູນໃນຝັ່ງ client. ໃຫ້ມີສະເພາະໃນ server ເທົ່ານັ້ນ ໂດຍອາດໃຊ້ວິທີເຂົ້າລະຫັດດ້ວຍ HS256 ຫຼື RS256 ແທນ
-- [ ] ພະຍາຍາມໃຫ້ token ໝົດອາຍຸໄວທີ່ສຸດເທົ່າທີ່ຈະເປັນໄປໄດ້ (`TTL`, `RTTL`)
+- [ ] key ໃນການ generate token ຄວນມີຄວາມສັບຊ້ອນສູງ ເພື່ອປ້ອງກັນການ brute force ຫາຕົວເຂົ້າລະຫັດ.
+- [ ] ບໍ່ຄວນມີການແກະຂໍ້ມູນ ຫຼື ຂັ້ນຕອນການຖອດຂໍ້ມູນໃນຝັ່ງ client. ໃຫ້ມີສະເພາະໃນ server ເທົ່ານັ້ນ ໂດຍອາດໃຊ້ວິທີເຂົ້າລະຫັດດ້ວຍ HS256 ຫຼື RS256 ແທນ.
+- [ ] ພະຍາຍາມໃຫ້ token ໝົດອາຍຸໄວທີ່ສຸດເທົ່າທີ່ຈະເປັນໄປໄດ້ (`TTL`, `RTTL`).
 - [ ] ບໍ່ຄວນເກັບຂໍ້ມູນທີ່ສຳຄັນໃນ payload ຂອງ JWT ເພາະອາດຈະຖືກແກະໄດ້ [ງ່າຍ](https://jwt.io/#debugger-io).
 
 ### OAuth
-- [ ] ມີການ validate `redirect_uri` ໃນຝັ່ງ server ໂດຍຍອມຮັບ uri ສະເພາະທີ່ມີຢູ່ໃນລີສທີ່ເຮົາເຊື່ອຖືເທົ່ານັ້ນ (whitelist)
-- [ ] ບັງຄັບໃຫ້ມີການໃຊ້ response_type ເປັນ code ສະເໝີ (ພະຍາຍາມລ່ຽງບໍ່ໃຊ້ `response_type=token`)
+- [ ] ມີການ validate `redirect_uri` ໃນຝັ່ງ server ໂດຍຍອມຮັບ uri ສະເພາະທີ່ມີຢູ່ໃນລີສທີ່ເຮົາເຊື່ອຖືເທົ່ານັ້ນ (whitelist).
+- [ ] ບັງຄັບໃຫ້ມີການໃຊ້ response_type ເປັນ code ສະເໝີ (ພະຍາຍາມລ່ຽງບໍ່ໃຊ້ `response_type=token`).
 - [ ] ໂຕແປ `state` ໃຫ້ໃຊ້ random hash ເພື່ອປ້ອງກັນ CSRF (Cross Site Request Forgery) ໃນຕອນ OAuth authentication.
-- [ ] ກຳນົດ scope ແລະ ມີການ validate scope ໂຕແປສຳລັບແຕ່ລະແອັບ
+- [ ] ກຳນົດ scope ແລະ ມີການ validate scope ໂຕແປສຳລັບແຕ່ລະແອັບ.
 
 ## Access
-- [ ] ຈຳກັດຈຳນວນສູງສຸດຂອງ request ເພື່ອປ້ອງກັນ DDoS / Bruteforce
+- [ ] ຈຳກັດຈຳນວນສູງສຸດຂອງ request ເພື່ອປ້ອງກັນ DDoS / Bruteforce.
 - [ ] ໃຊ້ https ເພື່ອປ້ອງກັນ MITM (Man In The Middle Attack).
 - [ ] ໃຊ້ `HSTS` header ກັບ SSL ເພື່ອປ້ອງກັນ SSL Strip attack.
 
 ## Input
 - [ ] ໃຊ້ຄຳສັ່ງ HTTP ຕາມ operation ທີ່ເຮັດ ເຊັ່ນ `GET (read)`, `POST (create)`, `PUT/PATCH (replace/update)` and `DELETE (to delete a record)` ແລະ ສົ່ງກັບດ້ວຍ `405 Method Not Allowed` ຖ້າບໍ່ມີການຮອງຮັບ request ດ້ວຍ method ນັ້ນໃນລະບົບ.
-- [ ] Validate `content-type` ໃນ header ຂາ request (Content Negotiation) ໂດຍຍອມໃຫ້ສົ່ງມາສະເພາະ format ທີ່ກຳນົດ (e.g. `application/xml`, `application/json`... ໆລໆ) ແລະ ຕອບກັບດ້ວຍ `406 Not Acceptable` ຖ້າ format ທີ່ສົ່ງມາບໍ່ຖືກ.
-- [ ] Validate `content-type` ຂອງ data ທີ່ຮັບມາທຸກຄັ້ງ(e.g. `application/x-www-form-urlencoded`, `multipart/form-data ,application/json`... ).
-- [ ] Validate ຂໍ້ມູນ user ໃສ່ເຂົ້າມາທຸກຄັ້ງເພື່ອປ້ອງກັນຊ່ອງໂຫວ່ທີ່ຖືກກັນຫຼາຍໆ (e.g. `XSS`, `SQL-Injection`, `Remote Code Execution` ... etc).
-- [ ] ຫ້າມເອົາຂໍ້ມູນທີ່ສຳຄັນໄປໄວ້ໃນ URL (ເຊັ່ນ /servicexxx?creditcardnum=1234) ແຕ່ໃຫ້ໄປໃສ່ໄວ້ໃນ authorization header ແທນ (`credentials`, `Passwords`, `security tokens`, or `API keys`)
-- [ ] ເຮັດ API Gateway ເພື່ອໃຫ້ສາມາດເຮັດ caching, Rate Limit, Spike Arrest, ແລະ ຈັດການຊັບພະຍາກອນສຳລັບ API ໄດ້ຢ່າງຍືດຍຸ່ນ
+- [ ] Validate `content-type` ໃນ header ຂາ request (Content Negotiation) ໂດຍຍອມໃຫ້ສົ່ງມາສະເພາະ format ທີ່ກຳນົດ (e.g. `application/xml`, `application/json` ... ໆລໆ) ແລະ ຕອບກັບດ້ວຍ `406 Not Acceptable` ຖ້າ format ທີ່ສົ່ງມາບໍ່ຖືກ.
+- [ ] Validate `content-type` ຂອງ data ທີ່ຮັບມາທຸກຄັ້ງ(e.g. `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json` ... ໆລໆ).
+- [ ] Validate ຂໍ້ມູນ user ໃສ່ເຂົ້າມາທຸກຄັ້ງເພື່ອປ້ອງກັນຊ່ອງໂຫວ່ທີ່ຖືກກັນຫຼາຍໆ (e.g. `XSS`, `SQL-Injection`, `Remote Code Execution` ... ໆລໆ).
+- [ ] ຫ້າມເອົາຂໍ້ມູນທີ່ສຳຄັນໄປໄວ້ໃນ URL (ເຊັ່ນ /servicexxx?creditcardnum=1234) ແຕ່ໃຫ້ໄປໃສ່ໄວ້ໃນ authorization header ແທນ (`credentials`, `Passwords`, `security tokens`, or `API keys`).
+- [ ] ເຮັດ API Gateway ເພື່ອໃຫ້ສາມາດເຮັດ caching, Rate Limit, Spike Arrest, ແລະ ຈັດການຊັບພະຍາກອນສຳລັບ API ໄດ້ຢ່າງຍືດຍຸ່ນ.
 
 ## Processing
-- [ ] ກວດເບິ່ງວ່າ endpoints ທຸກຈຸດຢູ່ພາຍໃຕ້ authentication ເພື່ອປ້ອງກັນຊ່ອງໂຫວ່ທີ່ເຮັດໃຫ້ຄົນອື່ນມາເອີ້ນໃຊ້ໂດຍບໍ່ຈຳເປັນຕ້ອງພິສູດຕົວຕົນ
-- [ ] ບໍ່ຄວນນຳ resource id ຂອງ user ໄປໃຊ້ (`/user/654321/orders`) ແຕ່ໃຫ້ໄປໃຊ້ແບບ `/me/orders` ແທນ ເພື່ອປ້ອງກັນ user ປ່ຽນໄປໃຊ້ຂອງຄົນອື່ນ
-- [ ] ເລກ id ຂອງ user ບໍ່ຄວນມີການສ້າງແບບໄລ່ລຳດັບໄປເລື້ອຍໆ ແຕ່ໃຫ້ສ້າງ UUID ແທນ
-- [ ] ຖ້າມີການ parsing ຟາຍ XML, ໃຫ້ປິດສ່ວນຂອງ Entity parsing ໄວ້ເພື່ອຫຼີກລ່ຽງທີ່ຈະຖືກຊ່ອງໂຫວ່ຕ່າງໆເຊັ່ນ (XML external entity attack, Billion Laughs/XML bomb)
-- [ ] ໃຊ້ CDN ເມື່ອຈຳເປັນຕ້ອງມີການ upload ຟາຍຈາກ client
-- [ ] ຫາກຕ້ອງເຈິກັບຂໍ້ມູນຂະໜາດໃຫຍ່ ໃຫ້ໃຊ້ Workers ກັບ ຄິວໃນການຈັດການເພື່ອໃຫ້ມີການຕອບຂໍ້ມູນກັບໄດ້ຢ່າງວ່ອງໄວຈະໄດ້ບໍ່ເກີດຄວາມສ່ຽງຂຶ້ນ
-- [ ] ຢ່າລືມປິດໂໝດ DEBUG ໃນ code ຫາກເຮັດໄວ້
+- [ ] ກວດເບິ່ງວ່າ endpoints ທຸກຈຸດຢູ່ພາຍໃຕ້ authentication ເພື່ອປ້ອງກັນຊ່ອງໂຫວ່ທີ່ເຮັດໃຫ້ຄົນອື່ນມາເອີ້ນໃຊ້ໂດຍບໍ່ຈຳເປັນຕ້ອງພິສູດຕົວຕົນ.
+- [ ] ບໍ່ຄວນນຳ resource ID ຂອງ user ໄປໃຊ້ (`/user/654321/orders`) ແຕ່ໃຫ້ໄປໃຊ້ແບບ `/me/orders` ແທນ ເພື່ອປ້ອງກັນ user ປ່ຽນໄປໃຊ້ຂອງຄົນອື່ນ.
+- [ ] ເລກ ID ຂອງ user ບໍ່ຄວນມີການສ້າງແບບໄລ່ລຳດັບໄປເລື້ອຍໆ ແຕ່ໃຫ້ສ້າງ UUID ແທນ.
+- [ ] ຖ້າມີການ parsing ຟາຍ XML, ໃຫ້ປິດສ່ວນຂອງ Entity parsing ໄວ້ເພື່ອຫຼີກລ່ຽງທີ່ຈະຖືກຊ່ອງໂຫວ່ຕ່າງໆເຊັ່ນ (XML external entity attack, Billion Laughs/XML bomb).
+- [ ] If you are parsing XML files, make sure entity expansion is not enabled to avoid `Billion Laughs/XML bomb` via exponential entity expansion attack.
+- [ ] ໃຊ້ CDN ເມື່ອຈຳເປັນຕ້ອງມີການ upload ຟາຍຈາກ client.
+- [ ] ຫາກຕ້ອງເຈິກັບຂໍ້ມູນຂະໜາດໃຫຍ່ ໃຫ້ໃຊ້ Workers ກັບ ຄິວໃນການຈັດການເພື່ອໃຫ້ມີການຕອບຂໍ້ມູນກັບໄດ້ຢ່າງວ່ອງໄວຈະໄດ້ບໍ່ເກີດຄວາມສ່ຽງຂຶ້ນ.
+- [ ] ຢ່າລືມປິດໂໝດ DEBUG ໃນ code ຫາກເຮັດໄວ້.
 
 ## Output
 - [ ] ຕັ້ງ `X-Content-Type-Options: nosniff` ໃນ header.
 - [ ] ຕັ້ງ`X-Frame-Options: deny` ໃນ header.
 - [ ] ຕັ້ງ `Content-Security-Policy: default-src 'none'` ໃນ header.
-- [ ] ເອົາ fingerprinting headers ອອກ - `X-Powered-By`, `Server`, `X-AspNet-Version` etc.
-- [ ] ກຳນົດ content-type ໃນ response ເຊັ່ນຖ້າຕ້ອງການຂໍ້ມູນທີ່ເປັນ json ກັບໄປ ກໍເຊັດ `content-type` ເປັນ `application/json` ໄປເລີຍ
+- [ ] ເອົາ fingerprinting headers ອອກ - `X-Powered-By`, `Server`, `X-AspNet-Version` ໆລໆ.
+- [ ] ກຳນົດ content-type ໃນ response ເຊັ່ນຖ້າຕ້ອງການຂໍ້ມູນທີ່ເປັນ json ກັບໄປ ກໍເຊັດ `content-type` ເປັນ `application/json` ໄປເລີຍ.
 - [ ] ບໍ່ຕ້ອງສົ່ງຂໍ້ມູນສຳຄັນກັບໄປຫາ client (`credentials`, `Passwords`, `security tokens`).
-- [ ] ຕອບ status code ທີ່ກົງກັບ operation ກັບໄປ (e.g. `200 OK`, `400 Bad Request`, `401 Unauthorized`, `405 Method Not Allowed` ... etc).
+- [ ] ຕອບ status code ທີ່ກົງກັບ operation ກັບໄປ (e.g. `200 OK`, `400 Bad Request`, `401 Unauthorized`, `405 Method Not Allowed` ... ໆລໆ).
 
 ## CI & CD
-- [ ] ກວດສອບ design ກັບ implementation ໃນຂັ້ນ unit/integration test ຢ່າງຄອບຄຸມ
-- [ ] ໃຫ້ໃຊ້ code review process ບໍ່ແມ່ນວ່າໂຕເອງພໍໃຈກໍໂອເຄແລ້ວ
-- [ ] ໝັ້ນໃຈວ່າທຸກຢ່າງ service ປອດໄວລັດແລ້ວກ່ອນຈະນຳຂຶ້ນ production ລວມໄປເຖິງ lib ຂອງພວກ vendor ກັບ dependencies ອື່ນໆ ອີກດ້ວຍ
-- [ ] ອອກແບບວິທີ rollback ໄວ້ກ່ອນຈະນຳຂຶ້ນໄປ ເພາະເວລາເກີດບັນຈະໄດ້ຍ້ອນກັບມາໃຊ້ version ເກົ່າໄປກ່ອນໄດ້ (ອາດເຈິໄດ້ຫຼາຍໃນຕອນພັດທະນາ feature ໃໝ່ໆ)
+- [ ] ກວດສອບ design ກັບ implementation ໃນຂັ້ນ unit/integration test ຢ່າງຄອບຄຸມ.
+- [ ] ໃຫ້ໃຊ້ code review process ບໍ່ແມ່ນວ່າໂຕເອງພໍໃຈກໍໂອເຄແລ້ວ.
+- [ ] ໝັ້ນໃຈວ່າທຸກຢ່າງ service ປອດໄວລັດແລ້ວກ່ອນຈະນຳຂຶ້ນ production ລວມໄປເຖິງ lib ຂອງພວກ vendor ກັບ dependencies ອື່ນໆ ອີກດ້ວຍ.
+- [ ] ອອກແບບວິທີ rollback ໄວ້ກ່ອນຈະນຳຂຶ້ນໄປ ເພາະເວລາເກີດບັນຈະໄດ້ຍ້ອນກັບມາໃຊ້ version ເກົ່າໄປກ່ອນໄດ້ (ອາດເຈິໄດ້ຫຼາຍໃນຕອນພັດທະນາ feature ໃໝ່ໆ).
 
 
 ---
diff --git a/README-mk.md b/README-mk.md
index bbc7292..2d6499b 100644
--- a/README-mk.md
+++ b/README-mk.md
@@ -13,7 +13,7 @@
 - [ ] Користете енкрипција на сите чувствителни податоци.
 
 ### JWT (JSON Web Token)
-- [ ] Користете случајно генериран и комплициран клуч (`JWT Secret`) за да направите што можно потешко погодување на токенот со испробување на секоја можна комбинација
+- [ ] Користете случајно генериран и комплициран клуч (`JWT Secret`) за да направите што можно потешко погодување на токенот со испробување на секоја можна комбинација.
 - [ ] Don't extract the algorithm from the payload. Force the algorithm in the backend (`HS256` or `RS256`).
 - [ ] Направете токенот да истече (`TTL`, `RTTL`) што е можно побрзо.
 - [ ] Не чувајте чувствителни податоци во JWR payload, може да се декодира [лесно](https://jwt.io/#debugger-io).
@@ -21,7 +21,7 @@
 ### OAuth
 - [ ] Секогаш проверувајте ја `redirect_uri` од страна на серверот за да дозволите само бела листа на адреси.
 - [ ] Секогаш обидувајте се да разменувате за код, а не токени (не дозволувајте `response_type = token`).
-- [ ] Користете `state` параметар со случаен хаш за да се спречи CSRF на процесот на автентикација на OAuth
+- [ ] Користете `state` параметар со случаен хаш за да се спречи CSRF на процесот на автентикација на OAuth.
 - [ ] Дефинирајте го основниот опсег и проверете ги параметрите на опсегот за секоја апликација.
 
 ## Пристап
@@ -33,7 +33,7 @@
 - [ ] Користете ја соодветната HTTP-метод според операцијата: "GET (read)", "POST (создади)", "PUT / PATCH (замени / ажурирај)" и "DELETE (за бришење на запис) 405 Метод не е дозволено` ако бараниот метод не е соодветен за бараниот ресурс.
 - [ ] Потврдете `content-type` на барање Accept header (Content Negotiation) за да го дозволите само вашиот поддржан формат (на пр.`application/xml`, `application/json`, итн) И да одговори со 406 Not Acceptable` одговор ако не се совпаѓа.
 - [ ] Потврдете ги `content-type` на објавените податоци што ги прифаќате (на пр., `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json`, итн.).
-- [ ] Потврдете го корисничкиот влез за да избегнете вообичаени слабости (e.g. `XSS`, `SQL-Injection`, `Remote Code Execution`, итн).
+- [ ] Потврдете го корисничкиот влез за да избегнете вообичаени слабости (п.р. `XSS`, `SQL-Injection`, `Remote Code Execution`, итн).
 - [ ] Не користете чувствителни податоци(`credentials`, `Passwords`, `security tokens`, или `API keys`) во URL-то, но користете стандарден заглавие за авторизација.
 - [ ] Користете API Gateway-услуга за да овозможите кеширање, политики за ограничување на тарифите (пр. `Quota`, `Spike Arrest`, `Concurrent Rate Limit`) и динамички да ги распоредите ресурсите за API-то.
 
@@ -44,7 +44,7 @@
 - [ ] Ако ги анализирате XML-датотеките, проверете дали парсирањето на ентитетот не е овозможено за да се избегне `XXE` (напад на надворешен ентитет на XML).
 - [ ] Ако анализирате XML-датотеки, проверете дали проширувањето на ентитетот не е овозможено за да се избегне `Billion Laughs / XML бомба` преку експоненцијален напад на експанзија на ентитетот.
 - [ ] Користете CDN за закачување на фајлови.
-- [ ] Ако се занимавате со огромни количини на податоци, користете Workers and Queues за да процесирате што е можно повеќе во позадина и да го вратите одговорот брзо за да избегнете блокирање на HTTP
+- [ ] Ако се занимавате со огромни количини на податоци, користете Workers and Queues за да процесирате што е можно повеќе во позадина и да го вратите одговорот брзо за да избегнете блокирање на HTTP.
 - [ ] Не заборавајте да го исклучите режимот DEBUG.
 
 ## Излез
@@ -54,13 +54,13 @@
 - [ ] Отстранете ги хедерите кој издаваат отповеќе податоци - `X-Powered-By`, `Server`, `X-AspNet-Version` итн.
 - [ ] Присилувај `content-type` " за твојот одговор, ако се вратиш `application/json` тогаш твојот одговор `content-type` е `application/json`.
 - [ ] Не враќајте чувствителни податоци како `credentials`, `Passwords`, `security tokens`.
-- [ ] Врати го соодветниот код за статусот според завршената операција. (e.g. `200 OK`, `400 Bad Request`, `401 Unauthorized`, `405 Method Not Allowed`, итн).
+- [ ] Врати го соодветниот код за статусот според завршената операција. (п.р. `200 OK`, `400 Bad Request`, `401 Unauthorized`, `405 Method Not Allowed`, итн).
 
 ## CI & CD
 - [ ] Ревизија на вашиот дизајн и имплементација со покриеност тестови за единица / интеграција.
-- [ ] Користете процес на прегледување на кодот и не дозволувајте самоодобрување
+- [ ] Користете процес на прегледување на кодот и не дозволувајте самоодобрување.
 - [ ] Осигурајте се дека сите компоненти на вашите услуги се статички скенирани од AV-софтверот пред да се изврши притисок за производство, вклучувајќи библиотеки на продавачи и други зависности.
-- [ ] Дизајн на rollback за во продукција
+- [ ] Дизајн на rollback за во продукција.
 
 
 ---
diff --git a/README-nl.md b/README-nl.md
index 22bb7f8..970db32 100644
--- a/README-nl.md
+++ b/README-nl.md
@@ -31,8 +31,8 @@ Checklist met de belangrijkste tegenmaatregelen bij het ontwerpen, testen en uit
 
 ## Invoer
 - [ ] Gebruik de correcte HTTP methode voor de operatie, `GET (lezen)`, `POST (schrijven)`, `PUT (vervangen/updaten)` and `DELETE (verwijderen)`.
-- [ ] Valideer de `content-type` header bij een request Accept header (Content Negotiation) om alleen de ondersteunde formaten toe te staan (e.g. `application/xml`, `application/json` ... enz) en stuur een `406 Not Acceptable` response als de `content-type` niet ondersteund is.
-- [ ] Valideer de `content-type` header van gestuurde data (e.g. `application/x-www-form-urlencoded`, `multipart/form-data ,application/json` ... enz).
+- [ ] Valideer de `content-type` header bij een request Accept header (Content Negotiation) om alleen de ondersteunde formaten toe te staan (b.v. `application/xml`, `application/json` ... enz) en stuur een `406 Not Acceptable` response als de `content-type` niet ondersteund is.
+- [ ] Valideer de `content-type` header van gestuurde data (b.v. `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json` ... enz).
 - [ ] Valideer de gebruiker invoer om veel voorkomende kwetsbaarheden te voorkomen (v.b. `XSS`, `SQL-Injection`, `Remote Code Execution` ... enz).
 - [ ] Gebruik geen gevoelige data (`credentials`, `Wachtwoorden`, `security tokens`, of `API keys`) in de URL, maar gebruik de standaard Authorization header.
 - [ ] Gebruik een API Gateway service voor caching, policies (b.v. `Quota`, `Spike Arrest`, `Concurrent Rate Limit`) en voor het dynamisch deployen van API middelen.
diff --git a/README-pl.md b/README-pl.md
index 3e04a90..d833742 100644
--- a/README-pl.md
+++ b/README-pl.md
@@ -42,6 +42,7 @@ Lista kontrolna najważniejszych metod zabezpieczenia podczas projektowania, tes
 - [ ] Unikaj ukazywania ID użytkownika. Użyj np. `/me/orders` zamiast `/users/654321/orders/`.
 - [ ] Nie używaj auto inkrementacji w polu ID. Zamiast tego użyj `UUID`.
 - [ ] Jeżeli parsujesz pliki XML, upewnij się, że jesteś odporny na `XXE` (XML external entity attack) oraz `Billion Laughs/XML bomb`.
+- [ ] If you are parsing XML files, make sure entity expansion is not enabled to avoid `Billion Laughs/XML bomb` via exponential entity expansion attack.
 - [ ] Użyj CDN do przechowywania wysyłanych plików.
 - [ ] Jeżeli pracujesz z dużą ilością danych, użyj procesów Workers oraz kolejkowania Queues aby przetworzyć jak najwięcej w tle i zwrócić informacje szybko aby uniknąć blokowania HTTP.
 - [ ] Nie zapomnij o wyłączeniu trybu debugowania.
@@ -66,3 +67,9 @@ Lista kontrolna najważniejszych metod zabezpieczenia podczas projektowania, tes
 
 ## Zobacz także:
 - [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) - [ENG] Zbiór wartościowych narzędzi do tworzenia REST HTTP+JSON API.
+
+
+---
+
+# Contribution
+Feel free to contribute by forking this repository, making some changes, and submitting pull requests. For any questions drop us an email at `team@shieldfy.io`.
diff --git a/README-th.md b/README-th.md
index 7960355..0b79736 100644
--- a/README-th.md
+++ b/README-th.md
@@ -39,8 +39,8 @@ Checklist ที่ต้องให้ความสำคัญเมื่
 
 ## Processing
 - [ ] ตรวจดูว่า endpoints ทุกจุดอยู่ภายใต้ authentication เพื่อป้องกันช่องโหว่ที่ทำให้คนอื่นมาเรียกใช้โดยไม่จำเป็นต้องพิสูจน์ตัวตน
-- [ ] ไม่ควรนำ resource id ของ user ไปใช้ (`/user/654321/orders`) แต่ให้ไปใช้แบบ `/me/orders` แทน เพื่อป้องกัน user เปลี่ยนไปใช้ของคนอื่น
-- [ ] เลข id ของ user ไม่ควรมีการสร้างแบบไล่ลำดับเพิ่มไปเรื่อยๆ แต่ให้สร้าง UUID แทน
+- [ ] ไม่ควรนำ resource ID ของ user ไปใช้ (`/user/654321/orders`) แต่ให้ไปใช้แบบ `/me/orders` แทน เพื่อป้องกัน user เปลี่ยนไปใช้ของคนอื่น
+- [ ] เลข ID ของ user ไม่ควรมีการสร้างแบบไล่ลำดับเพิ่มไปเรื่อยๆ แต่ให้สร้าง UUID แทน
 - [ ] ถ้ามีการ parsing ไฟล์ XML, ให้ปิดส่วนของ Entity parsing ไว้เพื่อเลี่ยงที่จะโดนช่องโหว่ต่างๆเช่น (XML external entity attack, Billion Laughs/XML bomb)
 - [ ] ใช้ CDN เมื่อจำเป็นต้องมีการ upload ไฟล์จาก client
 - [ ] หากต้องเผชิญกับข้อมูลขนาดใหญ่ ให้ใช้ Workers กับ คิวในการจัดการเพื่อให้มีการตอบข้อมูลกลับได้อย่างรวดเร็วจะได้ไม่เกิดคอขวดขึ้น
diff --git a/README-vi.md b/README-vi.md
index bf42c79..5ae0f93 100644
--- a/README-vi.md
+++ b/README-vi.md
@@ -38,7 +38,7 @@ Những giải pháp an toàn và cách khắc phục khi thiết kế, kiểm t
 - [ ] Sử dụng API Gateway để kích hoạt cache, Rate Limit policies (chẳng hạng như. `Quota`, `Spike Arrest`, `Concurrent Rate Limit`) và deploy APIs resources linh động hơn.
 
 ## Processing
-- [ ] Đảm bảo rằng các endpoint chỉ xử lý dữ liệu sau khi đã qua bước xác thực
+- [ ] Đảm bảo rằng các endpoint chỉ xử lý dữ liệu sau khi đã qua bước xác thực.
 - [ ] Nên tránh việc sử dụng ID của tài nguyên. Sử dụng `/me/orders` thay vì `/user/654321/orders`.
 - [ ] Không nên thiết kế ID dạng tự động tăng. Sử dụng UUID để thay thế.
 - [ ] Nếu bạn muốn parse XML, hãy chắc chắn rằng `entity parsing` không được kích hoạt để tránh tấn công `XXE` (XML external entity attack).
diff --git a/README-zh.md b/README-zh.md
index 44749fb..e51b00d 100644
--- a/README-zh.md
+++ b/README-zh.md
@@ -39,7 +39,7 @@
 
 ## 处理
 - [ ] 检查是否所有的终端都在身份认证之后, 以避免被破坏了的认证体系.
-- [ ] 避免使用特有的资源 id. 使用 `/me/orders` 替代 `/user/654321/orders`
+- [ ] 避免使用特有的资源 id. 使用 `/me/orders` 替代 `/user/654321/orders`.
 - [ ] 使用 `UUID` 代替自增长的 id.
 - [ ] 如果需要解析 XML 文件, 确保实体解析(entity parsing)是关闭的以避免 `XXE` 攻击.
 - [ ] 如果需要解析 XML 文件, 确保实体扩展(entity expansion)是关闭的以避免通过指数实体扩展攻击实现的 `Billion Laughs/XML bomb`.
diff --git a/README.md b/README.md
index 0ab2684..4288b97 100644
--- a/README.md
+++ b/README.md
@@ -52,7 +52,7 @@ Checklist of the most important security countermeasures when designing, testing
 - [ ] Send `X-Frame-Options: deny` header.
 - [ ] Send `Content-Security-Policy: default-src 'none'` header.
 - [ ] Remove fingerprinting headers - `X-Powered-By`, `Server`, `X-AspNet-Version`, etc.
-- [ ] Force `content-type` for your response, if you return `application/json` then your response `content-type` is `application/json`.
+- [ ] Force `content-type` for your response. If you return `application/json`, then your `content-type` response is `application/json`.
 - [ ] Don't return sensitive data like `credentials`, `Passwords`, or `security tokens`.
 - [ ] Return the proper status code according to the operation completed. (e.g. `200 OK`, `400 Bad Request`, `401 Unauthorized`, `405 Method Not Allowed`, etc.).
 

From c82cbc779f73248cf23f010cf43ec1f1fab9e66a Mon Sep 17 00:00:00 2001
From: Riotaro OKADA <riotaro.okada@owasp.org>
Date: Tue, 16 Jul 2019 17:51:05 +0900
Subject: [PATCH 072/149] =?UTF-8?q?=E8=A1=A8=E7=8F=BE=E3=81=AE=E8=AA=BF?=
 =?UTF-8?q?=E6=95=B4=E6=A1=88?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

細かい表現の改善案を出してみています。
機密情報はsecret とかconfidentialですので、sensitiveの訳語には「機微」をあてました。
---
 README-ja.md | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/README-ja.md b/README-ja.md
index 2281afd..e44d2f8 100644
--- a/README-ja.md
+++ b/README-ja.md
@@ -7,14 +7,14 @@ APIを設計、テスト、リリースするときの最も重要なセキュ
 ---
 
 ## 認証
-- [ ] `Basic認証`を利用せず、標準的な認証を利用する（例: [JWT](https://jwt.io/)、[OAuth](https://oauth.net/)）
-- [ ] `認証`、`トークンの生成`、`パスワードの保管`の車輪の再発明を行わず、標準化されているものを利用する。
-- [ ] ログインでは`最大リトライ回数（Max Retry）`とjail機能を利用する。
-- [ ] 全ての機密情報は暗号化する。
+- [ ] `Basic認証`を利用せず、標準的な認証を利用する（例: [JWT](https://jwt.io/)、[OAuth](https://oauth.net/)）。
+- [ ] `認証`、`トークンの生成`、`パスワードの保管`において「車輪の再発明」をしないこと。すでに標準化されているものを利用する。
+- [ ] ログインにおいては`最大リトライ回数（Max Retry）`とjail機能を利用する。
+- [ ] 全ての機微情報において暗号化を活用する。
 
 ### JWT (JSON Web Token)
-- [ ] ブルートフォース攻撃を困難にするため、ランダムで複雑なキー（`JWT Secret`）を使用する。
-- [ ] ペイロードからアルゴリズムを抽出してはいけない。必ずバックエンドで暗号化する（`HS256`または`RS256`）。
+- [ ] ランダムで複雑なキー（`JWT Secret`）を使用する。これはブルートフォース攻撃を困難にするため。
+- [ ] ペイロードからアルゴリズムを抽出しないこと。アルゴリズムは必ずバックエンド処理のみとする（`HS256`または`RS256`）。
 - [ ] トークンの有効期限（`TTL`, `RTTL`）を可能な限り短くする。
 - [ ] JWTのペイロードに機密情報を格納してはいけない。それは[簡単に](https://jwt.io/#debugger-io)復号できる。
 

From 5751ba522ca97972096c0b61f1e668ac1afd1803 Mon Sep 17 00:00:00 2001
From: Riotaro OKADA <riotaro.okada@owasp.org>
Date: Tue, 16 Jul 2019 17:59:59 +0900
Subject: [PATCH 073/149] Payload to Header

#127
---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 0ab2684..781aa61 100644
--- a/README.md
+++ b/README.md
@@ -14,7 +14,7 @@ Checklist of the most important security countermeasures when designing, testing
 
 ### JWT (JSON Web Token)
 - [ ] Use a random complicated key (`JWT Secret`) to make brute forcing the token very hard.
-- [ ] Don't extract the algorithm from the payload. Force the algorithm in the backend (`HS256` or `RS256`).
+- [ ] Don't extract the algorithm from the header. Force the algorithm in the backend (`HS256` or `RS256`).
 - [ ] Make token expiration (`TTL`, `RTTL`) as short as possible.
 - [ ] Don't store sensitive data in the JWT payload, it can be decoded [easily](https://jwt.io/#debugger-io).
 

From d9147c251f626d6ae7c7357f9c78641e59005599 Mon Sep 17 00:00:00 2001
From: citybasebrooks <abrooks@thecitybase.com>
Date: Tue, 16 Jul 2019 09:39:54 -0400
Subject: [PATCH 074/149] Update README.md

---
 README.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/README.md b/README.md
index 781aa61..286f9d9 100644
--- a/README.md
+++ b/README.md
@@ -28,6 +28,7 @@ Checklist of the most important security countermeasures when designing, testing
 - [ ] Limit requests (Throttling) to avoid DDoS / brute-force attacks.
 - [ ] Use HTTPS on server side to avoid MITM (Man in the Middle Attack).
 - [ ] Use `HSTS` header with SSL to avoid SSL Strip attack.
+- [ ] For private APIs, only allow access from whitelisted IPs/hosts.
 
 ## Input
 - [ ] Use the proper HTTP method according to the operation: `GET (read)`, `POST (create)`, `PUT/PATCH (replace/update)`, and `DELETE (to delete a record)`, and respond with `405 Method Not Allowed` if the requested method isn't appropriate for the requested resource.

From 6ccc40b199a78fb6003c7b63f2220e34b9bf51a4 Mon Sep 17 00:00:00 2001
From: magussiro <magus.siro@gmail.com>
Date: Mon, 23 Sep 2019 23:42:49 +0800
Subject: [PATCH 075/149] word implicite, may cause translate confusion

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 781aa61..173077c 100644
--- a/README.md
+++ b/README.md
@@ -7,7 +7,7 @@ Checklist of the most important security countermeasures when designing, testing
 ---
 
 ## Authentication
-- [ ] Don't use `Basic Auth`. Use standard authentication (e.g. [JWT](https://jwt.io/), [OAuth](https://oauth.net/)).
+- [ ] Don't use `Basic Auth`. Use standard authentication instead (e.g. [JWT](https://jwt.io/), [OAuth](https://oauth.net/)).
 - [ ] Don't reinvent the wheel in `Authentication`, `token generation`, `password storage`. Use the standards.
 - [ ] Use `Max Retry` and jail features in Login.
 - [ ] Use encryption on all sensitive data.

From 5ffcf9732756878c8937ee246e3d00d28b711299 Mon Sep 17 00:00:00 2001
From: magussiro <magus.siro@gmail.com>
Date: Mon, 23 Sep 2019 23:44:53 +0800
Subject: [PATCH 076/149] =?UTF-8?q?=E7=84=A1=E6=96=B7=E5=8F=A5=E6=98=93?=
 =?UTF-8?q?=E6=B7=B7=E6=B7=86=EF=BC=8C=E5=BB=BA=E8=AD=B0=E4=B8=80=E4=BE=9D?=
 =?UTF-8?q?=E4=B8=AD=E6=96=87=E7=BF=92=E6=85=A3=E4=BD=BF=E7=94=A8=E9=80=97?=
 =?UTF-8?q?=E8=99=9F?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 README-tw.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README-tw.md b/README-tw.md
index 7104686..d917665 100644
--- a/README-tw.md
+++ b/README-tw.md
@@ -7,7 +7,7 @@
 ---
 
 ## 身份認證
-- [ ] 不要使用 `Basic Auth` 使用標準的認證協議 (如 JWT, OAuth).
+- [ ] 不要使用 `Basic Auth` 使用標準的認證協議取而代之 (如 JWT, OAuth).
 - [ ] 不要再造 `Authentication`, `token generating`, `password storing` 這些輪子, 使用標準的.
 - [ ] 在登錄中使用 `Max Retry` 和自動封禁功能.
 - [ ] 加密所有的敏感數據.

From 2ef1797940e30139fc960a7ade0e7e6d36fd03c2 Mon Sep 17 00:00:00 2001
From: magussiro <magus.siro@gmail.com>
Date: Mon, 23 Sep 2019 23:48:44 +0800
Subject: [PATCH 077/149] Update README-tw.md

---
 README-tw.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README-tw.md b/README-tw.md
index d917665..39e4965 100644
--- a/README-tw.md
+++ b/README-tw.md
@@ -7,7 +7,7 @@
 ---
 
 ## 身份認證
-- [ ] 不要使用 `Basic Auth` 使用標準的認證協議取而代之 (如 JWT, OAuth).
+- [ ] 不要使用 `Basic Auth`, 使用標準的認證協議取而代之 (如 JWT, OAuth).
 - [ ] 不要再造 `Authentication`, `token generating`, `password storing` 這些輪子, 使用標準的.
 - [ ] 在登錄中使用 `Max Retry` 和自動封禁功能.
 - [ ] 加密所有的敏感數據.

From f03007a29efd685d76efbcc1404142ca5bea2e1f Mon Sep 17 00:00:00 2001
From: machine-translation <mt@gitlocalize.com>
Date: Fri, 27 Sep 2019 15:08:32 +0300
Subject: [PATCH 078/149] Translate README-tr.md via GitLocalize

---
 README-tr.md | 18 +++++++++++++-----
 1 file changed, 13 insertions(+), 5 deletions(-)

diff --git a/README-tr.md b/README-tr.md
index b32a20a..54310ab 100644
--- a/README-tr.md
+++ b/README-tr.md
@@ -1,35 +1,40 @@
 [English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md)
 
 # API Güvenlik Kontrol Listesi
-API'nizi tasarlarken, test ederken ve yayınlarken en önemli güvenlik önlemlerinin kontrol listesi.
 
+API'nizi tasarlarken, test ederken ve yayınlarken en önemli güvenlik önlemlerinin kontrol listesi.
 
 ---
 
 ## Authentication (Kimlik doğrulama)
+
 - [ ] `Basic Auth` kullanmayın. Standard authentication kullanın (ör. [JWT](https://jwt.io/), [OAuth](https://oauth.net/)).
 - [ ] `Authentication`, `token generation`, `password storage` için tekerleği yeniden icat etmeyin. Standartları kullanın.
 - [ ] `Max Retry` kullanarak giriş hakkını sınırlayın.
 - [ ] Tüm hassas verilere şifreleme kullanın.
 
 ### JWT (JSON Web Token)
+
 - [ ] Brute forcing yönetimi ile oluşturulan token'in çözülmemesi için (`JWT Secret`) gibi rasgele, karmaşık ve zor bir anahtar kullanın.
 - [ ] Algoritmayı payload üzerinden çekmeyin. Arka planda içinde kullanın. (`HS256` veya `RS256`).
 - [ ] Token'in son kullanma tarihini (`TTL`, `RTTL`) olabildiğince kısa yapın.
 - [ ] Hassas verilerinizi JWT payload'a koymayın, decode edilebilir. [Basit olarak](https://jwt.io/#debugger-io).
 
 ### OAuth
+
 - [ ] Yalnızca beyaz listeye eklenen URL'lere izin vermek için sunucu tarafındaki `redirect_uri` daima doğrulayın.
 - [ ] Daima kodları değiştirmeyi deneyin tokenları değil (`response_type=token` izin vermeyin).
 - [ ] OAuth kimlik doğrulama işlemi sırasında CSRF'yi önlemek için `state` parametresini rasgele bir hashleyerek kullanın.
 - [ ] Varsayılan kapsamı tanımlayın ve her uygulama için kapsam parametrelerini doğrulayın.
 
 ## Access
+
 - [ ] DDoS / brute-force saldırılarından korunmak için istekleri sınırlamalısınız.
 - [ ] MITM (Man In The Middle Attack) korunmak için sunucu tarafında HTTPS kullanın.
 - [ ] SSL Strip saldırılarından korunmak için `HSTS` header'ı SSL ile kullan.
 
 ## Input
+
 - [ ] İşleme göre uygun HTTP yöntemini kullanın: `GET (okumak)`, `POST (oluşturmak)`, `PUT/PATCH (değiştirmek/güncellemk)`, ve `DELETE (bir kaydı silmek için)`, eğer istenen yöntem istenen kaynak için uygun değilse `405 Method Not Allowed` mesajı ile cevap verin.
 - [ ] Accept header gelen `content-type` beklediğin ve izin verdiğin formatta olup olmadığını kontrol et. (ör. `application/xml`, `application/json`, v.b.) Format uyuşmuyorsa `406 Not Acceptable` mesajı ile cevap verin.
 - [ ] Gönderilen verileri doğrularken gelen verinin `content-type` de doğrulayın (ör. `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json`, v.b.).
@@ -38,6 +43,7 @@ API'nizi tasarlarken, test ederken ve yayınlarken en önemli güvenlik önlemle
 - [ ] Önbelleklemeyi etkinleştirmek, hız sınır politikalarını (ör. `Quota`, `Spike Arrest`, `Concurrent Rate Limit`) ve API kaynaklarını dinamik olarak dağıtmak için bir API Gateway hizmeti kullanın.
 
 ## Processing
+
 - [ ] Authentication işleminin sonlandırılmasını önlemek için, tüm bitiş noktalarının Authentication arkasında korunup korunmadığını kontrol edin.
 - [ ] Kullanıcı kendi kaynak ID'sinden kaçınmalıdır. `/me/orders` yerine `/user/654321/orders` kullanmalıdır.
 - [ ] Otomotik artan ID'ler kullanmayın. Yerine `UUID` kullanın.
@@ -47,7 +53,8 @@ API'nizi tasarlarken, test ederken ve yayınlarken en önemli güvenlik önlemle
 - [ ] Büyük miktarda veri ile uğraşıyorsanız, HTTP engellemeyi önlemek için İşçi ve Kuyrukları arka planda olabildiğince işlem yapmak ve yanıtı hızlı bir şekilde yanıtlamak için kullanın.
 - [ ] DEBUG modunu kapatmayı unutmayın!.
 
-## Output
+## Çıktı
+
 - [ ] `X-Content-Type-Options: nosniff` header'ı gönder.
 - [ ] `X-Frame-Options: deny` header'ı gönder.
 - [ ] `Content-Security-Policy: default-src 'none'` header'ı gönder.
@@ -57,19 +64,20 @@ API'nizi tasarlarken, test ederken ve yayınlarken en önemli güvenlik önlemle
 - [ ] İşlem tamamlandıktan sonra uygun durum kodunu döndürür. (ör. `200 OK`, `400 Bad Request`, `401 Unauthorized`, `405 Method Not Allowed`, v.b.).
 
 ## CI & CD
+
 - [ ] unit/integration testi kapsamı ile tasarımınızı ve uygulamanızı denetleyin.
 - [ ] Bir kod inceleme işlemi kullanın ve kendi onayınızı dikkate almayın.
 - [ ] Vendor kitaplıkları ve diğer bağımlılıklar da dahil olmak üzere, oluşturmaya başlamadan önce hizmetlerinizin tüm bileşenlerinin AntiVirus yazılımıyla statik olarak tarandığından emin olun.
 - [ ] Dağıtımlar için bir geri yükleme çözümü tasarlayın.
 
-
 ---
 
 ## Ayrıca bakınız:
-- [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) - RESTful HTTP+JSON API'leri oluşturmak için kullanışlı kaynakların bir koleksiyonu.
 
+- [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) - RESTful HTTP+JSON API'leri oluşturmak için kullanışlı kaynakların bir koleksiyonu.
 
 ---
 
-# Destek
+# katkı
+
 Bu depoyu forklayarak, bazı değişiklikler yaparak ve pull requests göndererek katkıda bulunmaktan çekinmeyin. Herhangi bir sorunuz için bize bir e-posta bırakın: `team@shieldfy.io`.

From 9e9b228207281eb2f0ca91261c982afaa402aa11 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Umut=20I=C5=9F=C4=B1k?= <umutphp@gmail.com>
Date: Fri, 27 Sep 2019 15:08:35 +0300
Subject: [PATCH 079/149] Translate README-tr.md via GitLocalize

---
 README-tr.md | 70 ++++++++++++++++++++++++++--------------------------
 1 file changed, 35 insertions(+), 35 deletions(-)

diff --git a/README-tr.md b/README-tr.md
index 54310ab..8441957 100644
--- a/README-tr.md
+++ b/README-tr.md
@@ -6,73 +6,73 @@ API'nizi tasarlarken, test ederken ve yayınlarken en önemli güvenlik önlemle
 
 ---
 
-## Authentication (Kimlik doğrulama)
+## Kimlik Doğrulama
 
-- [ ] `Basic Auth` kullanmayın. Standard authentication kullanın (ör. [JWT](https://jwt.io/), [OAuth](https://oauth.net/)).
-- [ ] `Authentication`, `token generation`, `password storage` için tekerleği yeniden icat etmeyin. Standartları kullanın.
-- [ ] `Max Retry` kullanarak giriş hakkını sınırlayın.
-- [ ] Tüm hassas verilere şifreleme kullanın.
+- [ ] `Basic Auth` kullanmayın. Standart bir kimlik doğrulama yapısı kullanın (ör. [JWT](https://jwt.io/), [OAuth](https://oauth.net/)).
+- [ ] `Kimlik doğrukama`, `token oluşturma`, `şifreleri kaydetme` için tekerleği yeniden icat etmeye çalışmayın. Standartları kullanın.
+- [ ] `Deneme sayısını` sınırlayarak giriş hakkını kısıtlayın.
+- [ ] Tüm hassas verilerde şifreleme kullanın.
 
 ### JWT (JSON Web Token)
 
-- [ ] Brute forcing yönetimi ile oluşturulan token'in çözülmemesi için (`JWT Secret`) gibi rasgele, karmaşık ve zor bir anahtar kullanın.
-- [ ] Algoritmayı payload üzerinden çekmeyin. Arka planda içinde kullanın. (`HS256` veya `RS256`).
+- [ ] (`JWT Secret`) gibi rastgele, karmaşık ve zor bir anahtar kullanarak kaba kuvvet ile token çözmeyi olabildiğince zorlaştırın.
+- [ ] Algoritmayı gelen veri üzerinden belirlemeyin. Arka uçta olmasını sağlayın. (`HS256` veya `RS256`).
 - [ ] Token'in son kullanma tarihini (`TTL`, `RTTL`) olabildiğince kısa yapın.
-- [ ] Hassas verilerinizi JWT payload'a koymayın, decode edilebilir. [Basit olarak](https://jwt.io/#debugger-io).
+- [ ] Hassas verilerinizi JWT payload içine koymayın, [Kolayca](https://jwt.io/#debugger-io) çözülebilir.
 
 ### OAuth
 
-- [ ] Yalnızca beyaz listeye eklenen URL'lere izin vermek için sunucu tarafındaki `redirect_uri` daima doğrulayın.
-- [ ] Daima kodları değiştirmeyi deneyin tokenları değil (`response_type=token` izin vermeyin).
-- [ ] OAuth kimlik doğrulama işlemi sırasında CSRF'yi önlemek için `state` parametresini rasgele bir hashleyerek kullanın.
+- [ ] Yalnızca beyaz listeye eklenen URL'lere izin vermek için sunucu tarafındaki `redirect_uri` bilgisini her zaman doğrulayın.
+- [ ] Her zaman code değiştirmeyi deneyin token değiştirmeyi değil (`response_type=token` kullanımına izin vermeyin).
+- [ ] OAuth kimlik doğrulama işlemi sırasında CSRF'yi önlemek için `state` parametresini rasgele hashleyerek kullanın.
 - [ ] Varsayılan kapsamı tanımlayın ve her uygulama için kapsam parametrelerini doğrulayın.
 
-## Access
+## Erişim
 
-- [ ] DDoS / brute-force saldırılarından korunmak için istekleri sınırlamalısınız.
-- [ ] MITM (Man In The Middle Attack) korunmak için sunucu tarafında HTTPS kullanın.
+- [ ] DDoS ya da kaba kuvvet saldırılarından korunmak için istekleri sınırlamalısınız.
+- [ ] MITM (Man In The Middle Attack) saldırılarında korunmak için sunucu tarafında HTTPS kullanın.
 - [ ] SSL Strip saldırılarından korunmak için `HSTS` header'ı SSL ile kullan.
 
-## Input
+## Girdi
 
 - [ ] İşleme göre uygun HTTP yöntemini kullanın: `GET (okumak)`, `POST (oluşturmak)`, `PUT/PATCH (değiştirmek/güncellemk)`, ve `DELETE (bir kaydı silmek için)`, eğer istenen yöntem istenen kaynak için uygun değilse `405 Method Not Allowed` mesajı ile cevap verin.
-- [ ] Accept header gelen `content-type` beklediğin ve izin verdiğin formatta olup olmadığını kontrol et. (ör. `application/xml`, `application/json`, v.b.) Format uyuşmuyorsa `406 Not Acceptable` mesajı ile cevap verin.
-- [ ] Gönderilen verileri doğrularken gelen verinin `content-type` de doğrulayın (ör. `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json`, v.b.).
-- [ ] Genel güvenlik açıklarını önlemek için Kullanıcı girişini doğrulayın (ör. `XSS`, `SQL-Injection`, `Remote Code Execution`, v.b.).
+- [ ] Accept header gelen `content-type` beklediğiniz ve izin verdiğiniz formatta olup olmadığını kontrol edin. (ör. `application/xml`, `application/json`, v.b.) Format uyuşmuyorsa `406 Not Acceptable` mesajı ile cevap verin.
+- [ ] Gönderilen verileri doğrularken gelen verinin `content-type` değerini doğrulayın (ör. `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json`, v.b.).
+- [ ] Genel güvenlik açıklarını önlemek için kullanıcıdan gelen her veriyi doğrulayın (ör. `XSS`, `SQL-Injection`, `Remote Code Execution`, v.b.).
 - [ ] URL'de hassas veriler (`credentials`, `Passwords`, `security tokens`, veya `API keys`) kullanmayın, ancak standart Authorization header kullanın.
-- [ ] Önbelleklemeyi etkinleştirmek, hız sınır politikalarını (ör. `Quota`, `Spike Arrest`, `Concurrent Rate Limit`) ve API kaynaklarını dinamik olarak dağıtmak için bir API Gateway hizmeti kullanın.
+- [ ] Önbelleklemeyi ve hız sınır politikalarını (ör. `Quota`, `Spike Arrest`, `Concurrent Rate Limit`) etkinleştirmek için ve API kaynaklarını dinamik olarak dağıtmak için bir API Gateway hizmeti kullanın.
 
-## Processing
+## İşleme
 
-- [ ] Authentication işleminin sonlandırılmasını önlemek için, tüm bitiş noktalarının Authentication arkasında korunup korunmadığını kontrol edin.
-- [ ] Kullanıcı kendi kaynak ID'sinden kaçınmalıdır. `/me/orders` yerine `/user/654321/orders` kullanmalıdır.
+- [ ] Kimlik doğrulama işleminin atlatılmasını önlemek için, tüm iştem uç noktalarının kimlik doğrulama arkasında korunup korunmadığını kontrol edin.
+- [ ] Kullanıcı için kendi kaynak ID'si kullanılmasından kaçınılmalıdır. `/me/orders` yerine `/user/654321/orders` kullanın.
 - [ ] Otomotik artan ID'ler kullanmayın. Yerine `UUID` kullanın.
 - [ ] Eğer XML dosyarını (parse) ayrıştırıyorsanız, varlık ayrıştırmasını önlemek için etkin olmadığını doğrulayın `XXE` (XML external entity attack).
 - [ ] Eğer XML dosyarını (parse) ayrıştırıyorsanız, `Billion Laughs/XML bomb` varlık genişletme saldırısı yoluyla,varlığın genişlemesinin önlemek için etkinleştirilmediğinden emin olun.
 - [ ] Dosya yüklemeleri için bir CDN kullanın.
-- [ ] Büyük miktarda veri ile uğraşıyorsanız, HTTP engellemeyi önlemek için İşçi ve Kuyrukları arka planda olabildiğince işlem yapmak ve yanıtı hızlı bir şekilde yanıtlamak için kullanın.
+- [ ] Büyük miktarda veri ile uğraşıyorsanız, HTTP tıkanmasını engellemeyi önlemek için işleyici (Worker) ve kuyrukları (Queues) yapılarını arka planda işlem yapmak ve yanıtı hızlı bir şekilde yanıtlamak için mümkün oluğu kadar kullanın.
 - [ ] DEBUG modunu kapatmayı unutmayın!.
 
 ## Çıktı
 
-- [ ] `X-Content-Type-Options: nosniff` header'ı gönder.
-- [ ] `X-Frame-Options: deny` header'ı gönder.
-- [ ] `Content-Security-Policy: default-src 'none'` header'ı gönder.
-- [ ] Parmak izi başlıklarını kaldırın - `X-Powered-By`, `Server`, `X-AspNet-Version` v.b.
-- [ ] Response'unda `content-type` kullanmaya zorla, eğer veriyi `application/json` olarak döndürürsen, `content-type` karşılığı `application/json` olur.
-- [ ] Hassas verilerinizi geri göndermeyin `credentials`, `Passwords`, `security tokens`.
-- [ ] İşlem tamamlandıktan sonra uygun durum kodunu döndürür. (ör. `200 OK`, `400 Bad Request`, `401 Unauthorized`, `405 Method Not Allowed`, v.b.).
+- [ ] `X-Content-Type-Options: nosniff` header'ı gönderin.
+- [ ] `X-Frame-Options: deny` header'ı gönderin.
+- [ ] `Content-Security-Policy: default-src 'none'` header'ı gönderin.
+- [ ] Parmak izi header'larını kaldırın - `X-Powered-By`, `Server`, `X-AspNet-Version` v.b.
+- [ ] İsteğe verilen cevapta `content-type` kullanmaya zorlayın, eğer veriyi `application/json` olarak döndürürseniz, `content-type` karşılığı `application/json` olmalı.
+- [] `kimlik bilgileri` , `şifreleri` veya `güvenlik token'ları` gibi hassas verileri sonuç içinde göndermeyin.
+- [ ] İşlem tamamlandıktan sonra uygun durum kodunu döndürün. (ör. `200 OK`, `400 Bad Request`, `401 Unauthorized`, `405 Method Not Allowed`, v.b.).
 
 ## CI & CD
 
-- [ ] unit/integration testi kapsamı ile tasarımınızı ve uygulamanızı denetleyin.
-- [ ] Bir kod inceleme işlemi kullanın ve kendi onayınızı dikkate almayın.
-- [ ] Vendor kitaplıkları ve diğer bağımlılıklar da dahil olmak üzere, oluşturmaya başlamadan önce hizmetlerinizin tüm bileşenlerinin AntiVirus yazılımıyla statik olarak tarandığından emin olun.
-- [ ] Dağıtımlar için bir geri yükleme çözümü tasarlayın.
+- [ ] unit/integration testi kapsamı ölçümleri ile tasarımınızı ve uygulamanızı denetleyin.
+- [ ] Bir kod inceleme süreci kullanın ve kendi onayınızı dikkate almayın.
+- [ ] Kodunuzu canlıya göndemreden önce harici kitaplıkları ve diğer bağımlılıklar da dahil olmak üzere hizmetlerinizin tüm bileşenlerinin AntiVirus yazılımıyla statik olarak tarandığından emin olun.
+- [ ] Dağıtımlar için bir geriye dönme çözümü tasarlayın.
 
 ---
 
-## Ayrıca bakınız:
+## Ek kaynaklar:
 
 - [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) - RESTful HTTP+JSON API'leri oluşturmak için kullanışlı kaynakların bir koleksiyonu.
 

From 4d48be76162d830dbad0a22daf1d95d4ea72139e Mon Sep 17 00:00:00 2001
From: Vincent Ting <homerdd@gmail.com>
Date: Fri, 18 Oct 2019 22:03:07 +0800
Subject: [PATCH 080/149] Fix misdescriptions in zh version

---
 README-zh.md | 38 +++++++++++++++++++-------------------
 1 file changed, 19 insertions(+), 19 deletions(-)

diff --git a/README-zh.md b/README-zh.md
index e51b00d..797265e 100644
--- a/README-zh.md
+++ b/README-zh.md
@@ -8,57 +8,57 @@
 
 ## 身份认证
 - [ ] 不要使用 `Basic Auth` 使用标准的认证协议 (如 JWT, OAuth).
-- [ ] 不要再造 `Authentication`, `token generating`, `password storing` 这些轮子, 使用标准的.
-- [ ] 在登录中使用 `Max Retry` 和自动封禁功能.
+- [ ] 不要重新实现 `Authentication`, `token generating`, `password storing`, 使用标准库.
+- [ ] 限制密码错误尝试次数，并且增加账号冻结功能.
 - [ ] 加密所有的敏感数据.
 
 ### JWT (JSON Web Token)
 - [ ] 使用随机复杂的密钥 (`JWT Secret`) 以增加暴力破解的难度.
 - [ ] 不要在请求体中直接提取数据, 要对数据进行加密 (`HS256` 或 `RS256`).
 - [ ] 使 token 的过期时间尽量的短 (`TTL`, `RTTL`).
-- [ ] 不要在 JWT 的请求体中存放敏感数据, 它是[可破解的](https://jwt.io/#debugger-io).
+- [ ] 不要在 JWT 的请求体中存放敏感数据, 它是[可解码的](https://jwt.io/#debugger-io).
 
 ### OAuth 授权或认证协议
 - [ ] 始终在后台验证 `redirect_uri`, 只允许白名单的 URL.
-- [ ] 每次交换令牌的时候不要加 token (不允许 `response_type=token`).
-- [ ] 使用 `state` 参数并填充随机的哈希数来防止跨站请求伪造(CSRF).
+- [ ] 始终在授权时使用有效期较短的授权码（code）而不是令牌（access_token） (不允许 `response_type=token`).
+- [ ] 使用随机哈希数的 `state` 参数来防止跨站请求伪造(CSRF).
 - [ ] 对不同的应用分别定义默认的作用域和各自有效的作用域参数.
 
 ## 访问
 - [ ] 限制流量来防止 DDoS 攻击和暴力攻击.
-- [ ] 在服务端使用 HTTPS 协议来防止 MITM 攻击.
-- [ ] 使用 `HSTS` 协议防止 SSLStrip 攻击.
+- [ ] 在服务端使用 HTTPS 协议来防止 MITM （中间人攻击）.
+- [ ] 使用 `HSTS` 协议防止 SSL Strip 攻击.
 
 ## 输入
 - [ ] 使用与操作相符的 HTTP 操作函数, `GET (读取)`, `POST (创建)`, `PUT (替换/更新)` 以及 `DELETE (删除记录)`, 如果请求的方法不适用于请求的资源则返回 `405 Method Not Allowed`.
 - [ ] 在请求头中的 `content-type` 字段使用内容验证来只允许支持的格式 (如 `application/xml`, `application/json` 等等) 并在不满足条件的时候返回 `406 Not Acceptable`.
-- [ ] 验证 `content-type` 的发布数据和你收到的一样 (如 `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json` 等等).
+- [ ] 验证 `content-type` 中申明的编码和你收到正文编码一致 (如 `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json` 等等).
 - [ ] 验证用户输入来避免一些普通的易受攻击缺陷 (如 `XSS`, `SQL-注入`, `远程代码执行` 等等).
 - [ ] 不要在 URL 中使用任何敏感的数据 (`credentials`, `Passwords`, `security tokens`, or `API keys`), 而是使用标准的认证请求头.
-- [ ] 使用一个 API Gateway 服务来启用缓存、访问速率限制 (如 `Quota`, `Spike Arrest`, `Concurrent Rate Limit`) 以及动态地部署 APIs resources.
+- [ ] 使用一个 API Gateway 服务来启用缓存、限制访问速率 (如 `Quota`, `Spike Arrest`, `Concurrent Rate Limit`) 以及动态地部署 APIs resources.
 
 ## 处理
-- [ ] 检查是否所有的终端都在身份认证之后, 以避免被破坏了的认证体系.
+- [ ] 检查是否所有的接口都包含必要都身份认证, 以避免被破坏了的认证体系.
 - [ ] 避免使用特有的资源 id. 使用 `/me/orders` 替代 `/user/654321/orders`.
 - [ ] 使用 `UUID` 代替自增长的 id.
 - [ ] 如果需要解析 XML 文件, 确保实体解析(entity parsing)是关闭的以避免 `XXE` 攻击.
 - [ ] 如果需要解析 XML 文件, 确保实体扩展(entity expansion)是关闭的以避免通过指数实体扩展攻击实现的 `Billion Laughs/XML bomb`.
 - [ ] 在文件上传中使用 CDN.
-- [ ] 如果需要处理大量的数据, 使用 Workers 和 Queues 来快速响应, 从而避免 HTTP 阻塞.
+- [ ] 如果数据处理量很大, 尽可能使用队列或者 Workers 在后台处理来避免阻塞请求，从而快速响应客户端.
 - [ ] 不要忘了把 DEBUG 模式关掉.
 
 ## 输出
-- [ ] 发送 `X-Content-Type-Options: nosniff` 头.
-- [ ] 发送 `X-Frame-Options: deny` 头.
-- [ ] 发送 `Content-Security-Policy: default-src 'none'` 头.
-- [ ] 删除指纹头 - `X-Powered-By`, `Server`, `X-AspNet-Version` 等等.
-- [ ] 在响应中强制使用 `content-type`, 如果你的类型是 `application/json` 那么你的 `content-type` 就是 `application/json`.
+- [ ] 增加请求返回头 `X-Content-Type-Options: nosniff`.
+- [ ] 增加请求返回头 `X-Frame-Options: deny`.
+- [ ] 增加请求返回头 `Content-Security-Policy: default-src 'none'`.
+- [ ] 删除请求返回中的指纹头 - `X-Powered-By`, `Server`, `X-AspNet-Version` 等等.
+- [ ] 在响应中遵循请求的 `content-type`, 如果你的请求类型是 `application/json` 那么你返回的 `content-type` 就是 `application/json`.
 - [ ] 不要返回敏感的数据, 如 `credentials`, `Passwords`, `security tokens`.
-- [ ] 在操作结束时返回恰当的状态码. (如 `200 OK`, `400 Bad Request`, `401 Unauthorized`, `405 Method Not Allowed` 等等).
+- [ ] 给请求返回使用合理的 HTTP 响应代码. (如 `200 OK`, `400 Bad Request`, `401 Unauthorized`, `405 Method Not Allowed` 等等).
 
 ## 持续集成和持续部署
-- [ ] 使用单元测试和集成测试来审计你的设计和实现.
-- [ ] 引入代码审查流程, 不要自行批准更改.
+- [ ] 使用单元测试以及集成测试的覆盖率来保障你的设计和实现.
+- [ ] 引入代码审查流程, 禁止私自合并代码.
 - [ ] 在推送到生产环境之前确保服务的所有组件都用杀毒软件静态地扫描过, 包括第三方库和其它依赖.
 - [ ] 为部署设计一个回滚方案.
 

From b2edd58e6060b329f3bf591b5c786a25d3be3eca Mon Sep 17 00:00:00 2001
From: mahdavipanah <h.mahdavipanah@gmail.com>
Date: Wed, 25 Dec 2019 01:36:55 +0330
Subject: [PATCH 081/149] Add Persian/Farsi translation

---
 README-fa.md | 77 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 77 insertions(+)
 create mode 100644 README-fa.md

diff --git a/README-fa.md b/README-fa.md
new file mode 100644
index 0000000..a9c7bb5
--- /dev/null
+++ b/README-fa.md
@@ -0,0 +1,77 @@
+[繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [Ελληνικά](./README-el.md)
+
+<div dir="rtl">
+
+# چک‌لیست امنیتی API
+چک‌لیستی از مهم‌ترین کارهای لازم برای حفظ امنیت در زمان طراحی، تست و انتشار API.
+
+---
+
+## احراز هویت
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;از `Basic Auth` یا همان `اصالت‌سنجی برای دسترسی‌های اولیه` استفاده نکن. به جای آن از روش‌های استاندارد احراز هویت استفاده کن (مثلا [JWT](https://jwt.io/) یا [OAuth](https://oauth.net/)).
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;برای کارهایی مثل `احراز هویت`، `تولید توکن` و `ذخیره پسوورد` چرخ را دوباره اختراع نکن. از استانداردها استفاده کن.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;برای لاگین محدودیت‌های `تعداد ماکسیمم تلاش مجدد`  و تعداد دفعات ورود را قرار بده.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;همه‌ی داده‌های حساس را رمزگذاری کن.
+
+### JWT (JSON Web Token)
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;از یک کلید پیچیده‌ی تصادفی برای `JWT Secret` استفاده کن تا حمله‌ی بروت‌فورس به توکن بسیار سخت باشد.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;الگوریتم را از هدر استخراج نکن. در بک‌اند الگوریتم را تحمیل کن (`HS256` یا `RS256`).
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;انقضای توکن (`TTL` یا `RTTL`) را تا حد ممکن کوتاه کن.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;اطلاعات حساس را در پی‌لود JWT ذخیره نکن چون [به راحتی](https://jwt.io/#debugger-io) قابل رمزگشایی است.
+
+### OAuth
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;همیشه `redirect_uri` را در سمت سرور اعتبارسنجی کن تا تنها به URLهای مجاز اجازه داده شود.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;همیشه تلاش کن تا code را به جای token تبادل کنی (اجازه `response_type=token` را نده).
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;از پارامتر `state` با یک هش تصادفی استفاده کن تا از CSRF روی پروسه‌ی احراز هویت OAuth جلوگیری کنی.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;مقدار scope پیش‌فرض را تعریف کن و پارامترهای scope را برای هر اپلیکیشن اعتبارسنجی کن.
+
+## دسترسی
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;رکوئست‌ها را محدود کن (Throttling) تا از حملات DDos یا بروت‌فورس جلوگیری شود.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;در سمت سرور از HTTPS استفاده کن تا از حملات مرد میانی جلوگیری شود.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;از هدر `HSTS` استفاده کن تا از حمله‌ی SSL Strip جلوگیری شود.
+
+## ورودی
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;از متد HTTP مناسب با توجه به نوع عملیات استفاده کن: `GET` برای خواندن، `POST` برای ایجاد کردن، `PUT/PATCH` برای جایگزین یا بروزرسانی و `DELETE` برای حذف یک رکورد، و در صورتیکه متد درخواستی برای منبع درخواست‌شده مناسب نیست با `405 Method Not Allowed` پاسخ بده.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;مقدار `content-type` را در هدر Accept رکوئست (مذاکره محتوا یا Content Negotiation) اعتبارسنجی کن تا فقط به فرمت‌های مورد پشتیبانی اجازه داده شود (مثلا `application/xml`، `application/json` و ...).
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;مقدار `content-type` در داده‌ی پست‌شده را اعتبارسنجی کن (مثلا `application/x-www-form-urlencoded`، `multipart/form-data`، `application/json` و ...).
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;ورودی کاربر را اعتبارسنجی کن تا از آسیب‌پذیری‌های معمول جلوگیری شود (مثلا `XSS`، `SQL-Injection` و `Remote Code Execution`). 
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;هیچ داده‌ی حساسی مثل (داده‌های اعتبارسنجی، پسوورد‌ها، توکن‌های امنیتی یا کلید‌های API) را داخل URL قرار نده و از هدر Authorization استاندارد استفاده کن.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;از یک سرویس API Gateway استفاده کن تا کش‌کردن و سیاست‌های Rate Limit (مثلا `Quota`، `Spike Arrest` یا `Concurrent Rate Limit`) فعال شوند و منابع APIها را به صورت داینامیک دپلوی کن.
+
+## پردازش
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;چک کن که تمامی endpointها توسط احراز هویت محافظت شوند تا از شکستن پروسه‌ی احراز هویت جلوگیری شود.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;از استفاده از ID ریسورس خود کاربر اجتناب کن. به جای `user/654321/orders` از `/me/orders` استفاده کن.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;از IDهای auto-increment استفاده نکن. به جای آن از `UUID` استفاده کن.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;اگر فایل‌های XML را parse میکنی مطمئن شو تا entity parsing غیرفعال باشد تا از `XXE` (XML External entity attack) جلوگیری شود.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;اگر فایل‌های XML را parse میکنی، مطمئن شو تا entity expansion غیرفعال باشد تا از `Billion Laughs/XML bomb` توسط exponential entity expansion attack جلوگیری شود.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;از یک CDN برای آپلودهای فایل استفاده کن.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;اگر با مقادیر بسیار حجیمی از داده باید کار کنی، از Workerها و Queueها استفاده کن تا حداکثر پردازش در بک‌گراند انجام شود و سریع پاسخ را برگردان تا از HTTP Blocking جلوگیری شود.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;خاموش کردن حالت DEBUG را فراموش نکن.
+
+## خروجی
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;هدر `X-Content-Type-Options: nosniff` را ارسال کن.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;هدر `X-Frame-Options: deny` را ارسال کن.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;هدر `'Content-Security-Policy: default-src 'none` را ارسال کن.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;هدرهایی که به نوعی اثرانگشت برجای میگذارند را حذف کن، مثلا `X-Powered-By`، `Server` و ‍`X-AspNet-Version`.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;مقدار `content-type` را برای جواب اجباری کن. اگر `application/json` برمیگردانی، پس `content-type` پاسخ `application/json` است.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;اطلاعات حساس مثل `داده‌های اعتبارسنجی`، `پسوورد‌ها` و `توکن‌های امنیتی` را برنگردان.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;با توجه به عملیات انجام‌شده، status code مناسب را برگردان. مثلا `200 OK`، `400 Bad Request`، `401 Unauthorized` و `405 Method Not Allowed`.
+
+## CI & CD
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;طراحی و پیاده سازی خودت را با پوشش تست‌های unit/integration بازرسی کن.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;از یک پروسه‌ی مرور کد استفاده کن و خود-تاییدی را نادیده بگیر.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;مطمئن شو تا تمامی اجزای سرویس‌هایت، شامل کتابخانه‌های استفاده‌شده و دیگر وابستگی‌ها، قبل از انتشار در حالت production، به طور ایستا توسط نرم‌افزارهای آنتی‌ویروس اسکن شده‌اند.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;برای دپلوی، یک راه‌حل با قابلیت عقبگرد (rollback) طراحی کن.
+
+
+---
+
+## نگاهی بیانداز به:
+- [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) - یک مجموعه از منابع بردردبخور برای ساختن APIهای RESTful با HTTP و JSON - 
+
+
+---
+
+# مشارکت
+برای همکاری و کمک می‌توانی به راحتی این مخزن را fork کنی، تغییرات مورد نظرت را اعمال کنی و یک pull request ثب کنی. اگر سوالی داشتی به آدرس `team@shieldfy.io` ایمیل بزن.
+</div>
\ No newline at end of file

From a825d3cd7c6c68161779dfec0622ec594f209fb2 Mon Sep 17 00:00:00 2001
From: mahdavipanah <h.mahdavipanah@gmail.com>
Date: Wed, 25 Dec 2019 01:39:42 +0330
Subject: [PATCH 082/149] Add Persian/Farsi language to other README files

---
 README-ar.md    | 2 +-
 README-de.md    | 2 +-
 README-el.md    | 2 +-
 README-es.md    | 2 +-
 README-fr.md    | 2 +-
 README-hi.md    | 2 +-
 README-id.md    | 2 +-
 README-it.md    | 2 +-
 README-ja.md    | 2 +-
 README-ko.md    | 2 +-
 README-lo.md    | 2 +-
 README-mk.md    | 2 +-
 README-mn.md    | 2 +-
 README-nl.md    | 2 +-
 README-pl.md    | 2 +-
 README-pt_BR.md | 2 +-
 README-ru.md    | 2 +-
 README-th.md    | 2 +-
 README-tr.md    | 2 +-
 README-tw.md    | 2 +-
 README-uk.md    | 2 +-
 README-vi.md    | 2 +-
 README-zh.md    | 2 +-
 README.md       | 2 +-
 24 files changed, 24 insertions(+), 24 deletions(-)

diff --git a/README-ar.md b/README-ar.md
index 937bfbd..47441fc 100644
--- a/README-ar.md
+++ b/README-ar.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [فارسی](./README-fa.md)
 <div dir="rtl">
 
 # API Security Checklist
diff --git a/README-de.md b/README-de.md
index bc23be0..fb88e07 100644
--- a/README-de.md
+++ b/README-de.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [فارسی](./README-fa.md)
 
 # API Security Checkliste
 Checkliste für die wichtigsten Sicherheitsmaßnahmen beim Designen, Testen und Veröffentlichen deiner API.
diff --git a/README-el.md b/README-el.md
index a55c5a6..00f084d 100644
--- a/README-el.md
+++ b/README-el.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [فارسی](./README-fa.md)
 
 # API λίστα ελέγχου ασφαλείας
 Λίστα με τα πιο σημαντικά μέτρα ασφαλείας στον σχεδιασμό, έλεγχο, και την έκδοση του API σας.
diff --git a/README-es.md b/README-es.md
index af72f6e..089c3af 100644
--- a/README-es.md
+++ b/README-es.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [فارسی](./README-fa.md)
 
 # Lista de seguridad en APIs
 Lista de las contramedidas de seguridad más importantes en cuanto al diseño, testing y publicación de tu API.
diff --git a/README-fr.md b/README-fr.md
index a39e1ba..d642429 100644
--- a/README-fr.md
+++ b/README-fr.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [فارسی](./README-fa.md)
 
 # API Security Checklist
 Checklist des points de sécurité les plus importants lors de la conception, du test et de la mise en production de votre API.
diff --git a/README-hi.md b/README-hi.md
index 1e02ed5..0b261a8 100644
--- a/README-hi.md
+++ b/README-hi.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [فارسی](./README-fa.md)
 
 # API सुरक्षा जांच-सूची
 अपने एपीआई को डिजाइन करने, परीक्षण करने और जारी करने के दौरान सबसे महत्वपूर्ण सुरक्षा प्रतिवाद की जांच सूची|
diff --git a/README-id.md b/README-id.md
index 7d7d326..64df8e0 100644
--- a/README-id.md
+++ b/README-id.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [فارسی](./README-fa.md)
 
 # Checklist Keamanan API
 Checklist penanggulangan keamanan yang paling penting ketika merancang, menguji, dan melepaskan API ke khalayak
diff --git a/README-it.md b/README-it.md
index 8cd8258..f3b08e5 100644
--- a/README-it.md
+++ b/README-it.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [فارسی](./README-fa.md)
 
 # Checklist per la sicurezza delle API
 Una checklist per le più importanti contromisure da mettere in pratica quando strutturiamo, testiamo e rilasciamo le nostre API.
diff --git a/README-ja.md b/README-ja.md
index 0e4cb1a..10066b3 100644
--- a/README-ja.md
+++ b/README-ja.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [فارسی](./README-fa.md)
 
 # APIセキュリティチェックリスト
 APIを設計、テスト、リリースするときの最も重要なセキュリティ対策のチェックリスト
diff --git a/README-ko.md b/README-ko.md
index 90572fd..da26f34 100644
--- a/README-ko.md
+++ b/README-ko.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [فارسی](./README-fa.md)
 
 # API 보안 점검표
 API를 설계하고, 테스트하고, 배포할 때 고려해야 할 중요한 보안 대책에 대한 점검 목록입니다.
diff --git a/README-lo.md b/README-lo.md
index 9ee1cf7..7a5bd65 100644
--- a/README-lo.md
+++ b/README-lo.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [فارسی](./README-fa.md)
 
 # API Security Checklist
 Checklist ທີ່ຕ້ອງໃຫ້ຄວາມສຳຄັນເມື່ອມີການສ້າງ API ໃນຊ່ວງການອອກແບບ ທົດສອບລະບົບ ແລະ ການປ່ອຍໃຫ້ຄົນນອກໃຊ້
diff --git a/README-mk.md b/README-mk.md
index 2d6499b..87103f6 100644
--- a/README-mk.md
+++ b/README-mk.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [ລາວ](./README-lo.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [ລາວ](./README-lo.md) | [فارسی](./README-fa.md)
 
 # API Безбедносна контролна листа
 Безбедносна контролна листа од најважните безбедносни контрамерки при дизајнирање, тестирање и пуштање во употреба на вашето API.
diff --git a/README-mn.md b/README-mn.md
index 63de21d..f2d8923 100644
--- a/README-mn.md
+++ b/README-mn.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [فارسی](./README-fa.md)
 
 # API Аюулгүйн жагсаалт
 API гаргах, загварчлах, тестлэхэд аюулгүйн талаас авах сөрөг арга хэмжээний жагсаалт.
diff --git a/README-nl.md b/README-nl.md
index 970db32..5cd2966 100644
--- a/README-nl.md
+++ b/README-nl.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [فارسی](./README-fa.md)
 
 # API Security Checklist
 Checklist met de belangrijkste tegenmaatregelen bij het ontwerpen, testen en uitbrengen van een API.
diff --git a/README-pl.md b/README-pl.md
index d833742..1260dd2 100644
--- a/README-pl.md
+++ b/README-pl.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [فارسی](./README-fa.md)
 
 # Lista kontrolna bezpieczeństwa API
 Lista kontrolna najważniejszych metod zabezpieczenia podczas projektowania, testowania oraz wypuszczania własnego API.
diff --git a/README-pt_BR.md b/README-pt_BR.md
index 6e78c28..888f03c 100644
--- a/README-pt_BR.md
+++ b/README-pt_BR.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [فارسی](./README-fa.md)
 
 # API Security Checklist
 Lista das mais importantes medidas de segurança para o desenvolvimento, teste e publicação da sua API.
diff --git a/README-ru.md b/README-ru.md
index e847162..f141075 100644
--- a/README-ru.md
+++ b/README-ru.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [فارسی](./README-fa.md)
 
 # Контрольный список безопасности API
 Контрольный список наиболее важных контрмер безопасности при разработке, тестировании и выпуске вашего API.
diff --git a/README-th.md b/README-th.md
index 0b79736..8ca56a4 100644
--- a/README-th.md
+++ b/README-th.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [فارسی](./README-fa.md)
 
 # API Security Checklist
 Checklist ที่ต้องให้ความสำคัญเมื่อมีการสร้าง API ในช่วงการออกแบบ ทดสอบระบบ และการปล่อยให้คนนอกใช้
diff --git a/README-tr.md b/README-tr.md
index 8441957..638da5a 100644
--- a/README-tr.md
+++ b/README-tr.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [فارسی](./README-fa.md)
 
 # API Güvenlik Kontrol Listesi
 
diff --git a/README-tw.md b/README-tw.md
index 39e4965..304d2f5 100644
--- a/README-tw.md
+++ b/README-tw.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md)
+[English](./README.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [فارسی](./README-fa.md)
 
 # 開發安全的 API 所需要核對的清單
 以下是當你在設計, 測試以及發佈你的 API 的時候所需要核對的重要安全措施.
diff --git a/README-uk.md b/README-uk.md
index f91beb3..4442138 100644
--- a/README-uk.md
+++ b/README-uk.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [فارسی](./README-fa.md)
 
 # Контрольний список безпеки API
 Контрольний список найбільш важливих контрзаходів безпеки при розробці, тестуванні та випуску вашого API.
diff --git a/README-vi.md b/README-vi.md
index 5ae0f93..f96c7d4 100644
--- a/README-vi.md
+++ b/README-vi.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [فارسی](./README-fa.md)
 
 # Danh sách các giải pháp an toàn cho API
 Những giải pháp an toàn và cách khắc phục khi thiết kế, kiểm tra và phát hành API cho ứng dụng của bạn.
diff --git a/README-zh.md b/README-zh.md
index 797265e..2076430 100644
--- a/README-zh.md
+++ b/README-zh.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [فارسی](./README-fa.md)
 
 # 开发安全的 API 所需要核对的清单
 以下是当你在设计, 测试以及发布你的 API 的时候所需要核对的重要安全措施.
diff --git a/README.md b/README.md
index e76f265..730a1a1 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,4 @@
-[繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [Ελληνικά](./README-el.md)
+[繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [Ελληνικά](./README-el.md) | [فارسی](./README-fa.md)
 
 # API Security Checklist
 Checklist of the most important security countermeasures when designing, testing, and releasing your API.

From 848a59863a26b5ca61b8337f50eb6f84a3b608a6 Mon Sep 17 00:00:00 2001
From: hylerrix <hylerrix@gmail.com>
Date: Wed, 29 Apr 2020 10:20:03 +0800
Subject: [PATCH 083/149] docs: fix punctuation, make translation more fluent

Signed-off-by: hylerrix <hylerrix@gmail.com>
---
 README-zh.md | 84 ++++++++++++++++++++++++++--------------------------
 1 file changed, 42 insertions(+), 42 deletions(-)

diff --git a/README-zh.md b/README-zh.md
index 797265e..09718ee 100644
--- a/README-zh.md
+++ b/README-zh.md
@@ -1,66 +1,66 @@
 [English](./README.md) | [繁中版](./README-tw.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md)
 
 # 开发安全的 API 所需要核对的清单
-以下是当你在设计, 测试以及发布你的 API 的时候所需要核对的重要安全措施.
+以下是当你在设计，测试以及发布你的 API 的时候所需要核对的重要安全措施。
 
 
 ---
 
 ## 身份认证
-- [ ] 不要使用 `Basic Auth` 使用标准的认证协议 (如 JWT, OAuth).
-- [ ] 不要重新实现 `Authentication`, `token generating`, `password storing`, 使用标准库.
-- [ ] 限制密码错误尝试次数，并且增加账号冻结功能.
-- [ ] 加密所有的敏感数据.
+- [ ] 不要使用 `Basic Auth` ，请使用标准的认证协议 (如 [JWT](https://jwt.io/)，[OAuth](https://oauth.net/)))。
+- [ ] 不要重新实现 `Authentication`、`token generating` 和 `password storing`， 请使用标准库。
+- [ ] 限制密码错误尝试次数，并且增加账号冻结功能。
+- [ ] 加密所有的敏感数据。
 
 ### JWT (JSON Web Token)
-- [ ] 使用随机复杂的密钥 (`JWT Secret`) 以增加暴力破解的难度.
-- [ ] 不要在请求体中直接提取数据, 要对数据进行加密 (`HS256` 或 `RS256`).
-- [ ] 使 token 的过期时间尽量的短 (`TTL`, `RTTL`).
-- [ ] 不要在 JWT 的请求体中存放敏感数据, 它是[可解码的](https://jwt.io/#debugger-io).
+- [ ] 使用随机复杂的密钥 (`JWT Secret`) 以增加暴力破解的难度。
+- [ ] 不要在请求体中直接提取数据，要对数据进行加密 (`HS256` 或 `RS256`)。
+- [ ] 使 token 的过期时间尽量的短 (`TTL`，`RTTL`)。
+- [ ] 不要在 JWT 的请求体中存放敏感数据，因为它是[可解码的](https://jwt.io/#debugger-io)。
 
 ### OAuth 授权或认证协议
-- [ ] 始终在后台验证 `redirect_uri`, 只允许白名单的 URL.
-- [ ] 始终在授权时使用有效期较短的授权码（code）而不是令牌（access_token） (不允许 `response_type=token`).
-- [ ] 使用随机哈希数的 `state` 参数来防止跨站请求伪造(CSRF).
-- [ ] 对不同的应用分别定义默认的作用域和各自有效的作用域参数.
+- [ ] 始终在后台验证 `redirect_uri`，只允许白名单的 URL。
+- [ ] 始终在授权时使用有效期较短的授权码（code）而不是令牌（access_token） (不允许 `response_type=token`)。
+- [ ] 使用随机哈希数的 `state` 参数来防止跨站请求伪造(CSRF)。
+- [ ] 对不同的应用分别定义默认的作用域和各自有效的作用域参数。
 
 ## 访问
-- [ ] 限制流量来防止 DDoS 攻击和暴力攻击.
-- [ ] 在服务端使用 HTTPS 协议来防止 MITM （中间人攻击）.
-- [ ] 使用 `HSTS` 协议防止 SSL Strip 攻击.
+- [ ] 限制流量来防止 DDoS 攻击和暴力攻击。
+- [ ] 在服务端使用 HTTPS 协议来防止 MITM （中间人攻击）。
+- [ ] 使用 `HSTS` 协议防止 SSL Strip 攻击。
 
 ## 输入
-- [ ] 使用与操作相符的 HTTP 操作函数, `GET (读取)`, `POST (创建)`, `PUT (替换/更新)` 以及 `DELETE (删除记录)`, 如果请求的方法不适用于请求的资源则返回 `405 Method Not Allowed`.
-- [ ] 在请求头中的 `content-type` 字段使用内容验证来只允许支持的格式 (如 `application/xml`, `application/json` 等等) 并在不满足条件的时候返回 `406 Not Acceptable`.
-- [ ] 验证 `content-type` 中申明的编码和你收到正文编码一致 (如 `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json` 等等).
-- [ ] 验证用户输入来避免一些普通的易受攻击缺陷 (如 `XSS`, `SQL-注入`, `远程代码执行` 等等).
-- [ ] 不要在 URL 中使用任何敏感的数据 (`credentials`, `Passwords`, `security tokens`, or `API keys`), 而是使用标准的认证请求头.
-- [ ] 使用一个 API Gateway 服务来启用缓存、限制访问速率 (如 `Quota`, `Spike Arrest`, `Concurrent Rate Limit`) 以及动态地部署 APIs resources.
+- [ ] 使用与操作相符的 HTTP 操作函数，`GET (读取)`，`POST (创建)`，`PUT (替换/更新)` 以及 `DELETE (删除记录)`，如果请求的方法不适用于请求的资源则返回 `405 Method Not Allowed`。
+- [ ] 在请求头中的 `content-type` 字段使用内容验证来只允许支持的格式 (如 `application/xml`，`application/json` 等等) 并在不满足条件的时候返回 `406 Not Acceptable`。
+- [ ] 验证 `content-type` 中申明的编码和你收到正文编码一致 (如 `application/x-www-form-urlencoded`，`multipart/form-data`，`application/json` 等等)。
+- [ ] 验证用户输入来避免一些普通的易受攻击缺陷 (如 `XSS`，`SQL-注入`，`远程代码执行` 等等)。
+- [ ] 不要在 URL 中使用任何敏感的数据 (`credentials`，`Passwords`，`security tokens`，or `API keys`)，而是使用标准的认证请求头。
+- [ ] 使用一个 API Gateway 服务来启用缓存、限制访问速率 (如 `Quota`，`Spike Arrest`，`Concurrent Rate Limit`) 以及动态地部署 APIs resources。
 
 ## 处理
-- [ ] 检查是否所有的接口都包含必要都身份认证, 以避免被破坏了的认证体系.
-- [ ] 避免使用特有的资源 id. 使用 `/me/orders` 替代 `/user/654321/orders`.
-- [ ] 使用 `UUID` 代替自增长的 id.
-- [ ] 如果需要解析 XML 文件, 确保实体解析(entity parsing)是关闭的以避免 `XXE` 攻击.
-- [ ] 如果需要解析 XML 文件, 确保实体扩展(entity expansion)是关闭的以避免通过指数实体扩展攻击实现的 `Billion Laughs/XML bomb`.
-- [ ] 在文件上传中使用 CDN.
-- [ ] 如果数据处理量很大, 尽可能使用队列或者 Workers 在后台处理来避免阻塞请求，从而快速响应客户端.
-- [ ] 不要忘了把 DEBUG 模式关掉.
+- [ ] 检查是否所有的接口都包含必要都身份认证，以避免被破坏了的认证体系。
+- [ ] 避免使用特有的资源 id。使用 `/me/orders` 替代 `/user/654321/orders`。
+- [ ] 使用 `UUID` 代替自增长的 id。
+- [ ] 如果需要解析 XML 文件，确保实体解析(entity parsing)是关闭的以避免 `XXE` 攻击。
+- [ ] 如果需要解析 XML 文件，确保实体扩展(entity expansion)是关闭的以避免通过指数实体扩展攻击实现的 `Billion Laughs/XML bomb`。
+- [ ] 在文件上传中使用 CDN。
+- [ ] 如果数据处理量很大，尽可能使用队列或者 Workers 在后台处理来避免阻塞请求，从而快速响应客户端。
+- [ ] 不要忘了把 DEBUG 模式关掉。
 
 ## 输出
-- [ ] 增加请求返回头 `X-Content-Type-Options: nosniff`.
-- [ ] 增加请求返回头 `X-Frame-Options: deny`.
-- [ ] 增加请求返回头 `Content-Security-Policy: default-src 'none'`.
-- [ ] 删除请求返回中的指纹头 - `X-Powered-By`, `Server`, `X-AspNet-Version` 等等.
-- [ ] 在响应中遵循请求的 `content-type`, 如果你的请求类型是 `application/json` 那么你返回的 `content-type` 就是 `application/json`.
-- [ ] 不要返回敏感的数据, 如 `credentials`, `Passwords`, `security tokens`.
-- [ ] 给请求返回使用合理的 HTTP 响应代码. (如 `200 OK`, `400 Bad Request`, `401 Unauthorized`, `405 Method Not Allowed` 等等).
+- [ ] 增加请求返回头 `X-Content-Type-Options: nosniff`。
+- [ ] 增加请求返回头 `X-Frame-Options: deny`。
+- [ ] 增加请求返回头 `Content-Security-Policy: default-src 'none'`。
+- [ ] 删除请求返回中的指纹头 - `X-Powered-By`，`Server`，`X-AspNet-Version` 等等。
+- [ ] 在响应中遵循请求的 `content-type`，如果你的请求类型是 `application/json` 那么你返回的 `content-type` 就是 `application/json`。
+- [ ] 不要返回敏感的数据，如 `credentials`，`Passwords`，`security tokens`。
+- [ ] 给请求返回使用合理的 HTTP 响应代码。(如 `200 OK`，`400 Bad Request`，`401 Unauthorized`，`405 Method Not Allowed` 等等)。
 
 ## 持续集成和持续部署
-- [ ] 使用单元测试以及集成测试的覆盖率来保障你的设计和实现.
-- [ ] 引入代码审查流程, 禁止私自合并代码.
-- [ ] 在推送到生产环境之前确保服务的所有组件都用杀毒软件静态地扫描过, 包括第三方库和其它依赖.
-- [ ] 为部署设计一个回滚方案.
+- [ ] 使用单元测试以及集成测试的覆盖率来保障你的设计和实现。
+- [ ] 引入代码审查流程，禁止私自合并代码。
+- [ ] 在推送到生产环境之前确保服务的所有组件都用杀毒软件静态地扫描过，包括第三方库和其它依赖。
+- [ ] 为部署设计一个回滚方案。
 
 
 ---
@@ -72,4 +72,4 @@
 ---
 
 # 贡献
-为此存储库创建一个 fork, 进行修改, 并提交 pull request 来贡献. 如果您有任何问题, 请发送邮件至 `team@shieldfy.io`.
+为此存储库创建一个 fork，进行修改，并提交 pull request 来贡献。如果您有任何问题，请发送邮件至 `team@shieldfy.io`。

From 9c6a4b96fad0108c41106e381a57e7068df319ad Mon Sep 17 00:00:00 2001
From: hylerrix <hylerrix@gmail.com>
Date: Wed, 29 Apr 2020 11:06:07 +0800
Subject: [PATCH 084/149] docs: fix typo

Signed-off-by: hylerrix <hylerrix@gmail.com>
---
 README-zh.md | 38 +++++++++++++++++++-------------------
 1 file changed, 19 insertions(+), 19 deletions(-)

diff --git a/README-zh.md b/README-zh.md
index 09718ee..d7ab04c 100644
--- a/README-zh.md
+++ b/README-zh.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [Português（Brasil）](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md)
 
 # 开发安全的 API 所需要核对的清单
 以下是当你在设计，测试以及发布你的 API 的时候所需要核对的重要安全措施。
@@ -7,21 +7,21 @@
 ---
 
 ## 身份认证
-- [ ] 不要使用 `Basic Auth` ，请使用标准的认证协议 (如 [JWT](https://jwt.io/)，[OAuth](https://oauth.net/)))。
-- [ ] 不要重新实现 `Authentication`、`token generating` 和 `password storing`， 请使用标准库。
+- [ ] 不要使用 `Basic Auth` ，请使用标准的认证协议（如 [JWT](https://jwt.io/)，[OAuth](https://oauth.net/)）。
+- [ ] 不要重新实现 `Authentication`、`token generating` 和 `password storing`，请使用标准库。
 - [ ] 限制密码错误尝试次数，并且增加账号冻结功能。
 - [ ] 加密所有的敏感数据。
 
-### JWT (JSON Web Token)
-- [ ] 使用随机复杂的密钥 (`JWT Secret`) 以增加暴力破解的难度。
-- [ ] 不要在请求体中直接提取数据，要对数据进行加密 (`HS256` 或 `RS256`)。
-- [ ] 使 token 的过期时间尽量的短 (`TTL`，`RTTL`)。
+### JWT（JSON Web Token）
+- [ ] 使用随机复杂的密钥（`JWT Secret`）以增加暴力破解的难度。
+- [ ] 不要在请求体中直接提取数据，要对数据进行加密（`HS256` 或 `RS256`）。
+- [ ] 使 token 的过期时间尽量的短（`TTL`，`RTTL`）。
 - [ ] 不要在 JWT 的请求体中存放敏感数据，因为它是[可解码的](https://jwt.io/#debugger-io)。
 
 ### OAuth 授权或认证协议
 - [ ] 始终在后台验证 `redirect_uri`，只允许白名单的 URL。
-- [ ] 始终在授权时使用有效期较短的授权码（code）而不是令牌（access_token） (不允许 `response_type=token`)。
-- [ ] 使用随机哈希数的 `state` 参数来防止跨站请求伪造(CSRF)。
+- [ ] 始终在授权时使用有效期较短的授权码（code）而不是令牌（access_token）（不允许 `response_type=token`）。
+- [ ] 使用随机哈希数的 `state` 参数来防止跨站请求伪造（CSRF）。
 - [ ] 对不同的应用分别定义默认的作用域和各自有效的作用域参数。
 
 ## 访问
@@ -30,19 +30,19 @@
 - [ ] 使用 `HSTS` 协议防止 SSL Strip 攻击。
 
 ## 输入
-- [ ] 使用与操作相符的 HTTP 操作函数，`GET (读取)`，`POST (创建)`，`PUT (替换/更新)` 以及 `DELETE (删除记录)`，如果请求的方法不适用于请求的资源则返回 `405 Method Not Allowed`。
-- [ ] 在请求头中的 `content-type` 字段使用内容验证来只允许支持的格式 (如 `application/xml`，`application/json` 等等) 并在不满足条件的时候返回 `406 Not Acceptable`。
-- [ ] 验证 `content-type` 中申明的编码和你收到正文编码一致 (如 `application/x-www-form-urlencoded`，`multipart/form-data`，`application/json` 等等)。
-- [ ] 验证用户输入来避免一些普通的易受攻击缺陷 (如 `XSS`，`SQL-注入`，`远程代码执行` 等等)。
-- [ ] 不要在 URL 中使用任何敏感的数据 (`credentials`，`Passwords`，`security tokens`，or `API keys`)，而是使用标准的认证请求头。
-- [ ] 使用一个 API Gateway 服务来启用缓存、限制访问速率 (如 `Quota`，`Spike Arrest`，`Concurrent Rate Limit`) 以及动态地部署 APIs resources。
+- [ ] 使用与操作相符的 HTTP 操作函数，`GET（读取)`，`POST（创建）`，`PUT（替换/更新）` 以及 `DELETE（删除记录）`，如果请求的方法不适用于请求的资源则返回 `405 Method Not Allowed`。
+- [ ] 在请求头中的 `content-type` 字段使用内容验证来只允许支持的格式（如 `application/xml`，`application/json` 等等）并在不满足条件的时候返回 `406 Not Acceptable`。
+- [ ] 验证 `content-type` 中申明的编码和你收到正文编码一致（如 `application/x-www-form-urlencoded`，`multipart/form-data`，`application/json` 等等）。
+- [ ] 验证用户输入来避免一些普通的易受攻击缺陷（如 `XSS`，`SQL-注入`，`远程代码执行` 等等）。
+- [ ] 不要在 URL 中使用任何敏感的数据（`credentials`，`Passwords`，`security tokens`，or `API keys`），而是使用标准的认证请求头。
+- [ ] 使用一个 API Gateway 服务来启用缓存、限制访问速率（如 `Quota`，`Spike Arrest`，`Concurrent Rate Limit`）以及动态地部署 APIs resources。
 
 ## 处理
 - [ ] 检查是否所有的接口都包含必要都身份认证，以避免被破坏了的认证体系。
 - [ ] 避免使用特有的资源 id。使用 `/me/orders` 替代 `/user/654321/orders`。
 - [ ] 使用 `UUID` 代替自增长的 id。
-- [ ] 如果需要解析 XML 文件，确保实体解析(entity parsing)是关闭的以避免 `XXE` 攻击。
-- [ ] 如果需要解析 XML 文件，确保实体扩展(entity expansion)是关闭的以避免通过指数实体扩展攻击实现的 `Billion Laughs/XML bomb`。
+- [ ] 如果需要解析 XML 文件，确保实体解析（entity parsing）是关闭的以避免 `XXE` 攻击。
+- [ ] 如果需要解析 XML 文件，确保实体扩展（entity expansion）是关闭的以避免通过指数实体扩展攻击实现的 `Billion Laughs/XML bomb`。
 - [ ] 在文件上传中使用 CDN。
 - [ ] 如果数据处理量很大，尽可能使用队列或者 Workers 在后台处理来避免阻塞请求，从而快速响应客户端。
 - [ ] 不要忘了把 DEBUG 模式关掉。
@@ -54,7 +54,7 @@
 - [ ] 删除请求返回中的指纹头 - `X-Powered-By`，`Server`，`X-AspNet-Version` 等等。
 - [ ] 在响应中遵循请求的 `content-type`，如果你的请求类型是 `application/json` 那么你返回的 `content-type` 就是 `application/json`。
 - [ ] 不要返回敏感的数据，如 `credentials`，`Passwords`，`security tokens`。
-- [ ] 给请求返回使用合理的 HTTP 响应代码。(如 `200 OK`，`400 Bad Request`，`401 Unauthorized`，`405 Method Not Allowed` 等等)。
+- [ ] 给请求返回使用合理的 HTTP 响应代码。（如 `200 OK`，`400 Bad Request`，`401 Unauthorized`，`405 Method Not Allowed` 等等）。
 
 ## 持续集成和持续部署
 - [ ] 使用单元测试以及集成测试的覆盖率来保障你的设计和实现。
@@ -66,7 +66,7 @@
 ---
 
 ## 也可以看看：
-- [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) - 用于构建RESTful HTTP+JSON API的有用资源集合。
+- [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) - 用于构建 RESTful HTTP + JSON API 的有用资源集合。
 
 
 ---

From 6bb3347caccbfb14fa19a09f2c68d0e9b6b13d75 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Umut=20I=C5=9F=C4=B1k?= <umutphp@gmail.com>
Date: Sun, 10 May 2020 13:28:11 +0000
Subject: [PATCH 085/149] Translate README-tr.md via GitLocalize

---
 README-tr.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README-tr.md b/README-tr.md
index 8441957..c66859e 100644
--- a/README-tr.md
+++ b/README-tr.md
@@ -8,7 +8,7 @@ API'nizi tasarlarken, test ederken ve yayınlarken en önemli güvenlik önlemle
 
 ## Kimlik Doğrulama
 
-- [ ] `Basic Auth` kullanmayın. Standart bir kimlik doğrulama yapısı kullanın (ör. [JWT](https://jwt.io/), [OAuth](https://oauth.net/)).
+- [ ] `Basic Auth` kullanmayın. Bunun yerine standardlaşmış kimlik doğrulama çözümlerini (örneğin [JWT](https://jwt.io/), [OAuth](https://oauth.net/) gib) kullanmalısınız.
 - [ ] `Kimlik doğrukama`, `token oluşturma`, `şifreleri kaydetme` için tekerleği yeniden icat etmeye çalışmayın. Standartları kullanın.
 - [ ] `Deneme sayısını` sınırlayarak giriş hakkını kısıtlayın.
 - [ ] Tüm hassas verilerde şifreleme kullanın.

From 01cd13b2fd74e0534d5da44dacf572cf999e6192 Mon Sep 17 00:00:00 2001
From: Ozgur Gul <gul.ozgur@yahoo.com>
Date: Mon, 22 Jun 2020 06:32:02 +0100
Subject: [PATCH 086/149] Minor Typo

---
 README-tr.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/README-tr.md b/README-tr.md
index c66859e..25992dc 100644
--- a/README-tr.md
+++ b/README-tr.md
@@ -8,8 +8,8 @@ API'nizi tasarlarken, test ederken ve yayınlarken en önemli güvenlik önlemle
 
 ## Kimlik Doğrulama
 
-- [ ] `Basic Auth` kullanmayın. Bunun yerine standardlaşmış kimlik doğrulama çözümlerini (örneğin [JWT](https://jwt.io/), [OAuth](https://oauth.net/) gib) kullanmalısınız.
-- [ ] `Kimlik doğrukama`, `token oluşturma`, `şifreleri kaydetme` için tekerleği yeniden icat etmeye çalışmayın. Standartları kullanın.
+- [ ] `Basic Auth` kullanmayın. Bunun yerine standardlaşmış kimlik doğrulama çözümlerini (örneğin [JWT](https://jwt.io/), [OAuth](https://oauth.net/) gibi) kullanmalısınız.
+- [ ] `Kimlik doğrulama`, `token oluşturma`, `şifreleri kaydetme` için tekerleği yeniden icat etmeye çalışmayın. Standartları kullanın.
 - [ ] `Deneme sayısını` sınırlayarak giriş hakkını kısıtlayın.
 - [ ] Tüm hassas verilerde şifreleme kullanın.
 

From e8d7e941dc1ff6001f10e9e6334e3347a9c732da Mon Sep 17 00:00:00 2001
From: Ilya Pavlyukov <ipavlyukov@ozon.ru>
Date: Mon, 3 Aug 2020 14:26:16 +0300
Subject: [PATCH 087/149] [RU] human-friendly translation

---
 README-ru.md | 66 ++++++++++++++++++++++++++--------------------------
 1 file changed, 33 insertions(+), 33 deletions(-)

diff --git a/README-ru.md b/README-ru.md
index e847162..e8360a3 100644
--- a/README-ru.md
+++ b/README-ru.md
@@ -1,66 +1,66 @@
 [English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md)
 
 # Контрольный список безопасности API
-Контрольный список наиболее важных контрмер безопасности при разработке, тестировании и выпуске вашего API.
+Чеклист наиболее важных контрмер по безопасности при разработке, тестировании и выпуске вашего API.
 
 
 ---
 
 ## Аутентификация
-- [ ] Не используйте `Basic Auth` Используйте стандартную проверку подлинности (например: JWT, OAuth).
-- [ ] Не "изобретайте колесо" в `аутентификации`, `создании токенов`, `хранении паролей`. Используйте стандарты.
-- [ ] Используйте `Max Retry` и функции jail в Login.
+- [ ] Не используйте `Basic Auth`. Используйте стандартную проверку подлинности (например: JWT, OAuth).
+- [ ] Не изобретайте велосипед для `аутентификации`, `создании токенов`, `хранении паролей`. Используйте стандарты, проверенные библиотеки.
+- [ ] Используйте `Max Retry` и функции jail во время аутентификации.
 - [ ] Используйте шифрование для всех конфиденциальных данных.
 
 ### JWT (JSON Web Token)
-- [ ] Используйте случайный сложный ключ (`JWT Secret`), чтобы сделать брут форс токена очень сложным.
-- [ ] Не извлекайте алгоритм из полезной нагрузки. Внесите алгоритм в бэкэнд (`HS256` или `RS256`).
+- [ ] Используйте случайный сложный ключ (`JWT Secret`), чтобы сделать брут форс токена бесполезным.
+- [ ] Не полагайтесь на переданное в заголовках название алгоритма, лучше закрепите его константой на сервере (`HS256` или `RS256`).
 - [ ] Сделайте срок действия токена (`TTL`, `RTTL`) как можно короче.
-- [ ] Не храните конфиденциальные данные в полезной нагрузке JWT, ее можно [легко декодировать.](https://jwt.io/#debugger-io).
+- [ ] Не храните конфиденциальные данные в JWT, ее можно [легко декодировать.](https://jwt.io/#debugger-io).
 
 ### OAuth
 - [ ] Всегда проверяйте `redirect_uri` на стороне сервера, чтобы разрешать только URL-адреса с белыми списками.
-- [ ] Всегда старайтесь обменивать код, а не токены (не разрешать `response_type=token`).
-- [ ] Используйте параметр `состояния` со случайным хешем, чтобы предотвратить CSRF в процессе аутентификации OAuth.
-- [ ] Определите область по умолчанию и проверьте параметры области для каждого приложения.
+- [ ] Всегда старайтесь обменивать временный код, а не токены (не использовать `response_type=token`).
+- [ ] Используйте параметр `state` со случайным хешем, чтобы предотвратить CSRF в процессе аутентификации OAuth.
+- [ ] Определите scope по умолчанию, а также проверяйте параметры для каждого приложения.
 
 ## Доступ
-- [ ] Ограничьте запросы (Throttling), чтобы избежать DDoS атак / грубой силы (Brute Force).
+- [ ] Установите ограничение на кол-во запросов в минуту (Throttling, RPS), чтобы избежать DDoS атак / грубой силы (Brute Force).
 - [ ] Используйте HTTPS на стороне сервера, чтобы избежать MITM (Man In The Middle Attack / Атака посредника).
 - [ ] Используйте заголовок `HSTS` (HTTP Strict Transport Security) с SSL, чтобы избежать атаки SSL Strip (перехват SSL соединений).
 
-## Ввод
-- [ ] Используйте соответствующий HTTP-метод в соответствии с операцией: `GET (чтение)`, `POST (создание)`, `PUT / PATCH (замена / обновление)` и `DELETE (для удаления записи)`, а также ответьте `405 Method Not Allowed`, если запрошенный метод не подходит для запрашиваемого ресурса.
-- [ ] Подтвердите `тип содержимого` по запросу "Принять заголовок" (Консолидация контента), чтобы разрешить только поддерживаемый формат (например, `application/xml`, `application/json` и т.д.) И отвечайте с недопустимым ответом 406, если он не согласован.
-- [ ] Проверяйте содержимое опубликованных данных `типа контента` по мере их принятия (например, `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json` и т.д.).
+## Запрос
+- [ ] Используйте соответствующий HTTP-метод в соответствии с операцией: `GET (чтение)`, `POST (создание)`, `PUT / PATCH (замена / обновление)` и `DELETE (удаление)`, а также ответьте `405 Method Not Allowed`, если запрошенный метод не подходит для запрашиваемого ресурса.
+- [ ] Проверяй тип данных в заголовоке `Accept`, чтобы разрешить только поддерживаемые форматы (например, `application/xml`, `application/json` и т.д.) И отвечайте `406 Not Acceptable`, если тип не поддерживается.
+- [ ] Проверяйте, сможете ли вы обработать тип получаемых данных (например, `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json` и т.д.).
 - [ ] Проверьте пользовательский ввод во избежание распространенных уязвимостей (например: `XSS`, `SQL-инъекций`, `удаленное выполнение кода` и т.д.).
-- [ ] Не используйте конфиденциальные данные (`учетные данные`, `пароли`, `маркеры безопасности` или `ключи API`) в URL-адресе, но используйте стандартный заголовок авторизации.
-- [ ] Используйте службу шлюза API, чтобы активировать кеширование, ограничение скорости, спайк-арест и динамическое развертывание ресурсов API.
+- [ ] Не передавайте конфиденциальные данные (`учетные данные`, `пароли`, `токены` или `ключи API`) в URL-адресе, вместо него используйте стандартный заголовок `Authorization`.
+- [ ] Используйте единый API-шлюз, чтобы можно было настроить кеширование, ограничение на кол-во запросов, Spike Arrest, а также динамическое развертывание API.
 
 ## Обработка
-- [ ] Проверьте, защищены ли все конечные точки за аутентификацией, чтобы не нарушить процедуру проверки подлинности.
-- [ ] Следует избегать идентификатора пользователя собственного ресурса. Используйте `/me/orders` вместо `/user/654321/orders`.
-- [ ] Не включайте автоинкремент для ID. Вместо этого используйте `UUID`.
-- [ ] Если вы разбираете XML-файлы, убедитесь, что синтаксический анализ сущностей не включен, чтобы избежать `атаки на внешний объект XML` (XML external entity).
-- [ ] Если вы разбираете XML-файлы, убедитесь, что расширение сущности не включено, чтобы избежать `Billion Laughs / XML bomb` с помощью экспоненциальной атаки расширения сущностей.
+- [ ] Проверьте, защищены ли все точки входа аутентификацией, чтобы не нарушить процедуру проверки подлинности.
+- [ ] Следует избегать ID собственного ресурса. Используйте `/me/orders` вместо `/user/654321/orders`.
+- [ ] Не используйте автоинкремент для ID. Вместо этого используйте `UUID`.
+- [ ] Если вы разбираете XML-файлы, убедитесь, что парсинг сущностей выключен, чтобы избежать `XXE` (XML external entity).
+- [ ] Если вы разбираете XML-файлы, убедитесь, что расширение сущности выключено, чтобы избежать `Billion Laughs / XML bomb` через атаку экспоненциального расширения сущностей.
 - [ ] Используйте CDN для загрузки файлов.
-- [ ] Если вы имеете дело с огромным количеством данных, используйте Workers and Queues, чтобы обрабатывать как можно больше в фоновом режиме и быстро возвращать ответ, чтобы избежать блокировки HTTP.
-- [ ] Не забудьте выключить режим DEBUG.
+- [ ] Если вы имеете дело с огромным количеством данных, используйте Workers and Queues, чтобы обрабатывать как можно больше в фоновом режиме и быстро возвращать ответ, чтобы избежать блокирования HTTP.
+- [ ] Не забудьте выключить режим отладки (debug).
 
-## Вывод
+## Ответ
 - [ ] Отправляйте заголовок `X-Content-Type-Options: nosniff`.
 - [ ] Отправляйте заголовок `X-Frame-Options: deny`.
 - [ ] Отправляйте заголовок `Content-Security-Policy: default-src 'none'`.
-- [ ] Удалите заголовки отпечатков пальцев - `X-Powered-By`, `Server`, `X-AspNet-Version` и т.д.
-- [ ] Принудите `тип содержимого` для вашего ответа, если вы вернете `application/json`, тогда ваш тип содержимого ответа будет `application/json`.
-- [ ] Не возвращайте конфиденциальные данные, такие как `учетные данные`, `пароли`, `токены безопасности`.
-- [ ] Возвращайте код состояния в соответствии с завершенной работой. (Например: `200 OK`, `400 Bad Request`, `401 Unauthorized`, `405 Method Not Allowed` и т.д.).
+- [ ] Удалите заголовки, которые могут помочь злоумышленнику в исследовании вашего ресурса на уязвимости - `X-Powered-By`, `Server`, `X-AspNet-Version` и т.д.
+- [ ] Зафиксируйте `Content-Type` для вашего ответа, если вы возвращаете `application/json`, тогда запрос должен быть в `application/json`.
+- [ ] Не возвращайте конфиденциальные данные, такие как `учетные данные`, `пароли`, `токены`.
+- [ ] Возвращайте код состояния в соответствии с итогами обработки. (Например: `200 OK`, `400 Bad Request`, `401 Unauthorized`, `405 Method Not Allowed` и т.д.).
 
 ## Непрерывная интеграция и Непрерывная доставка (CI & CD)
-- [ ] Аудит вашего дизайна и реализации с охватом модулей/интеграционных тестов.
-- [ ] Используйте процесс проверки кода и игнорируйте самоокупаемость.
-- [ ] Убедитесь, что все компоненты ваших служб статически сканируются с помощью антивирусов перед отправкой на производство, включая библиотеки поставщиков и другие зависимости.
-- [ ] Создайте решение отката для развертывания.
+- [ ] Проверяйте ваш проект во время CI/CD. Покрывайте код unit/интеграционными тестами.
+- [ ] Используйте процесс проверки кода (Code Review) коллегами. Не апрувьте сами себя (no Self-Approval).
+- [ ] Убедитесь, что ваше приложение сканируются с помощью антивирусов перед отправкой в прод, включая библиотеки и другие зависимости.
+- [ ] Сделайте возможным быстрый откат на предыдущую версию.
 
 
 ---

From d802b6e5fa7e1672cb3704333c746f4fd7f56852 Mon Sep 17 00:00:00 2001
From: Ilya Pavlyukov <ipavlyukov@ozon.ru>
Date: Mon, 3 Aug 2020 14:32:28 +0300
Subject: [PATCH 088/149] [RU] human-friendly translation

---
 README-ru.md | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/README-ru.md b/README-ru.md
index e8360a3..8f544cd 100644
--- a/README-ru.md
+++ b/README-ru.md
@@ -16,17 +16,17 @@
 - [ ] Используйте случайный сложный ключ (`JWT Secret`), чтобы сделать брут форс токена бесполезным.
 - [ ] Не полагайтесь на переданное в заголовках название алгоритма, лучше закрепите его константой на сервере (`HS256` или `RS256`).
 - [ ] Сделайте срок действия токена (`TTL`, `RTTL`) как можно короче.
-- [ ] Не храните конфиденциальные данные в JWT, ее можно [легко декодировать.](https://jwt.io/#debugger-io).
+- [ ] Не храните конфиденциальные данные в JWT, его можно [легко декодировать.](https://jwt.io/#debugger-io).
 
 ### OAuth
-- [ ] Всегда проверяйте `redirect_uri` на стороне сервера, чтобы разрешать только URL-адреса с белыми списками.
+- [ ] Всегда проверяйте `redirect_uri` на стороне сервера, чтобы разрешать только URL-адреса из белых списков (whitelist).
 - [ ] Всегда старайтесь обменивать временный код, а не токены (не использовать `response_type=token`).
 - [ ] Используйте параметр `state` со случайным хешем, чтобы предотвратить CSRF в процессе аутентификации OAuth.
 - [ ] Определите scope по умолчанию, а также проверяйте параметры для каждого приложения.
 
 ## Доступ
-- [ ] Установите ограничение на кол-во запросов в минуту (Throttling, RPS), чтобы избежать DDoS атак / грубой силы (Brute Force).
-- [ ] Используйте HTTPS на стороне сервера, чтобы избежать MITM (Man In The Middle Attack / Атака посредника).
+- [ ] Установите ограничение на кол-во запросов в минуту (Throttling, RPM-Limit), чтобы избежать DDoS / Brute Force атак.
+- [ ] Используйте HTTPS на стороне сервера, чтобы избежать [MITM](https://ru.wikipedia.org/wiki/Атака_посредника) (Man In The Middle Attack / атака "человек посередине").
 - [ ] Используйте заголовок `HSTS` (HTTP Strict Transport Security) с SSL, чтобы избежать атаки SSL Strip (перехват SSL соединений).
 
 ## Запрос

From e2588ad8db1aab241adfb8c7154a6dc65e963b27 Mon Sep 17 00:00:00 2001
From: Ilya Pavlyukov <ipavlyukov@ozon.ru>
Date: Mon, 3 Aug 2020 14:33:52 +0300
Subject: [PATCH 089/149] [RU] human-friendly translation

---
 README-ru.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README-ru.md b/README-ru.md
index 8f544cd..d3a2655 100644
--- a/README-ru.md
+++ b/README-ru.md
@@ -20,7 +20,7 @@
 
 ### OAuth
 - [ ] Всегда проверяйте `redirect_uri` на стороне сервера, чтобы разрешать только URL-адреса из белых списков (whitelist).
-- [ ] Всегда старайтесь обменивать временный код, а не токены (не использовать `response_type=token`).
+- [ ] Всегда старайтесь использовать одноразовый code, а не токены (не использовать `response_type=token`).
 - [ ] Используйте параметр `state` со случайным хешем, чтобы предотвратить CSRF в процессе аутентификации OAuth.
 - [ ] Определите scope по умолчанию, а также проверяйте параметры для каждого приложения.
 

From 6a2976f3f51e5a35c12e0545db3f342b8d3f6bfa Mon Sep 17 00:00:00 2001
From: Ilya Pavlyukov <ipavlyukov@ozon.ru>
Date: Mon, 3 Aug 2020 14:34:31 +0300
Subject: [PATCH 090/149] [RU] human-friendly translation

---
 README-ru.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README-ru.md b/README-ru.md
index d3a2655..b50dbde 100644
--- a/README-ru.md
+++ b/README-ru.md
@@ -31,7 +31,7 @@
 
 ## Запрос
 - [ ] Используйте соответствующий HTTP-метод в соответствии с операцией: `GET (чтение)`, `POST (создание)`, `PUT / PATCH (замена / обновление)` и `DELETE (удаление)`, а также ответьте `405 Method Not Allowed`, если запрошенный метод не подходит для запрашиваемого ресурса.
-- [ ] Проверяй тип данных в заголовоке `Accept`, чтобы разрешить только поддерживаемые форматы (например, `application/xml`, `application/json` и т.д.) И отвечайте `406 Not Acceptable`, если тип не поддерживается.
+- [ ] Проверяй тип данных в заголовке `Accept`, чтобы разрешить только поддерживаемые форматы (например, `application/xml`, `application/json` и т.д.) И отвечайте `406 Not Acceptable`, если тип не поддерживается.
 - [ ] Проверяйте, сможете ли вы обработать тип получаемых данных (например, `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json` и т.д.).
 - [ ] Проверьте пользовательский ввод во избежание распространенных уязвимостей (например: `XSS`, `SQL-инъекций`, `удаленное выполнение кода` и т.д.).
 - [ ] Не передавайте конфиденциальные данные (`учетные данные`, `пароли`, `токены` или `ключи API`) в URL-адресе, вместо него используйте стандартный заголовок `Authorization`.

From 830db18c0ab35a478ed426ca422fd053e25d1543 Mon Sep 17 00:00:00 2001
From: Ilya Pavlyukov <ipavlyukov@ozon.ru>
Date: Mon, 3 Aug 2020 14:35:56 +0300
Subject: [PATCH 091/149] [RU] human-friendly translation

---
 README-ru.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README-ru.md b/README-ru.md
index b50dbde..b810ddd 100644
--- a/README-ru.md
+++ b/README-ru.md
@@ -8,7 +8,7 @@
 
 ## Аутентификация
 - [ ] Не используйте `Basic Auth`. Используйте стандартную проверку подлинности (например: JWT, OAuth).
-- [ ] Не изобретайте велосипед для `аутентификации`, `создании токенов`, `хранении паролей`. Используйте стандарты, проверенные библиотеки.
+- [ ] Не изобретайте велосипед для `аутентификации`, `создании токенов`, `хранения паролей`. Используйте стандарты, проверенные библиотеки.
 - [ ] Используйте `Max Retry` и функции jail во время аутентификации.
 - [ ] Используйте шифрование для всех конфиденциальных данных.
 

From 771fe5c4edc97258a6415e5bf65cc9f7a1ba364d Mon Sep 17 00:00:00 2001
From: Oleg <33701414+ora@users.noreply.github.com>
Date: Mon, 31 Aug 2020 10:24:51 -0400
Subject: [PATCH 092/149] Update README.md

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index e76f265..e8d7f47 100644
--- a/README.md
+++ b/README.md
@@ -26,7 +26,7 @@ Checklist of the most important security countermeasures when designing, testing
 
 ## Access
 - [ ] Limit requests (Throttling) to avoid DDoS / brute-force attacks.
-- [ ] Use HTTPS on server side to avoid MITM (Man in the Middle Attack).
+- [ ] Use HTTPS on server side with TLS 1.2+ and secure ciphers to avoid MITM (Man in the Middle Attack).
 - [ ] Use `HSTS` header with SSL to avoid SSL Strip attack.
 
 ## Input

From 202521d216999e2c98f9c3eb9772d7f6fe16494f Mon Sep 17 00:00:00 2001
From: siano <siano@sianecki.pl>
Date: Mon, 31 May 2021 12:08:16 +0200
Subject: [PATCH 093/149] Update README-pl.md

Removed duplicate, non translated, line.
---
 README-pl.md | 1 -
 1 file changed, 1 deletion(-)

diff --git a/README-pl.md b/README-pl.md
index d833742..7a63fec 100644
--- a/README-pl.md
+++ b/README-pl.md
@@ -42,7 +42,6 @@ Lista kontrolna najważniejszych metod zabezpieczenia podczas projektowania, tes
 - [ ] Unikaj ukazywania ID użytkownika. Użyj np. `/me/orders` zamiast `/users/654321/orders/`.
 - [ ] Nie używaj auto inkrementacji w polu ID. Zamiast tego użyj `UUID`.
 - [ ] Jeżeli parsujesz pliki XML, upewnij się, że jesteś odporny na `XXE` (XML external entity attack) oraz `Billion Laughs/XML bomb`.
-- [ ] If you are parsing XML files, make sure entity expansion is not enabled to avoid `Billion Laughs/XML bomb` via exponential entity expansion attack.
 - [ ] Użyj CDN do przechowywania wysyłanych plików.
 - [ ] Jeżeli pracujesz z dużą ilością danych, użyj procesów Workers oraz kolejkowania Queues aby przetworzyć jak najwięcej w tle i zwrócić informacje szybko aby uniknąć blokowania HTTP.
 - [ ] Nie zapomnij o wyłączeniu trybu debugowania.

From d0b70cad9cb59a5501c3b4954767798dddbc6e27 Mon Sep 17 00:00:00 2001
From: Emad Saeed <e@emads3.com>
Date: Sun, 30 Jan 2022 13:30:45 +0200
Subject: [PATCH 094/149] fix typo in README-ar.md

---
 README-ar.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README-ar.md b/README-ar.md
index 47441fc..690811a 100644
--- a/README-ar.md
+++ b/README-ar.md
@@ -10,7 +10,7 @@
 ## المصادقة (Authentication)
 - [ ] لا تستخدم `Basic Auth` لكن استخدم المعايير القياسية للمصادقة (مثال [JWT](https://jwt.io/), [OAuth](https://oauth.net/)).
 - [ ] لا تعد اختراع العجلة في `المصادقة`، `توليد الرموز`، `تخزين كلمات المرور`. قم باستخدام المعايير القياسية.
-- [ ] استخدم `تحديد عدد المحاولات` و`الرمان من الدخول jail feature` في تسجيل الدخول.
+- [ ] استخدم `تحديد عدد المحاولات` و`الحرمان من الدخول jail feature` في تسجيل الدخول.
 - [ ] استخدم التشفير في كل البيانات الحساسة.
 
 ### JSON Web Token) JWT)

From 7680abd7c069c6e0069bc13cf8cdee075e37372e Mon Sep 17 00:00:00 2001
From: Prasanth c41m <58906808+prasanthc41m@users.noreply.github.com>
Date: Fri, 4 Mar 2022 18:48:11 +0530
Subject: [PATCH 095/149] Add Malayalam language (#163)

---
 README-ar.md    |  2 +-
 README-de.md    |  2 +-
 README-el.md    |  2 +-
 README-es.md    |  2 +-
 README-fa.md    |  4 +--
 README-fr.md    |  2 +-
 README-hi.md    |  2 +-
 README-id.md    |  2 +-
 README-it.md    |  2 +-
 README-ja.md    |  2 +-
 README-ko.md    |  2 +-
 README-lo.md    |  2 +-
 README-mk.md    |  2 +-
 README-ml.md    | 73 +++++++++++++++++++++++++++++++++++++++++++++++++
 README-mn.md    |  2 +-
 README-nl.md    |  2 +-
 README-pl.md    |  2 +-
 README-pt_BR.md |  2 +-
 README-ru.md    |  2 +-
 README-th.md    |  2 +-
 README-tr.md    |  2 +-
 README-tw.md    |  2 +-
 README-uk.md    |  2 +-
 README-vi.md    |  2 +-
 README-zh.md    |  2 +-
 README.md       |  2 +-
 26 files changed, 99 insertions(+), 26 deletions(-)
 create mode 100644 README-ml.md

diff --git a/README-ar.md b/README-ar.md
index 690811a..1be84c8 100644
--- a/README-ar.md
+++ b/README-ar.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [فارسی](./README-fa.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [فارسی](./README-fa.md) | [മലയാളം](./README-ml.md) 
 <div dir="rtl">
 
 # API Security Checklist
diff --git a/README-de.md b/README-de.md
index fb88e07..31d06e7 100644
--- a/README-de.md
+++ b/README-de.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [فارسی](./README-fa.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [فارسی](./README-fa.md) | [മലയാളം](./README-ml.md) 
 
 # API Security Checkliste
 Checkliste für die wichtigsten Sicherheitsmaßnahmen beim Designen, Testen und Veröffentlichen deiner API.
diff --git a/README-el.md b/README-el.md
index 00f084d..8dc0a97 100644
--- a/README-el.md
+++ b/README-el.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [فارسی](./README-fa.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [فارسی](./README-fa.md) | [മലയാളം](./README-ml.md) 
 
 # API λίστα ελέγχου ασφαλείας
 Λίστα με τα πιο σημαντικά μέτρα ασφαλείας στον σχεδιασμό, έλεγχο, και την έκδοση του API σας.
diff --git a/README-es.md b/README-es.md
index 089c3af..09dfb3c 100644
--- a/README-es.md
+++ b/README-es.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [فارسی](./README-fa.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [فارسی](./README-fa.md) | [മലയാളം](./README-ml.md)
 
 # Lista de seguridad en APIs
 Lista de las contramedidas de seguridad más importantes en cuanto al diseño, testing y publicación de tu API.
diff --git a/README-fa.md b/README-fa.md
index a9c7bb5..4bb21fb 100644
--- a/README-fa.md
+++ b/README-fa.md
@@ -1,4 +1,4 @@
-[繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [Ελληνικά](./README-el.md)
+[繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [Ελληνικά](./README-el.md) | [മലയാളം](./README-ml.md)
 
 <div dir="rtl">
 
@@ -74,4 +74,4 @@
 
 # مشارکت
 برای همکاری و کمک می‌توانی به راحتی این مخزن را fork کنی، تغییرات مورد نظرت را اعمال کنی و یک pull request ثب کنی. اگر سوالی داشتی به آدرس `team@shieldfy.io` ایمیل بزن.
-</div>
\ No newline at end of file
+</div>
diff --git a/README-fr.md b/README-fr.md
index d642429..c335ced 100644
--- a/README-fr.md
+++ b/README-fr.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [فارسی](./README-fa.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [فارسی](./README-fa.md) | [മലയാളം](./README-ml.md)
 
 # API Security Checklist
 Checklist des points de sécurité les plus importants lors de la conception, du test et de la mise en production de votre API.
diff --git a/README-hi.md b/README-hi.md
index 0b261a8..fd80b31 100644
--- a/README-hi.md
+++ b/README-hi.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [فارسی](./README-fa.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [فارسی](./README-fa.md) | [മലയാളം](./README-ml.md)
 
 # API सुरक्षा जांच-सूची
 अपने एपीआई को डिजाइन करने, परीक्षण करने और जारी करने के दौरान सबसे महत्वपूर्ण सुरक्षा प्रतिवाद की जांच सूची|
diff --git a/README-id.md b/README-id.md
index 64df8e0..f18e3b3 100644
--- a/README-id.md
+++ b/README-id.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [فارسی](./README-fa.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [فارسی](./README-fa.md) | [മലയാളം](./README-ml.md)
 
 # Checklist Keamanan API
 Checklist penanggulangan keamanan yang paling penting ketika merancang, menguji, dan melepaskan API ke khalayak
diff --git a/README-it.md b/README-it.md
index f3b08e5..81e3d0d 100644
--- a/README-it.md
+++ b/README-it.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [فارسی](./README-fa.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [فارسی](./README-fa.md) | [മലയാളം](./README-ml.md)
 
 # Checklist per la sicurezza delle API
 Una checklist per le più importanti contromisure da mettere in pratica quando strutturiamo, testiamo e rilasciamo le nostre API.
diff --git a/README-ja.md b/README-ja.md
index 1ae0683..18f63d6 100644
--- a/README-ja.md
+++ b/README-ja.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [فارسی](./README-fa.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [فارسی](./README-fa.md) | [മലയാളം](./README-ml.md)
 
 # APIセキュリティチェックリスト
 APIを設計、テスト、リリースするときの最も重要なセキュリティ対策のチェックリスト
diff --git a/README-ko.md b/README-ko.md
index da26f34..a7d3b8c 100644
--- a/README-ko.md
+++ b/README-ko.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [فارسی](./README-fa.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [فارسی](./README-fa.md) | [മലയാളം](./README-ml.md)
 
 # API 보안 점검표
 API를 설계하고, 테스트하고, 배포할 때 고려해야 할 중요한 보안 대책에 대한 점검 목록입니다.
diff --git a/README-lo.md b/README-lo.md
index 7a5bd65..92cd1ab 100644
--- a/README-lo.md
+++ b/README-lo.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [فارسی](./README-fa.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [فارسی](./README-fa.md) | [മലയാളം](./README-ml.md)
 
 # API Security Checklist
 Checklist ທີ່ຕ້ອງໃຫ້ຄວາມສຳຄັນເມື່ອມີການສ້າງ API ໃນຊ່ວງການອອກແບບ ທົດສອບລະບົບ ແລະ ການປ່ອຍໃຫ້ຄົນນອກໃຊ້
diff --git a/README-mk.md b/README-mk.md
index 87103f6..9a407d4 100644
--- a/README-mk.md
+++ b/README-mk.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [ລາວ](./README-lo.md) | [فارسی](./README-fa.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [ລາວ](./README-lo.md) | [فارسی](./README-fa.md) | [മലയാളം](./README-ml.md)
 
 # API Безбедносна контролна листа
 Безбедносна контролна листа од најважните безбедносни контрамерки при дизајнирање, тестирање и пуштање во употреба на вашето API.
diff --git a/README-ml.md b/README-ml.md
new file mode 100644
index 0000000..293306e
--- /dev/null
+++ b/README-ml.md
@@ -0,0 +1,73 @@
+[繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [Ελληνικά](./README-el.md) | [فارسی](./README-fa.md) | [മലയാളം](./README-ml.md)
+
+# API സുരക്ഷാ ചെക്ക്‌ലിസ്റ്റ്
+നിങ്ങളുടെ API ഡിസൈൻ ചെയ്യുമ്പോഴും ടെസ്റ്റ് ചെയ്യുമ്പോഴും റിലീസ് ചെയ്യുമ്പോഴും പാലിക്കേണ്ട ഏറ്റവും പ്രധാനപ്പെട്ട സുരക്ഷാ പ്രതിരോധ നടപടികളുടെ ചെക്ക്‌ലിസ്റ്റ്.
+
+
+---
+
+## ഒതെന്റിക്കേഷൻ
+- [ ] `Basic Auth` ഉപയോഗിക്കരുത്. പകരം സ്റ്റാൻഡേർഡ് ഓതെന്റിക്കേഷൻ ഉപയോഗിക്കുക (e.g. [JWT](https://jwt.io/), [OAuth](https://oauth.net/)).
+- [ ] `Authentication`, `token generation`, `password storage` എന്നിവയിൽ മുമ്പ് സൃഷ്ടിച്ച അടിസ്ഥാന രീതിയുടെ ആവർത്തനം ഉണ്ടാകരുത്. മാനദണ്ഡങ്ങൾ പാലിക്കുക.
+- [ ] ലോഗിനിൽ `Max Retry` യും ജയിൽ ഫീച്ചേഴ്സും ഉപയോഗിക്കുക.
+- [ ] എല്ലാ സെൻസിറ്റീവ് ഡാറ്റയിലും എൻക്രിപ്ഷൻ ഉപയോഗിക്കുക.
+
+### JWT (JSON വെബ് ടോക്കൺ)
+- [ ] ഒരു റാൻഡം കോംപ്ലിക്കേറ്റഡ് കീ ( `JWT Secret`) ഉപയോഗിച്ച് ടോക്കണിനെ ബ്രൂട്ട് ഫോഴ്‌സ് ചെയ്യുന്നത് ബുദ്ധിമുട്ടുള്ളതാക്കാം.
+- [ ] ഹെയ്ഡറിൽ നിന്ന് അൽഗോരിതം വേര്തിരിച്ചെടുക്കരുത്. അൽഗോരിതത്തെ ബെക്കൻഡിൽ തന്നെ നിലനിർത്തുക (`HS256` അല്ലെങ്കിൽ `RS256`).
+- [ ] ടോക്കൺ കാലഹരണപ്പെടൽ (` TTL`, `RTTL`) കഴിയുന്നത്ര ചെറുതാക്കുക.
+- [ ] സെൻസിറ്റീവ് ഡാറ്റ JWT പേലോഡിൽ സൂക്ഷിക്കരുത്, അത് [എളുപ്പത്തിൽ](https://jwt.io/#debugger-io) ഡീകോഡ് ചെയ്യാം .
+
+## OAuth
+- [ ] വൈറ്റ്‌ലിസ്റ്റ് ചെയ്‌ത URL-കൾ മാത്രം അനുവദിക്കുന്നതിന് എല്ലായ്‌പ്പോഴും `redirect_uri` സെർവർ സൈഡ് സാധൂകരിക്കുക .
+- [ ] `redirect_uri` എല്ലായിപ്പോഴും സെർവർ സൈഡ് വാലിഡേറ്റ് ചെയ്ത് വൈറ്റ്‌ലിസ്റ്റ് ചെയ്‌ത URL-കൾ മാത്രം അനുവദിക്കുക.
+- [ ] എപ്പോഴും  ടോക്കണുകൾ കൈമാറാതെ പകരം കോഡുകൾ കൈമാറാൻ ശ്രമിക്കുക  (`response_type=token` അനുവദിക്കരുത്)
+- [ ] `state` പരാമീറ്ററിനോടൊപ്പം ഒരു റാൻഡം ഹാഷ് ഉപയോഗിച്ച് OAuth ഓതെന്റിക്കേഷൻ പ്രോസസ്സിലെ  `CSRF` തടയാനാവും.
+- [ ] ഓരോ ആപ്ലിക്കേഷനും ഡിഫോൾട്ട് സ്കോപ്പ് നിർവചിക്കുകയും സ്കോപ്പ് പാരാമീറ്ററുകൾ സാധൂകരിക്കുകയും ചെയ്യുക.
+
+## ആക്സസ്
+- [ ] DDoS / ബ്രൂട്ട്-ഫോഴ്സ് ആക്രമണങ്ങൾ ഒഴിവാക്കാൻ റിക്വറ്റുകൾ (ത്രോട്ടിലിംഗ്) പരിമിതപ്പെടുത്തുക.
+- [ ] MITM (മാൻ ഇൻ ദ മിഡിൽ അറ്റാക്ക്) ഒഴിവാക്കാൻ സെർവർ സൈഡിൽ HTTPS ഉപയോഗിക്കുക.
+- [ ] SSL സ്ട്രിപ്പ് ആക്രമണം ഒഴിവാക്കാൻ SSL-നൊപ്പം `HSTS` ഹെഡർ ഉപയോഗിക്കുക .
+- [ ] സ്വകാര്യ API-കൾക്കായി, വൈറ്റ്‌ലിസ്റ്റ് ചെയ്‌ത IP-കൾ/ഹോസ്റ്റുകളിൽ നിന്ന് മാത്രം ആക്‌സസ് അനുവദിക്കുക.
+
+## ഇൻപുട്ട്
+- [ ] പ്രവർത്തനത്തിനനുസരിച്ച് ശരിയായ HTTP രീതി ഉപയോഗിക്കുക: `GET (read)`, `POST (create)`, `PUT/PATCH (replace/update)`, and `DELETE (to delete a record)`, അഭ്യർത്ഥിച്ച ഉറവിടത്തിന് അഭ്യർത്ഥിച്ച രീതി അനുയോജ്യമല്ലെങ്കിൽ `405 Method Not Allowed` എന്ന് പ്രതികരിക്കുക.
+- [ ] Accept ഹെഡ്‍ർ (കണ്ടെന്റ്  നെഗോഷിയേഷൻ) അവശ്യപെടുന്നതിനനുസരിച്ചു `content-type` വാലിഡേറ്റ് ചെയ്യുകയും സപ്പോർട്ട് ചെയ്യുന്ന ഫോർമാറ്റുകൾ മാത്രം അനുവദിക്കുകയും (ഉദാ. `application/xml`, `application/json`, മുതലായവ) പൊരുത്തപ്പെടുന്നില്ലെങ്കിൽ `406 Not Acceptable` എന്ന റെസ്പോൻഡ്‌സ് ഉപയോഗിച്ച് പ്രതികരിക്കുകയും ചെയ്യുക. 
+- [ ] പോസ്റ്റ് ചെയ്‌ത ടാറ്റായുടെ `content-type` നിങ്ങൾ അനുവദിക്കുന്നതതിനനുസരിച് വാലിഡേറ്റ് ചെയ്യുക. (ഉദാ: `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json`, മുതലായവ).
+- [ ] പൊതുവായ വൾനറബിലിറ്റികൾ ഒഴിവാക്കാൻ യൂസർ ഇൻപുട്ട് സാധൂകരിക്കുക (ഉദാ: `XSS`, `SQL-ഇൻജെക്ഷൻ`, `റിമോട്ട് കോഡ് എക്സിക്യൂഷൻ`, മുതലായവ).
+
+## പ്രോസസ്സിംഗ്
+- [ ] തകർന്ന ഓതെന്റിക്കേഷൻ പ്രക്രിയ ഒഴിവാക്കാൻ എല്ലാ എൻഡ് പോയിന്റുകളും ഓതെന്റിക്കേഷൻന് പിന്നിൽ പരിരക്ഷിച്ചിട്ടുണ്ടോയെന്ന് പരിശോധിക്കുക.
+- [ ] ഉപയോക്താവിന്റെ സ്വന്തം റിസോഴ്സ് ഐഡി ഒഴിവാക്കണം. `/me/orders` പകരം `/user/654321/orders` ഉപയോഗിക്കുക.
+- [ ] ഐഡികൾ ഓട്ടോ-ഇൻക്രിമെന്റ്  ചെയ്യരുത്. പകരം `UUID` ഉപയോഗിക്കുക.
+- [ ] നിങ്ങൾ XML ഫയലുകൾ പാഴ്‌സ് ചെയ്യുകയാണെങ്കിൽ, `XXE` (XML ബാഹ്യ എന്റിറ്റി ആക്രമണം) ഒഴിവാക്കുവാൻ എന്റിറ്റി പാഴ്‌സിംഗ് പ്രവർത്തനക്ഷമമാക്കിയിട്ടില്ലെന്ന് ഉറപ്പാക്കുക.
+- [ ] നിങ്ങൾ XML ഫയലുകൾ പാഴ്‌സ് ചെയ്യുകയാണെങ്കിൽ, `Billion Laughs/XML bomb` വഴി എക്‌സ്‌പോണൻഷ്യൽ എന്റിറ്റി എക്സ്പാൻഷൻ അറ്റാക്ക്  ഒഴിവാക്കാൻ എന്റിറ്റി വിപുലീകരണം പ്രവർത്തനക്ഷമമാക്കിയിട്ടില്ലെന്ന് ഉറപ്പാക്കുക.
+- [ ] ഫയൽ അപ്‌ലോഡുകൾക്കായി ഒരു CDN ഉപയോഗിക്കുക.
+- [ ] നിങ്ങൾ വലിയ അളവിലുള്ള ഡാറ്റയാണ് കൈകാര്യം ചെയ്യുന്നതെങ്കിൽ, HTTP തടയൽ ഒഴിവാക്കുന്നതിന് പശ്ചാത്തലത്തിൽ കഴിയുന്നത്ര പ്രോസസ്സ് ചെയ്യാനും പ്രതികരണം വേഗത്തിൽ തിരികെ നൽകാനും വർക്കേഴ്സും ക്യൂകളും ഉപയോഗിക്കുക.
+- [ ] ഡീബഗ് മോഡ് ഓഫ് ചെയ്യാൻ മറക്കരുത്.
+
+## ഔട്ട്പുട്ട്
+- [ ] `X-Content-Type-Options: nosniff`  ഹെഡ്‍ർ അയയ്ക്കുക.
+- [ ] `X-Frame-Options: deny` ഹെഡ്‍ർ അയയ്ക്കുക.
+- [ ] `Content-Security-Policy: default-src 'none'` ഹെഡ്‍ർ അയയ്ക്കുക.
+- [ ] ഫിംഗർപ്രിന്റിങ് ഹെൽഡറുകൾ നീക്കം ചെയ്യുക - `X-Powered-By`, `Server`, `X-AspNet-Version`  മുതലായവ.
+- [ ] `content-type` നെ നിങ്ങളുടെ പ്രതികരണത്തിനായി നിർബന്ധിക്കുക. നിങ്ങളുടെ പ്രതികരണം `application/json` ആണെങ്കിൽ, നിങ്ങളുടെ `content-type` പ്രതികരണവും  `application/json` ആയിരിക്കും.
+- [ ] `Credentials`, `passwords` അല്ലെങ്കിൽ `security tokens` പോലുള്ള സെൻസിറ്റീവ് ഡാറ്റ നൽകരുത്.
+- [ ] പൂർത്തിയാക്കിയ പ്രവർത്തനത്തിനനുസരിച്ച് ശരിയായ സ്റ്റാറ്റസ് കോഡ് തിരികെ നൽകുക. (ഉദാ: `200 OK`, `400 Bad Request`, `401 Unauthorized`, `405 Method Not Allowed`, മുതലായവ).
+- [ ] unit/integration tests കോവേജ് ഉപയോഗിച്ച് നിങ്ങളുടെ ഡിസൈനും  ഇമ്പലമെന്റാഷനും ഔഡിഡ് ചെയ്യുക.
+- [ ] ഒരു കോഡ് റിവ്യൂ പ്രക്രിയ ഉപയോഗിക്കുക, സ്വയം അംഗീകാരം അവഗണിക്കുക.
+- [ ] വെണ്ടർ ലൈബ്രറികളും മറ്റ് ഡിപൻഡൻസികളും ഉൾപ്പെടെ ഉൽപ്പാദനത്തിലേക്ക് നീങ്ങുന്നതിന് മുമ്പ് നിങ്ങളുടെ സേവനങ്ങളുടെ എല്ലാ ഘടകങ്ങളും എവി സോഫ്‌റ്റ്‌വെയർ സ്ഥിരമായി സ്കാൻ ചെയ്തിട്ടുണ്ടെന്ന് ഉറപ്പാക്കുക.
+- [ ] ഡിപ്ലോയ്‌മെന്റിനായി  ഒരു റോൾബാക്ക് പരിഹാരം രൂപകൽപ്പന ചെയ്യുക.
+
+
+---
+
+## ഇതും കാണുക:
+- [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) - RESTful HTTP+JSON API-കൾ നിർമ്മിക്കുന്നതിനുള്ള ഉപയോഗപ്രദമായ വിഭവങ്ങളുടെ ഒരു ശേഖരം.
+
+
+---
+
+# സംഭാവന
+ഈ ശേഖരം ഫോർക്ക് ചെയ്തും ചില മാറ്റങ്ങൾ വരുത്തിയും പുൾ അഭ്യർത്ഥനകൾ സമർപ്പിച്ചും സംഭാവന ചെയ്യാൻ മടിക്കേണ്ടതില്ല. എന്തെങ്കിലും ചോദ്യങ്ങൾക്ക് ഞങ്ങൾക്ക് ഒരു ഇമെയിൽ അയയ്ക്കുക `team@shieldfy.io`.
diff --git a/README-mn.md b/README-mn.md
index f2d8923..d979858 100644
--- a/README-mn.md
+++ b/README-mn.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [فارسی](./README-fa.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [فارسی](./README-fa.md) | [മലയാളം](./README-ml.md)
 
 # API Аюулгүйн жагсаалт
 API гаргах, загварчлах, тестлэхэд аюулгүйн талаас авах сөрөг арга хэмжээний жагсаалт.
diff --git a/README-nl.md b/README-nl.md
index 5cd2966..b6df3fd 100644
--- a/README-nl.md
+++ b/README-nl.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [فارسی](./README-fa.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [فارسی](./README-fa.md) | [മലയാളം](./README-ml.md)
 
 # API Security Checklist
 Checklist met de belangrijkste tegenmaatregelen bij het ontwerpen, testen en uitbrengen van een API.
diff --git a/README-pl.md b/README-pl.md
index 12536db..bcdbfb5 100644
--- a/README-pl.md
+++ b/README-pl.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [فارسی](./README-fa.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [فارسی](./README-fa.md) | [മലയാളം](./README-ml.md)
 
 # Lista kontrolna bezpieczeństwa API
 Lista kontrolna najważniejszych metod zabezpieczenia podczas projektowania, testowania oraz wypuszczania własnego API.
diff --git a/README-pt_BR.md b/README-pt_BR.md
index 888f03c..5d528f3 100644
--- a/README-pt_BR.md
+++ b/README-pt_BR.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [فارسی](./README-fa.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [فارسی](./README-fa.md) | [മലയാളം](./README-ml.md)
 
 # API Security Checklist
 Lista das mais importantes medidas de segurança para o desenvolvimento, teste e publicação da sua API.
diff --git a/README-ru.md b/README-ru.md
index fadd2fa..a0f179c 100644
--- a/README-ru.md
+++ b/README-ru.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [فارسی](./README-fa.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [فارسی](./README-fa.md) | [മലയാളം](./README-ml.md)
 
 # Контрольный список безопасности API
 Чеклист наиболее важных контрмер по безопасности при разработке, тестировании и выпуске вашего API.
diff --git a/README-th.md b/README-th.md
index 8ca56a4..5056121 100644
--- a/README-th.md
+++ b/README-th.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [فارسی](./README-fa.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [فارسی](./README-fa.md) | [മലയാളം](./README-ml.md)
 
 # API Security Checklist
 Checklist ที่ต้องให้ความสำคัญเมื่อมีการสร้าง API ในช่วงการออกแบบ ทดสอบระบบ และการปล่อยให้คนนอกใช้
diff --git a/README-tr.md b/README-tr.md
index d101b2e..d67b66c 100644
--- a/README-tr.md
+++ b/README-tr.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [فارسی](./README-fa.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [فارسی](./README-fa.md) | [മലയാളം](./README-ml.md)
 
 # API Güvenlik Kontrol Listesi
 
diff --git a/README-tw.md b/README-tw.md
index 304d2f5..9d20f38 100644
--- a/README-tw.md
+++ b/README-tw.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [فارسی](./README-fa.md)
+[English](./README.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [فارسی](./README-fa.md) | [മലയാളം](./README-ml.md)
 
 # 開發安全的 API 所需要核對的清單
 以下是當你在設計, 測試以及發佈你的 API 的時候所需要核對的重要安全措施.
diff --git a/README-uk.md b/README-uk.md
index 4442138..a26e3be 100644
--- a/README-uk.md
+++ b/README-uk.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [فارسی](./README-fa.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [فارسی](./README-fa.md) | [മലയാളം](./README-ml.md)
 
 # Контрольний список безпеки API
 Контрольний список найбільш важливих контрзаходів безпеки при розробці, тестуванні та випуску вашого API.
diff --git a/README-vi.md b/README-vi.md
index f96c7d4..ed7fd25 100644
--- a/README-vi.md
+++ b/README-vi.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [فارسی](./README-fa.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [فارسی](./README-fa.md) | [മലയാളം](./README-ml.md)
 
 # Danh sách các giải pháp an toàn cho API
 Những giải pháp an toàn và cách khắc phục khi thiết kế, kiểm tra và phát hành API cho ứng dụng của bạn.
diff --git a/README-zh.md b/README-zh.md
index 86df1b2..3043a34 100644
--- a/README-zh.md
+++ b/README-zh.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [Português（Brasil）](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [فارسی](./README-fa.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [Português（Brasil）](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [فارسی](./README-fa.md) | [മലയാളം](./README-ml.md)
 
 # 开发安全的 API 所需要核对的清单
 以下是当你在设计，测试以及发布你的 API 的时候所需要核对的重要安全措施。
diff --git a/README.md b/README.md
index 3f2e306..4e64726 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,4 @@
-[繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [Ελληνικά](./README-el.md) | [فارسی](./README-fa.md)
+[繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [Ελληνικά](./README-el.md) | [فارسی](./README-fa.md) | [മലയാളം](./README-ml.md) 
 
 # API Security Checklist
 Checklist of the most important security countermeasures when designing, testing, and releasing your API.

From e3424be969404f5b4ecf7f77f2a295981c457bbc Mon Sep 17 00:00:00 2001
From: Miguel Angel Garcia <miguelangel.garcia@gmail.com>
Date: Tue, 19 Jul 2022 07:39:24 +0200
Subject: [PATCH 096/149] Improving processing XML and add YAML to the million
 laughts attack.

---
 README.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 4e64726..c544985 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,4 @@
-[繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [Ελληνικά](./README-el.md) | [فارسی](./README-fa.md) | [മലയാളം](./README-ml.md) 
+[繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [Ελληνικά](./README-el.md) | [فارسی](./README-fa.md) | [മലയാളം](./README-ml.md)
 
 # API Security Checklist
 Checklist of the most important security countermeasures when designing, testing, and releasing your API.
@@ -42,8 +42,8 @@ Checklist of the most important security countermeasures when designing, testing
 - [ ] Check if all the endpoints are protected behind authentication to avoid broken authentication process.
 - [ ] User own resource ID should be avoided. Use `/me/orders` instead of `/user/654321/orders`.
 - [ ] Don't auto-increment IDs. Use `UUID` instead.
-- [ ] If you are parsing XML files, make sure entity parsing is not enabled to avoid `XXE` (XML external entity attack).
-- [ ] If you are parsing XML files, make sure entity expansion is not enabled to avoid `Billion Laughs/XML bomb` via exponential entity expansion attack.
+- [ ] If you are parsing XML data, make sure entity parsing is not enabled to avoid `XXE` (XML external entity attack).
+- [ ] If you are parsing XML, YAML or any other language with anchors and refs, make sure entity expansion is not enabled to avoid `Billion Laughs/XML bomb` via exponential entity expansion attack.
 - [ ] Use a CDN for file uploads.
 - [ ] If you are dealing with huge amount of data, use Workers and Queues to process as much as possible in background and return response fast to avoid HTTP Blocking.
 - [ ] Do not forget to turn the DEBUG mode OFF.

From 8f16c4d420a56b13ebb55b9b69965b81400a6cbd Mon Sep 17 00:00:00 2001
From: Miguel Angel Garcia <miguelangel.garcia@gmail.com>
Date: Tue, 19 Jul 2022 07:40:59 +0200
Subject: [PATCH 097/149] Improve billion laught attack check

---
 README-es.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/README-es.md b/README-es.md
index 09dfb3c..4c599d4 100644
--- a/README-es.md
+++ b/README-es.md
@@ -41,8 +41,8 @@ Lista de las contramedidas de seguridad más importantes en cuanto al diseño, t
 - [ ] Valida que todos los endpoints estén protegidos con autenticación para evitar romper el proceso de autenticación.
 - [ ] Debes evitar los recursos bajo un ID de usuario. Usa `/me/orders` en lugar de `/user/654321/orders`.
 - [ ] No uses IDs auto incrementales. Usa `UUID` en su lugar.
-- [ ] Si estas procesando archivos XML, asegúrate de deshabilitar el procesamiento de entidades para evitar ataques `XXE` (XML external entity attack).
-- [ ] Si estas procesando archivos XML, asegúrate de deshabilitar la expansión de entidades, para evitar un ataque `Billion Laughs/XML bomb` via expansión exponencial de entidades.
+- [ ] Si estas procesando XML, asegúrate de deshabilitar el procesamiento de entidades para evitar ataques `XXE` (XML external entity attack).
+- [ ] Si estas procesando XML, YAML o algún otro lenguaje con soporte para anchors y referencias, asegúrate de deshabilitar la expansión de entidades, para evitar un ataque `Billion Laughs/XML bomb` via expansión exponencial de entidades.
 - [ ] Utiliza CDN para subidas de ficheros.
 - [ ] Si lidias con grandes cantidades de información, utiliza Workers y Colas para procesar tanto cómo sea posible en segundo plano, y devuelve una respuesta rápido para evitar un bloqueo HTTP.
 - [ ] No olvides deshabilitar el modo Debug.

From 9c36b9a3da3b5c9c83ed72f4684fe5bf0a829276 Mon Sep 17 00:00:00 2001
From: Miguel Angel Garcia <miguelangel.garcia@gmail.com>
Date: Tue, 19 Jul 2022 07:45:31 +0200
Subject: [PATCH 098/149] Add spanish translation

---
 README-es.md | 1 +
 README.md    | 3 ++-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/README-es.md b/README-es.md
index 09dfb3c..88ccd99 100644
--- a/README-es.md
+++ b/README-es.md
@@ -17,6 +17,7 @@ Lista de las contramedidas de seguridad más importantes en cuanto al diseño, t
 - [ ] No extraigas el algoritmo del contenido. Fuerza el algoritmo en el backend (`HS256` o `RS256`).
 - [ ] Haz que la expiración del token (`TTL`, `RTTL`) sea tan corta como sea posible.
 - [ ] No almacenes información sensible en el contenido del JWT, puede ser descodificado [fácilmente](https://jwt.io/#debugger-io).
+- [ ] Evita almacenar datos muy grandes o crecientes. JWT se transmite en las headers y éstas tienen un tamaño máximo.
 
 ### OAuth
 - [ ] Siempre valida `redirect_uri` en el lado del servidor para permitir sólo ciertas URLs.
diff --git a/README.md b/README.md
index 4e64726..a4853f5 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,4 @@
-[繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [Ελληνικά](./README-el.md) | [فارسی](./README-fa.md) | [മലയാളം](./README-ml.md) 
+[繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [Ελληνικά](./README-el.md) | [فارسی](./README-fa.md) | [മലയാളം](./README-ml.md)
 
 # API Security Checklist
 Checklist of the most important security countermeasures when designing, testing, and releasing your API.
@@ -17,6 +17,7 @@ Checklist of the most important security countermeasures when designing, testing
 - [ ] Don't extract the algorithm from the header. Force the algorithm in the backend (`HS256` or `RS256`).
 - [ ] Make token expiration (`TTL`, `RTTL`) as short as possible.
 - [ ] Don't store sensitive data in the JWT payload, it can be decoded [easily](https://jwt.io/#debugger-io).
+- [ ] Avoid storing too much or growing up data. JWT is usually shared in headers and they have a size limit.
 
 ### OAuth
 - [ ] Always validate `redirect_uri` server-side to allow only whitelisted URLs.

From 1ccdb8af7304ec7c0a33de4b2b3cd18f8d03bbf5 Mon Sep 17 00:00:00 2001
From: Caleb Mazalevskis <maikuolan@gmail.com>
Date: Sun, 24 Jul 2022 12:49:04 +0800
Subject: [PATCH 099/149] Fix typos.

Thanks @silleknarf. :-)
---
 README.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 4d9c61d..9856dac 100644
--- a/README.md
+++ b/README.md
@@ -60,8 +60,8 @@ Checklist of the most important security countermeasures when designing, testing
 - [ ] Audit your design and implementation with unit/integration tests coverage.
 - [ ] Use a code review process and disregard self-approval.
 - [ ] Ensure that all components of your services are statically scanned by AV software before push to production, including vendor libraries and other dependencies.
-- [ ] Continuesly run security tests (static/dynamic analysis) on your code.
-- [ ] Check your dependency (both software and OS) for known vulnerabilities.
+- [ ] Continuously run security tests (static/dynamic analysis) on your code.
+- [ ] Check your dependencies (both software and OS) for known vulnerabilities.
 - [ ] Ensure that all components of your services are statically scanned by AV software before pushing to production, including vendor libraries and other dependencies.
 - [ ] Design a rollback solution for deployments.
 

From 4f48aa1d4bc301af7de9f2b3af7a08b1efb6fb2b Mon Sep 17 00:00:00 2001
From: Caleb Mazalevskis <maikuolan@gmail.com>
Date: Sun, 24 Jul 2022 12:50:42 +0800
Subject: [PATCH 100/149] Fix typo.

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 9856dac..3c66d96 100644
--- a/README.md
+++ b/README.md
@@ -59,7 +59,7 @@ Checklist of the most important security countermeasures when designing, testing
 ## CI & CD
 - [ ] Audit your design and implementation with unit/integration tests coverage.
 - [ ] Use a code review process and disregard self-approval.
-- [ ] Ensure that all components of your services are statically scanned by AV software before push to production, including vendor libraries and other dependencies.
+- [ ] Ensure that all components of your services are statically scanned by AV software before pushing to production, including vendor libraries and other dependencies.
 - [ ] Continuously run security tests (static/dynamic analysis) on your code.
 - [ ] Check your dependencies (both software and OS) for known vulnerabilities.
 - [ ] Ensure that all components of your services are statically scanned by AV software before pushing to production, including vendor libraries and other dependencies.

From 761a81d49cf4774f0b12c41c79e8b7ec3e03a53d Mon Sep 17 00:00:00 2001
From: Caleb Mazalevskis <maikuolan@gmail.com>
Date: Sun, 24 Jul 2022 12:51:44 +0800
Subject: [PATCH 101/149] Remove duplicate.

---
 README.md | 1 -
 1 file changed, 1 deletion(-)

diff --git a/README.md b/README.md
index 3c66d96..49a5de9 100644
--- a/README.md
+++ b/README.md
@@ -62,7 +62,6 @@ Checklist of the most important security countermeasures when designing, testing
 - [ ] Ensure that all components of your services are statically scanned by AV software before pushing to production, including vendor libraries and other dependencies.
 - [ ] Continuously run security tests (static/dynamic analysis) on your code.
 - [ ] Check your dependencies (both software and OS) for known vulnerabilities.
-- [ ] Ensure that all components of your services are statically scanned by AV software before pushing to production, including vendor libraries and other dependencies.
 - [ ] Design a rollback solution for deployments.
 
 

From 48fafd53f5ae6f5314009b5ef016cd3038dff2db Mon Sep 17 00:00:00 2001
From: Caleb Mazalevskis <maikuolan@gmail.com>
Date: Sun, 24 Jul 2022 13:03:46 +0800
Subject: [PATCH 102/149] Changes per review.

---
 README.md | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/README.md b/README.md
index e2b63c6..00152be 100644
--- a/README.md
+++ b/README.md
@@ -61,11 +61,11 @@ Checklist of the most important security countermeasures when designing, testing
 - [ ] Design a rollback solution for deployments.
 
 ## Monitoring
-- [ ] Use centralized log-ins for all services and components.
-- [ ] Use agents to monitoring all trafic, errors, requests and responses.
-- [ ] Use alerts for SMS, Slack, Email, Telegram, Kibana, Cloudwatch e etc.
-- [ ] Check if you don't log sensitive data like Credit Cards, Passwords and PINs.
-- [ ] Use an IDS or/and IPS system to monitoring your API requests and instances. 
+- [ ] Use centralized logins for all services and components.
+- [ ] Use agents to monitor all traffic, errors, requests, and responses.
+- [ ] Use alerts for SMS, Slack, Email, Telegram, Kibana, Cloudwatch, etc.
+- [ ] Ensure that you aren't logging any sensitive data like credit cards, passwords, PINs, etc.
+- [ ] Use an IDS or/and IPS system to monitor your API requests and instances.
 
 
 ------------------------------------------------------------------------------

From 34e624747c1d03033dc73d39c401908b33dedcc1 Mon Sep 17 00:00:00 2001
From: Caleb Mazalevskis <maikuolan@gmail.com>
Date: Sun, 24 Jul 2022 15:31:51 +0800
Subject: [PATCH 103/149] Adjust alignment for Arabic.

Someone had a good idea for the Farsi translation for how to deal with the
problem of the checkboxes not being accounted for when aligning the text to
the right. This commit borrows that same idea for the Arabic translation.
---
 README-ar.md | 83 ++++++++++++++++++++++++++--------------------------
 1 file changed, 42 insertions(+), 41 deletions(-)

diff --git a/README-ar.md b/README-ar.md
index 1be84c8..11ef1a9 100644
--- a/README-ar.md
+++ b/README-ar.md
@@ -1,4 +1,5 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [فارسی](./README-fa.md) | [മലയാളം](./README-ml.md) 
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [فارسی](./README-fa.md) | [മലയാളം](./README-ml.md)
+
 <div dir="rtl">
 
 # API Security Checklist
@@ -8,60 +9,60 @@
 ---
 
 ## المصادقة (Authentication)
-- [ ] لا تستخدم `Basic Auth` لكن استخدم المعايير القياسية للمصادقة (مثال [JWT](https://jwt.io/), [OAuth](https://oauth.net/)).
-- [ ] لا تعد اختراع العجلة في `المصادقة`، `توليد الرموز`، `تخزين كلمات المرور`. قم باستخدام المعايير القياسية.
-- [ ] استخدم `تحديد عدد المحاولات` و`الحرمان من الدخول jail feature` في تسجيل الدخول.
-- [ ] استخدم التشفير في كل البيانات الحساسة.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;لا تستخدم `Basic Auth` لكن استخدم المعايير القياسية للمصادقة (مثال [JWT](https://jwt.io/), [OAuth](https://oauth.net/)).
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;لا تعد اختراع العجلة في `المصادقة`، `توليد الرموز`، `تخزين كلمات المرور`. قم باستخدام المعايير القياسية.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;استخدم `تحديد عدد المحاولات` و`الحرمان من الدخول jail feature` في تسجيل الدخول.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;استخدم التشفير في كل البيانات الحساسة.
 
 ### JSON Web Token) JWT)
-- [ ] استخدم مفتاح عشوائي ومعقد (`JWT Secret`) لتجعل هجوم التخمين بالقوة brute forcing صعبا جدا.
-- [ ] لا تقم باستخراج خوارزمية التشفير من محتوى رمز الـ JWT. قم بإجبار الرمز البرمجي على استخدام خوارزمية (`HS256` or `RS256`).
-- [ ] اجعل مدة انتهاء الرمز (`TTL`, `RTTL`) قصيرة قدر الإمكان.
-- [ ] لا تقم بتخزين أي بيانات حساسة داخل محتوى رمز الـ JWT, لأنه يمكن كشف هذه المحتويات بسهولة [easily](https://jwt.io/#debugger-io).
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;استخدم مفتاح عشوائي ومعقد (`JWT Secret`) لتجعل هجوم التخمين بالقوة brute forcing صعبا جدا.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;لا تقم باستخراج خوارزمية التشفير من محتوى رمز الـ JWT. قم بإجبار الرمز البرمجي على استخدام خوارزمية (`HS256` or `RS256`).
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;اجعل مدة انتهاء الرمز (`TTL`, `RTTL`) قصيرة قدر الإمكان.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;لا تقم بتخزين أي بيانات حساسة داخل محتوى رمز الـ JWT, لأنه يمكن كشف هذه المحتويات بسهولة [easily](https://jwt.io/#debugger-io).
 
 ### OAuth
-- [ ] تحقق دائما من `redirect_uri` في الرمز البرمجي للخادوم لتسمح فقط بقائمة محددة من الروابط.
-- [ ] دائما حاول أن تقوم بالتبادل والرد برمز برمجي وليس بالرمز (لا تسمح `response_type=token`).
-- [ ] استخدم متغير `state` في الرابط مع مزيج عشوائي من الحروف لتمنع هجمات الـ CSRF على عملية المصادقة الخاصة بالـ OAuth.
-- [ ] حدد الصلاحية والنطاق الافتراضي scope، وقم بالتحقق منه مع كل تطبيق.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;تحقق دائما من `redirect_uri` في الرمز البرمجي للخادوم لتسمح فقط بقائمة محددة من الروابط.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;دائما حاول أن تقوم بالتبادل والرد برمز برمجي وليس بالرمز (لا تسمح `response_type=token`).
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;استخدم متغير `state` في الرابط مع مزيج عشوائي من الحروف لتمنع هجمات الـ CSRF على عملية المصادقة الخاصة بالـ OAuth.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;حدد الصلاحية والنطاق الافتراضي scope، وقم بالتحقق منه مع كل تطبيق.
 
 ## الوصول
-- [ ] حدد الطلبات (Throttling) لتتجنب هجوم حجب الخدمة DDoS وهجوم التخمين بالقوة brute-force.
-- [ ] استخدم HTTPS على الخادوم لتتجنب هجمات التنصت على الطلبات MITM (Man In The Middle Attack).
-- [ ] استخدم `HSTS` header مع الـ SSL لتتجنب هجمات الـ SSL Strip.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;حدد الطلبات (Throttling) لتتجنب هجوم حجب الخدمة DDoS وهجوم التخمين بالقوة brute-force.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;استخدم HTTPS على الخادوم لتتجنب هجمات التنصت على الطلبات MITM (Man In The Middle Attack).
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;استخدم `HSTS` header مع الـ SSL لتتجنب هجمات الـ SSL Strip.
 
 ## الإدخال
-- [ ] استخدم الوسيلة المناسبة HTTP method حسب العملية التي تريد القيام بها : `GET (للقرائة)`, `POST (انتاج أو اضافة)`, `PUT/PATCH (لإستبدال او تحديث)`, and `DELETE (لحذف سجل)`, و قم بالرد بـ `405 Method Not Allowed` في حالة إذا كانت الوسيلة method غير مناسبة .
-- [ ] قم بالتحقق من `content-type` في رأس الطلب reuest header أو ما يسمى بـ (Content Negotiation) لتسمح فقط بالتنسيقات المدعومة (مثال `application/xml`, `application/json`, إلى آخره) وقم بالرد بـ `406 Not Acceptable` إذا كان التنسيق غير ذلك.
-- [ ] قم بالتحقق من `content-type` في محتوى الطلب نفسه posted data (مثال `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json`, إلى آخره).
-- [ ] قم بالتحقق من مدخلات المستخدم لتتجنب الثغرات الشائعة (مثال `XSS`, `SQL-Injection`, `Remote Code Execution`, إلى آخره).
-- [ ] لا تستخدم أي بيانات حساسة (`credentials`, `Passwords`, `security tokens`, or `API keys`) في الرابط ولكن استخدم الطريقة القياسية وهي رأس الطلب الخاص بالمصادقة Authorization header.
-- [ ] استخدم واجهة للـ API لتستفيد من التخزين المؤقت caching وسياسات تحديد عدد الطلبات Rate Limit policies (مثال `الحصة Quota`, `التنبية في الارتفاع المفاجئ Spike Arrest`, `وتحديد عدد الطلبات المتزامنة Concurrent Rate Limit`)
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;استخدم الوسيلة المناسبة HTTP method حسب العملية التي تريد القيام بها : `GET (للقرائة)`, `POST (انتاج أو اضافة)`, `PUT/PATCH (لإستبدال او تحديث)`, and `DELETE (لحذف سجل)`, و قم بالرد بـ `405 Method Not Allowed` في حالة إذا كانت الوسيلة method غير مناسبة .
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;قم بالتحقق من `content-type` في رأس الطلب reuest header أو ما يسمى بـ (Content Negotiation) لتسمح فقط بالتنسيقات المدعومة (مثال `application/xml`, `application/json`, إلى آخره) وقم بالرد بـ `406 Not Acceptable` إذا كان التنسيق غير ذلك.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;قم بالتحقق من `content-type` في محتوى الطلب نفسه posted data (مثال `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json`, إلى آخره).
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;قم بالتحقق من مدخلات المستخدم لتتجنب الثغرات الشائعة (مثال `XSS`, `SQL-Injection`, `Remote Code Execution`, إلى آخره).
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;لا تستخدم أي بيانات حساسة (`credentials`, `Passwords`, `security tokens`, or `API keys`) في الرابط ولكن استخدم الطريقة القياسية وهي رأس الطلب الخاص بالمصادقة Authorization header.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;استخدم واجهة للـ API لتستفيد من التخزين المؤقت caching وسياسات تحديد عدد الطلبات Rate Limit policies (مثال `الحصة Quota`, `التنبية في الارتفاع المفاجئ Spike Arrest`, `وتحديد عدد الطلبات المتزامنة Concurrent Rate Limit`)
 
 ## المعالجة
-- [ ] قم بفحص كل النطاقات والروابط للتحقق من كونهم محميين وراء مصادقة authentication لتتجنب المصادقة المكسورة broken authentication.
-- [ ] يجب تجنب استخدام المعرف الخاص بالموارد. قم باستخدام `/me/orders` بدلا من `/user/654321/orders`.
-- [ ] لا تقم باستخدام المعرف التلقائي auto-increment. قم باستخدام `UUID` بدلا منه.
-- [ ] لو قمت بمعالجة ملفات XML, تأكد من أن معالجة entity parsing غير مفعلة لتتجنب هجمات `XXE` (XML external entity).
-- [ ] لو قمت بمعالجة ملفات XML, تأكد من أن entity expansion غير مفعلة لتتجنب هجمات `Billion Laughs/XML bomb` من خلال هجوم exponential entity expansion.
-- [ ] استخدم شبكات تسليم المحتوى CDN لرفع الملفات.
-- [ ] لو كنت تتعامل مع حجم بيانات ضخم، استخدم عمليات منفصلة Workers, Queues لمعالجة البيانات في الخلفية والرد على المستخدم بسرعة لتجنب حجب الطلب HTTP Blocking.
-- [ ] لا تترك وضع التصحيح DEBUG mode في حالة التشغيل.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;قم بفحص كل النطاقات والروابط للتحقق من كونهم محميين وراء مصادقة authentication لتتجنب المصادقة المكسورة broken authentication.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;يجب تجنب استخدام المعرف الخاص بالموارد. قم باستخدام `/me/orders` بدلا من `/user/654321/orders`.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;لا تقم باستخدام المعرف التلقائي auto-increment. قم باستخدام `UUID` بدلا منه.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;لو قمت بمعالجة ملفات XML, تأكد من أن معالجة entity parsing غير مفعلة لتتجنب هجمات `XXE` (XML external entity).
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;لو قمت بمعالجة ملفات XML, تأكد من أن entity expansion غير مفعلة لتتجنب هجمات `Billion Laughs/XML bomb` من خلال هجوم exponential entity expansion.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;استخدم شبكات تسليم المحتوى CDN لرفع الملفات.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;لو كنت تتعامل مع حجم بيانات ضخم، استخدم عمليات منفصلة Workers, Queues لمعالجة البيانات في الخلفية والرد على المستخدم بسرعة لتجنب حجب الطلب HTTP Blocking.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;لا تترك وضع التصحيح DEBUG mode في حالة التشغيل.
 
 ## المخرجات
-- [ ] استخدم `X-Content-Type-Options: nosniff` في رأس الطلب header.
-- [ ] استخدم `X-Frame-Options: deny` في رأس الطلب header.
-- [ ] استخدم `Content-Security-Policy: default-src 'none'` في رأس الطلب header.
-- [ ] احذف الرؤوس headers التي تدل عليك - `X-Powered-By`, `Server`, `X-AspNet-Version` إلى آخره.
-- [ ] قم بإجبار إرسال `content-type` مع الرد، لو قمت بالرد بمحتويات من توع `application/json` فمن المستحسن أن يكون الرد ب`content-type` `application/json`.
-- [ ] لا تقم بالرد بمعلومات وبيانات حساسة مثل `credentials`, `Passwords`, `security tokens`.
-- [ ] قم بالرد بكود حالة صحيح status code طبقا للعملية التي تقوم بها. (مثال `200 OK`, `400 Bad Request`, `401 Unauthorized`, `405 Method Not Allowed`, إلى آخره).
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;استخدم `X-Content-Type-Options: nosniff` في رأس الطلب header.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;استخدم `X-Frame-Options: deny` في رأس الطلب header.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;استخدم `Content-Security-Policy: default-src 'none'` في رأس الطلب header.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;احذف الرؤوس headers التي تدل عليك - `X-Powered-By`, `Server`, `X-AspNet-Version` إلى آخره.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;قم بإجبار إرسال `content-type` مع الرد، لو قمت بالرد بمحتويات من توع `application/json` فمن المستحسن أن يكون الرد ب`content-type` `application/json`.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;لا تقم بالرد بمعلومات وبيانات حساسة مثل `credentials`, `Passwords`, `security tokens`.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;قم بالرد بكود حالة صحيح status code طبقا للعملية التي تقوم بها. (مثال `200 OK`, `400 Bad Request`, `401 Unauthorized`, `405 Method Not Allowed`, إلى آخره).
 
 ## التكامل المستمر CI & النشر المستمر CD
-- [ ] مراجعة التصميم الخاص بك والتنفيذ مع وحدة / التكامل اختبارات الاختبار unit/integration tests coverage.
-- [ ] استخدام عملية مراجعة الرمز البرمجي وتجاهل الموافقة على الرمز البرمجي الذي قمت بكتابته.
-- [ ] تأكد من أن جميع مكونات الخدمات الخاصة بك يتم فحصها بشكل ثابت بواسطة برامج الفيروسات قبل إرسالها إلى الإنتاج، بما في ذلك المكتبات الخارجية وغيرها من التبعيات.
-- [ ] تصميم حل التراجع عن عمليات النشر rollback.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;مراجعة التصميم الخاص بك والتنفيذ مع وحدة / التكامل اختبارات الاختبار unit/integration tests coverage.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;استخدام عملية مراجعة الرمز البرمجي وتجاهل الموافقة على الرمز البرمجي الذي قمت بكتابته.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;تأكد من أن جميع مكونات الخدمات الخاصة بك يتم فحصها بشكل ثابت بواسطة برامج الفيروسات قبل إرسالها إلى الإنتاج، بما في ذلك المكتبات الخارجية وغيرها من التبعيات.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;تصميم حل التراجع عن عمليات النشر rollback.
 
 
 ---

From 8d5df6b634fcd01d9cf7b86afba4d5a87c3c27f6 Mon Sep 17 00:00:00 2001
From: Caleb Mazalevskis <maikuolan@gmail.com>
Date: Sun, 24 Jul 2022 15:39:50 +0800
Subject: [PATCH 104/149] Partial sync.

- Formatting between READMEs.
- Some new entries added, not yet replicated across READMEs, etc.

(Nothing translated yet).
---
 README-ar.md    |  2 ++
 README-de.md    |  4 +++-
 README-el.md    |  4 +++-
 README-es.md    |  2 ++
 README-fa.md    |  6 ++++--
 README-fr.md    |  2 ++
 README-hi.md    |  8 +++++---
 README-id.md    |  2 ++
 README-it.md    |  2 ++
 README-ja.md    |  2 ++
 README-ko.md    |  2 ++
 README-lo.md    |  2 ++
 README-mk.md    |  2 ++
 README-ml.md    |  6 +++++-
 README-mn.md    |  2 ++
 README-nl.md    |  2 ++
 README-pl.md    |  2 ++
 README-pt_BR.md |  2 ++
 README-ru.md    |  2 ++
 README-th.md    |  2 ++
 README-tr.md    | 16 +++++-----------
 README-tw.md    |  2 ++
 README-uk.md    |  2 ++
 README-vi.md    |  2 ++
 README-zh.md    |  2 ++
 25 files changed, 63 insertions(+), 19 deletions(-)

diff --git a/README-ar.md b/README-ar.md
index 11ef1a9..a0052db 100644
--- a/README-ar.md
+++ b/README-ar.md
@@ -62,6 +62,8 @@
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;مراجعة التصميم الخاص بك والتنفيذ مع وحدة / التكامل اختبارات الاختبار unit/integration tests coverage.
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;استخدام عملية مراجعة الرمز البرمجي وتجاهل الموافقة على الرمز البرمجي الذي قمت بكتابته.
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;تأكد من أن جميع مكونات الخدمات الخاصة بك يتم فحصها بشكل ثابت بواسطة برامج الفيروسات قبل إرسالها إلى الإنتاج، بما في ذلك المكتبات الخارجية وغيرها من التبعيات.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Continuously run security tests (static/dynamic analysis) on your code.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Check your dependencies (both software and OS) for known vulnerabilities.
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;تصميم حل التراجع عن عمليات النشر rollback.
 
 
diff --git a/README-de.md b/README-de.md
index 31d06e7..014c3fa 100644
--- a/README-de.md
+++ b/README-de.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [فارسی](./README-fa.md) | [മലയാളം](./README-ml.md) 
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [فارسی](./README-fa.md) | [മലയാളം](./README-ml.md)
 
 # API Security Checkliste
 Checkliste für die wichtigsten Sicherheitsmaßnahmen beim Designen, Testen und Veröffentlichen deiner API.
@@ -60,6 +60,8 @@ Checkliste für die wichtigsten Sicherheitsmaßnahmen beim Designen, Testen und
 - [ ] Nutze Unit- und Integrationstest und deren Abdeckung (Test Coverage), um deine Implementierungen und Design zu kontrollieren.
 - [ ] Nutze einen Code Review Prozess, aber bleib sachlich.
 - [ ] Stelle sicher, dass alle verwendeten Komponenten (Bibliotheken und alle anderen Abhängigkeiten) noch einmal statisch von einer Anti-Virus Software überprüft wurden bevor diese in die Produktionsumgebung gehen.
+- [ ] Continuously run security tests (static/dynamic analysis) on your code.
+- [ ] Check your dependencies (both software and OS) for known vulnerabilities.
 - [ ] Stelle sicher, dass du im Fehlerfall auch schnell wieder den vorherigen Stand einspielen kannst (Rollback).
 
 
diff --git a/README-el.md b/README-el.md
index 8dc0a97..542bc5a 100644
--- a/README-el.md
+++ b/README-el.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [فارسی](./README-fa.md) | [മലയാളം](./README-ml.md) 
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [فارسی](./README-fa.md) | [മലയാളം](./README-ml.md)
 
 # API λίστα ελέγχου ασφαλείας
 Λίστα με τα πιο σημαντικά μέτρα ασφαλείας στον σχεδιασμό, έλεγχο, και την έκδοση του API σας.
@@ -60,6 +60,8 @@
 - [ ] Ελέγξτε το σχεδιασμό και την κατάσταση της εφαρμογή σας με επαρκή κάλυψη τεστ Unit / integration.
 - [ ] Χρησιμοποιήτε code review διαδικασίες και μη δέχεστε self-approval απο την ομάδα.
 - [ ] Εξασφαλίστε ότι όλα τα στοιχέια των υπηρεσιών σας περνούν απο στατικό έλεγχο με AV software πριν τα αναρτήσετε στο production, συμπεριλαμβανομένου οποιασδήποτε εξωτερικής βιβλιοθήκης που μπορει να χρησιμοποιήτε.
+- [ ] Continuously run security tests (static/dynamic analysis) on your code.
+- [ ] Check your dependencies (both software and OS) for known vulnerabilities.
 - [ ] Σχεδιάστε rollback διαδικασίες για deployments.
 
 
diff --git a/README-es.md b/README-es.md
index 5161c2e..46ca850 100644
--- a/README-es.md
+++ b/README-es.md
@@ -61,6 +61,8 @@ Lista de las contramedidas de seguridad más importantes en cuanto al diseño, t
 - [ ] Audita tu diseño e implementación con tests unitarios/integración y test coverage.
 - [ ] Usa procesos de revisión de código y evita la auto aprobación.
 - [ ] Asegura que todos los componentes de tus servicios se escanean estáticamente con un software AV antes de ir a producción, incluyendo librerías de terceros y dependencias.
+- [ ] Continuously run security tests (static/dynamic analysis) on your code.
+- [ ] Check your dependencies (both software and OS) for known vulnerabilities.
 - [ ] Diseña un proceso de `rollback` para tus `deploys`.
 
 
diff --git a/README-fa.md b/README-fa.md
index 4bb21fb..cfe23e4 100644
--- a/README-fa.md
+++ b/README-fa.md
@@ -34,7 +34,7 @@
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;از متد HTTP مناسب با توجه به نوع عملیات استفاده کن: `GET` برای خواندن، `POST` برای ایجاد کردن، `PUT/PATCH` برای جایگزین یا بروزرسانی و `DELETE` برای حذف یک رکورد، و در صورتیکه متد درخواستی برای منبع درخواست‌شده مناسب نیست با `405 Method Not Allowed` پاسخ بده.
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;مقدار `content-type` را در هدر Accept رکوئست (مذاکره محتوا یا Content Negotiation) اعتبارسنجی کن تا فقط به فرمت‌های مورد پشتیبانی اجازه داده شود (مثلا `application/xml`، `application/json` و ...).
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;مقدار `content-type` در داده‌ی پست‌شده را اعتبارسنجی کن (مثلا `application/x-www-form-urlencoded`، `multipart/form-data`، `application/json` و ...).
-- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;ورودی کاربر را اعتبارسنجی کن تا از آسیب‌پذیری‌های معمول جلوگیری شود (مثلا `XSS`، `SQL-Injection` و `Remote Code Execution`). 
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;ورودی کاربر را اعتبارسنجی کن تا از آسیب‌پذیری‌های معمول جلوگیری شود (مثلا `XSS`، `SQL-Injection` و `Remote Code Execution`).
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;هیچ داده‌ی حساسی مثل (داده‌های اعتبارسنجی، پسوورد‌ها، توکن‌های امنیتی یا کلید‌های API) را داخل URL قرار نده و از هدر Authorization استاندارد استفاده کن.
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;از یک سرویس API Gateway استفاده کن تا کش‌کردن و سیاست‌های Rate Limit (مثلا `Quota`، `Spike Arrest` یا `Concurrent Rate Limit`) فعال شوند و منابع APIها را به صورت داینامیک دپلوی کن.
 
@@ -61,13 +61,15 @@
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;طراحی و پیاده سازی خودت را با پوشش تست‌های unit/integration بازرسی کن.
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;از یک پروسه‌ی مرور کد استفاده کن و خود-تاییدی را نادیده بگیر.
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;مطمئن شو تا تمامی اجزای سرویس‌هایت، شامل کتابخانه‌های استفاده‌شده و دیگر وابستگی‌ها، قبل از انتشار در حالت production، به طور ایستا توسط نرم‌افزارهای آنتی‌ویروس اسکن شده‌اند.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Continuously run security tests (static/dynamic analysis) on your code.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Check your dependencies (both software and OS) for known vulnerabilities.
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;برای دپلوی، یک راه‌حل با قابلیت عقبگرد (rollback) طراحی کن.
 
 
 ---
 
 ## نگاهی بیانداز به:
-- [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) - یک مجموعه از منابع بردردبخور برای ساختن APIهای RESTful با HTTP و JSON - 
+- [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) - یک مجموعه از منابع بردردبخور برای ساختن APIهای RESTful با HTTP و JSON -
 
 
 ---
diff --git a/README-fr.md b/README-fr.md
index c335ced..4c623bd 100644
--- a/README-fr.md
+++ b/README-fr.md
@@ -60,6 +60,8 @@ Checklist des points de sécurité les plus importants lors de la conception, du
 - [ ] Vérifiez votre conception et votre implémentation avec une couverture des tests unitaires et d'intégration.
 - [ ] Utilisez un processus de revue de code et ignorez l'auto-approbation.
 - [ ] Assurez-vous que tous les composants de vos services sont scannés par un logiciel anti-virus avant la mise en production, ainsi que les bibliothèques tierces et autres dépendances.
+- [ ] Continuously run security tests (static/dynamic analysis) on your code.
+- [ ] Check your dependencies (both software and OS) for known vulnerabilities.
 - [ ] Concevez une solution de rollback pour les déploiements.
 
 
diff --git a/README-hi.md b/README-hi.md
index fd80b31..a9d2354 100644
--- a/README-hi.md
+++ b/README-hi.md
@@ -47,19 +47,21 @@
 - [ ] यदि आप बड़ी मात्रा में डेटा के साथ काम कर रहे हैं, तो Workers और Queues का उपयोग पृष्ठभूमि में यथासंभव प्रक्रिया करने के लिए और HTTP अवरोधन(Blocking) से बचने के लिए तेज़ी से return response करें।
 - [ ] DEBUG मोड बंद करने के लिए मत भूलना।
 
- ## Output
+## Output
 - [ ] `X-Content-Type-Options: nosniff` हेडर भेजें।
 - [ ] `X-Frame-Options: deny`हेडर भेजें।
 - [ ] `Content-Security-Policy: default-src 'none'`हेडर भेजें।
 - [ ] `X-Powered-By`, `Server`, `X-AspNet-Version` फिंगरप्रिंटिंग हेडर हटाएं।
 - [ ] आपकी प्रतिक्रिया के लिए `content-type` को बल दें, यदि आप `application/json` वापस करते हैं तो आपकी प्रतिक्रिया `content-type` `application/json` है।
 - [ ] `credentials`, `Passwords`, `security tokens` जैसे संवेदनशील डेटा वापस न करें।
- ऑपरेशन के अनुसार उचित स्थिति कोड वापस करें। (जैसे `200 OK`, `400 Bad Request`, `401 Unauthorized`, `405 Method Not Allowed`, आदि)।
+- [ ] ऑपरेशन के अनुसार उचित स्थिति कोड वापस करें। (जैसे `200 OK`, `400 Bad Request`, `401 Unauthorized`, `405 Method Not Allowed`, आदि)।
 
- ## CI & CD
+## CI & CD
 - [ ] unit/integration परीक्षण कवरेज के साथ अपने डिजाइन और कार्यान्वयन की जांच करें।
 - [ ] कोड समीक्षा प्रक्रिया का उपयोग करें और स्वयं-स्वीकृति की उपेक्षा करें।
 - [ ] सुनिश्चित करें कि आपकी सेवाओं के सभी components को AV सॉफ्टवेयर द्वारा स्कैन करने से पहले उत्पादक को push. vendor libraries और अन्य dependencies शामिल हैं।
+- [ ] Continuously run security tests (static/dynamic analysis) on your code.
+- [ ] Check your dependencies (both software and OS) for known vulnerabilities.
 - [ ] तैनाती के लिए एक रोलबैक समाधान तैयार करें।
 
 
diff --git a/README-id.md b/README-id.md
index f18e3b3..6911c05 100644
--- a/README-id.md
+++ b/README-id.md
@@ -60,6 +60,8 @@ Checklist penanggulangan keamanan yang paling penting ketika merancang, menguji,
 - [ ] Audit rancangan dan pelaksanaan dengan pengujian unit/integrasi.
 - [ ] Gunakan proses ulasan kode dan kesampingkan persetujuan sendiri.
 - [ ] Pastikan seluruh komponen layanan dipindai secara statis menggunakan anti virus sebelum didorong ke lingkungan produksi, termasuk pustaka-pustaka milik vendor dan ketergantungan lainnya.
+- [ ] Continuously run security tests (static/dynamic analysis) on your code.
+- [ ] Check your dependencies (both software and OS) for known vulnerabilities.
 - [ ] Rancang solusi kembali ke versi sebelumnya pada proses penyebaran.
 
 
diff --git a/README-it.md b/README-it.md
index 81e3d0d..956f739 100644
--- a/README-it.md
+++ b/README-it.md
@@ -60,6 +60,8 @@ Una checklist per le più importanti contromisure da mettere in pratica quando s
 - [ ] Verificare il design attraverso gli unit/integration tests.
 - [ ] Definire e utilizzare una procedura di code review per il rilascio, evitando l'auto approvazione.
 - [ ] Verificare che tutti i componenti dei servizi siano controllati da software AV prima di essere messi in produzione, incluse le librerie di terze parti.
+- [ ] Continuously run security tests (static/dynamic analysis) on your code.
+- [ ] Check your dependencies (both software and OS) for known vulnerabilities.
 - [ ] Definire una strategia di rollback per il deploy.
 
 
diff --git a/README-ja.md b/README-ja.md
index 18f63d6..3dcd17f 100644
--- a/README-ja.md
+++ b/README-ja.md
@@ -60,6 +60,8 @@ APIを設計、テスト、リリースするときの最も重要なセキュ
 - [ ] ユニットテスト/結合テストのカバレッジで、設計と実装を継続的に検査する。
 - [ ] コードレビューのプロセスを採用し、自身による承認を無視する。
 - [ ] プロダクションへプッシュする前に、ベンダのライブラリ、その他の依存関係を含め、サービスの全ての要素をアンチウイルスソフトで静的スキャンする。
+- [ ] Continuously run security tests (static/dynamic analysis) on your code.
+- [ ] Check your dependencies (both software and OS) for known vulnerabilities.
 - [ ] デプロイのロールバックを用意する。
 
 
diff --git a/README-ko.md b/README-ko.md
index a7d3b8c..60c08f9 100644
--- a/README-ko.md
+++ b/README-ko.md
@@ -60,6 +60,8 @@ API를 설계하고, 테스트하고, 배포할 때 고려해야 할 중요한 
 - [ ] 단위/통합 테스트 범위로 설계 및 구현을 검토하세요.
 - [ ] 코드 리뷰 절차를 사용하고 자체 승인을 무시하세요.
 - [ ] 제품 출시전에 백신 소프트웨어로 공급 업체의 라이브러리 및 기타 종속적인 것을 포함한 서비스의 모든 구성 요소들을 정적으로 검사했는지 확인하세요.
+- [ ] Continuously run security tests (static/dynamic analysis) on your code.
+- [ ] Check your dependencies (both software and OS) for known vulnerabilities.
 - [ ] 배포에 대한 롤백 솔루션을 설계하세요.
 
 
diff --git a/README-lo.md b/README-lo.md
index 92cd1ab..1bc1b31 100644
--- a/README-lo.md
+++ b/README-lo.md
@@ -60,6 +60,8 @@ Checklist ທີ່ຕ້ອງໃຫ້ຄວາມສຳຄັນເມື່
 - [ ] ກວດສອບ design ກັບ implementation ໃນຂັ້ນ unit/integration test ຢ່າງຄອບຄຸມ.
 - [ ] ໃຫ້ໃຊ້ code review process ບໍ່ແມ່ນວ່າໂຕເອງພໍໃຈກໍໂອເຄແລ້ວ.
 - [ ] ໝັ້ນໃຈວ່າທຸກຢ່າງ service ປອດໄວລັດແລ້ວກ່ອນຈະນຳຂຶ້ນ production ລວມໄປເຖິງ lib ຂອງພວກ vendor ກັບ dependencies ອື່ນໆ ອີກດ້ວຍ.
+- [ ] Continuously run security tests (static/dynamic analysis) on your code.
+- [ ] Check your dependencies (both software and OS) for known vulnerabilities.
 - [ ] ອອກແບບວິທີ rollback ໄວ້ກ່ອນຈະນຳຂຶ້ນໄປ ເພາະເວລາເກີດບັນຈະໄດ້ຍ້ອນກັບມາໃຊ້ version ເກົ່າໄປກ່ອນໄດ້ (ອາດເຈິໄດ້ຫຼາຍໃນຕອນພັດທະນາ feature ໃໝ່ໆ).
 
 
diff --git a/README-mk.md b/README-mk.md
index 9a407d4..f68bc4e 100644
--- a/README-mk.md
+++ b/README-mk.md
@@ -60,6 +60,8 @@
 - [ ] Ревизија на вашиот дизајн и имплементација со покриеност тестови за единица / интеграција.
 - [ ] Користете процес на прегледување на кодот и не дозволувајте самоодобрување.
 - [ ] Осигурајте се дека сите компоненти на вашите услуги се статички скенирани од AV-софтверот пред да се изврши притисок за производство, вклучувајќи библиотеки на продавачи и други зависности.
+- [ ] Continuously run security tests (static/dynamic analysis) on your code.
+- [ ] Check your dependencies (both software and OS) for known vulnerabilities.
 - [ ] Дизајн на rollback за во продукција.
 
 
diff --git a/README-ml.md b/README-ml.md
index 293306e..7bfd43d 100644
--- a/README-ml.md
+++ b/README-ml.md
@@ -33,7 +33,7 @@
 
 ## ഇൻപുട്ട്
 - [ ] പ്രവർത്തനത്തിനനുസരിച്ച് ശരിയായ HTTP രീതി ഉപയോഗിക്കുക: `GET (read)`, `POST (create)`, `PUT/PATCH (replace/update)`, and `DELETE (to delete a record)`, അഭ്യർത്ഥിച്ച ഉറവിടത്തിന് അഭ്യർത്ഥിച്ച രീതി അനുയോജ്യമല്ലെങ്കിൽ `405 Method Not Allowed` എന്ന് പ്രതികരിക്കുക.
-- [ ] Accept ഹെഡ്‍ർ (കണ്ടെന്റ്  നെഗോഷിയേഷൻ) അവശ്യപെടുന്നതിനനുസരിച്ചു `content-type` വാലിഡേറ്റ് ചെയ്യുകയും സപ്പോർട്ട് ചെയ്യുന്ന ഫോർമാറ്റുകൾ മാത്രം അനുവദിക്കുകയും (ഉദാ. `application/xml`, `application/json`, മുതലായവ) പൊരുത്തപ്പെടുന്നില്ലെങ്കിൽ `406 Not Acceptable` എന്ന റെസ്പോൻഡ്‌സ് ഉപയോഗിച്ച് പ്രതികരിക്കുകയും ചെയ്യുക. 
+- [ ] Accept ഹെഡ്‍ർ (കണ്ടെന്റ്  നെഗോഷിയേഷൻ) അവശ്യപെടുന്നതിനനുസരിച്ചു `content-type` വാലിഡേറ്റ് ചെയ്യുകയും സപ്പോർട്ട് ചെയ്യുന്ന ഫോർമാറ്റുകൾ മാത്രം അനുവദിക്കുകയും (ഉദാ. `application/xml`, `application/json`, മുതലായവ) പൊരുത്തപ്പെടുന്നില്ലെങ്കിൽ `406 Not Acceptable` എന്ന റെസ്പോൻഡ്‌സ് ഉപയോഗിച്ച് പ്രതികരിക്കുകയും ചെയ്യുക.
 - [ ] പോസ്റ്റ് ചെയ്‌ത ടാറ്റായുടെ `content-type` നിങ്ങൾ അനുവദിക്കുന്നതതിനനുസരിച് വാലിഡേറ്റ് ചെയ്യുക. (ഉദാ: `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json`, മുതലായവ).
 - [ ] പൊതുവായ വൾനറബിലിറ്റികൾ ഒഴിവാക്കാൻ യൂസർ ഇൻപുട്ട് സാധൂകരിക്കുക (ഉദാ: `XSS`, `SQL-ഇൻജെക്ഷൻ`, `റിമോട്ട് കോഡ് എക്സിക്യൂഷൻ`, മുതലായവ).
 
@@ -55,9 +55,13 @@
 - [ ] `content-type` നെ നിങ്ങളുടെ പ്രതികരണത്തിനായി നിർബന്ധിക്കുക. നിങ്ങളുടെ പ്രതികരണം `application/json` ആണെങ്കിൽ, നിങ്ങളുടെ `content-type` പ്രതികരണവും  `application/json` ആയിരിക്കും.
 - [ ] `Credentials`, `passwords` അല്ലെങ്കിൽ `security tokens` പോലുള്ള സെൻസിറ്റീവ് ഡാറ്റ നൽകരുത്.
 - [ ] പൂർത്തിയാക്കിയ പ്രവർത്തനത്തിനനുസരിച്ച് ശരിയായ സ്റ്റാറ്റസ് കോഡ് തിരികെ നൽകുക. (ഉദാ: `200 OK`, `400 Bad Request`, `401 Unauthorized`, `405 Method Not Allowed`, മുതലായവ).
+
+## CI & CD
 - [ ] unit/integration tests കോവേജ് ഉപയോഗിച്ച് നിങ്ങളുടെ ഡിസൈനും  ഇമ്പലമെന്റാഷനും ഔഡിഡ് ചെയ്യുക.
 - [ ] ഒരു കോഡ് റിവ്യൂ പ്രക്രിയ ഉപയോഗിക്കുക, സ്വയം അംഗീകാരം അവഗണിക്കുക.
 - [ ] വെണ്ടർ ലൈബ്രറികളും മറ്റ് ഡിപൻഡൻസികളും ഉൾപ്പെടെ ഉൽപ്പാദനത്തിലേക്ക് നീങ്ങുന്നതിന് മുമ്പ് നിങ്ങളുടെ സേവനങ്ങളുടെ എല്ലാ ഘടകങ്ങളും എവി സോഫ്‌റ്റ്‌വെയർ സ്ഥിരമായി സ്കാൻ ചെയ്തിട്ടുണ്ടെന്ന് ഉറപ്പാക്കുക.
+- [ ] Continuously run security tests (static/dynamic analysis) on your code.
+- [ ] Check your dependencies (both software and OS) for known vulnerabilities.
 - [ ] ഡിപ്ലോയ്‌മെന്റിനായി  ഒരു റോൾബാക്ക് പരിഹാരം രൂപകൽപ്പന ചെയ്യുക.
 
 
diff --git a/README-mn.md b/README-mn.md
index d979858..df0faeb 100644
--- a/README-mn.md
+++ b/README-mn.md
@@ -60,6 +60,8 @@ API гаргах, загварчлах, тестлэхэд аюулгүйн та
 - [ ] unit/integration тест ашиглан системийн загварчлал, хэрэгжилтийг шалгах.
 - [ ] Код шалгалт ашигла, мөн өөрөө өөрийгөө ч шалга.
 - [ ] Бүх тусдаа хэсгүүд бүр vendor сан, бусад нэмэлт сангууд бүгдийг нь AV програмаар статикаар шалга.
+- [ ] Continuously run security tests (static/dynamic analysis) on your code.
+- [ ] Check your dependencies (both software and OS) for known vulnerabilities.
 - [ ] Ямар ч үед deploy хийхэд амар шийдэл гаргах.
 
 
diff --git a/README-nl.md b/README-nl.md
index b6df3fd..20d6f48 100644
--- a/README-nl.md
+++ b/README-nl.md
@@ -60,6 +60,8 @@ Checklist met de belangrijkste tegenmaatregelen bij het ontwerpen, testen en uit
 - [ ] Controleer het ontwerp en de implementatie met unit/integration test dekking.
 - [ ] Gebruik een code review traject en controleer niet zelf je eigen code.
 - [ ] Scan de API voor het naar productie zetten door AV software, niet alleen eigen code maar ook de libraries en andere gebruikte dependencies.
+- [ ] Continuously run security tests (static/dynamic analysis) on your code.
+- [ ] Check your dependencies (both software and OS) for known vulnerabilities.
 - [ ] Ontwikkel een terugrol oplossing.
 
 
diff --git a/README-pl.md b/README-pl.md
index bcdbfb5..499d948 100644
--- a/README-pl.md
+++ b/README-pl.md
@@ -59,6 +59,8 @@ Lista kontrolna najważniejszych metod zabezpieczenia podczas projektowania, tes
 - [ ] Przetestuj wszystkie rozwiązania stosując testy jednostkowe.
 - [ ] Oddaj kod do przejrzenia innym, poddaj go `code review`.
 - [ ] Upewnij się, że wszystkie komponenty twojej usługi są skanowane przez oprogramowanie antywirusowe przed wejściem na produkcje. Uwzględnij także zewnętrzne biblioteki.
+- [ ] Continuously run security tests (static/dynamic analysis) on your code.
+- [ ] Check your dependencies (both software and OS) for known vulnerabilities.
 - [ ] Stwórz możliwość szybkiego wycofania udostępnionego wdrożenia.
 
 
diff --git a/README-pt_BR.md b/README-pt_BR.md
index 5d528f3..59df9bf 100644
--- a/README-pt_BR.md
+++ b/README-pt_BR.md
@@ -60,6 +60,8 @@ Lista das mais importantes medidas de segurança para o desenvolvimento, teste e
 - [ ] Monitore a especificação e implementação do escopo da sua API através de testes unitários e de integração.
 - [ ] Use um processo de revisão de código, ignorando sistemas de auto-aprovação.
 - [ ] Certifique-se de que todos os componentes de seus serviços sejam validados por _softwares_ AV (anti-vírus, anti-_malware_) antes de enviar para produção, incluindo as dependências de terceiros utilizadas.
+- [ ] Continuously run security tests (static/dynamic analysis) on your code.
+- [ ] Check your dependencies (both software and OS) for known vulnerabilities.
 - [ ] Implemente funcionalidade de reversão de _deploy_ (_rollback_).
 
 
diff --git a/README-ru.md b/README-ru.md
index a0f179c..e81df62 100644
--- a/README-ru.md
+++ b/README-ru.md
@@ -60,6 +60,8 @@
 - [ ] Проверяйте ваш проект во время CI/CD. Покрывайте код unit/интеграционными тестами.
 - [ ] Используйте процесс проверки кода (Code Review) коллегами. Не апрувьте сами себя (no Self-Approval).
 - [ ] Убедитесь, что ваше приложение сканируются с помощью антивирусов перед отправкой в прод, включая библиотеки и другие зависимости.
+- [ ] Continuously run security tests (static/dynamic analysis) on your code.
+- [ ] Check your dependencies (both software and OS) for known vulnerabilities.
 - [ ] Сделайте возможным быстрый откат на предыдущую версию.
 
 
diff --git a/README-th.md b/README-th.md
index 5056121..f8445a1 100644
--- a/README-th.md
+++ b/README-th.md
@@ -59,6 +59,8 @@ Checklist ที่ต้องให้ความสำคัญเมื่
 - [ ] ตรวจสอบ design กับ implementation ในขั้น unit/integration test อย่างครอบคลุม
 - [ ] ให้ใช้ code review process ไม่ใช่ว่าตัวเองพอใจก็โอเคแล้ว
 - [ ] มั่นใจว่าทุกอย่างใน service ปลอดไวรัสแล้วก่อนจะนำขึ้น production รวมถึง lib ของพวก vendor กับ dependencies อื่นๆด้วย
+- [ ] Continuously run security tests (static/dynamic analysis) on your code.
+- [ ] Check your dependencies (both software and OS) for known vulnerabilities.
 - [ ] ออกแบบวิธี rollback ไว้ด้วยก่อนจะนำขึ้นไป เพราะเวลาเกิดปัญหาจะได้ย้อนกลับมาใช้ version เก่าไปก่อนได้ (อาจพบได้บ่อยตอนพัฒนา feature ใหม่ๆ)
 
 
diff --git a/README-tr.md b/README-tr.md
index d67b66c..aefcf6b 100644
--- a/README-tr.md
+++ b/README-tr.md
@@ -7,34 +7,29 @@ API'nizi tasarlarken, test ederken ve yayınlarken en önemli güvenlik önlemle
 ---
 
 ## Kimlik Doğrulama
-
 - [ ] `Basic Auth` kullanmayın. Bunun yerine standardlaşmış kimlik doğrulama çözümlerini (örneğin [JWT](https://jwt.io/), [OAuth](https://oauth.net/) gibi) kullanmalısınız.
 - [ ] `Kimlik doğrulama`, `token oluşturma`, `şifreleri kaydetme` için tekerleği yeniden icat etmeye çalışmayın. Standartları kullanın.
 - [ ] `Deneme sayısını` sınırlayarak giriş hakkını kısıtlayın.
 - [ ] Tüm hassas verilerde şifreleme kullanın.
 
 ### JWT (JSON Web Token)
-
 - [ ] (`JWT Secret`) gibi rastgele, karmaşık ve zor bir anahtar kullanarak kaba kuvvet ile token çözmeyi olabildiğince zorlaştırın.
 - [ ] Algoritmayı gelen veri üzerinden belirlemeyin. Arka uçta olmasını sağlayın. (`HS256` veya `RS256`).
 - [ ] Token'in son kullanma tarihini (`TTL`, `RTTL`) olabildiğince kısa yapın.
 - [ ] Hassas verilerinizi JWT payload içine koymayın, [Kolayca](https://jwt.io/#debugger-io) çözülebilir.
 
 ### OAuth
-
 - [ ] Yalnızca beyaz listeye eklenen URL'lere izin vermek için sunucu tarafındaki `redirect_uri` bilgisini her zaman doğrulayın.
 - [ ] Her zaman code değiştirmeyi deneyin token değiştirmeyi değil (`response_type=token` kullanımına izin vermeyin).
 - [ ] OAuth kimlik doğrulama işlemi sırasında CSRF'yi önlemek için `state` parametresini rasgele hashleyerek kullanın.
 - [ ] Varsayılan kapsamı tanımlayın ve her uygulama için kapsam parametrelerini doğrulayın.
 
 ## Erişim
-
 - [ ] DDoS ya da kaba kuvvet saldırılarından korunmak için istekleri sınırlamalısınız.
 - [ ] MITM (Man In The Middle Attack) saldırılarında korunmak için sunucu tarafında HTTPS kullanın.
 - [ ] SSL Strip saldırılarından korunmak için `HSTS` header'ı SSL ile kullan.
 
 ## Girdi
-
 - [ ] İşleme göre uygun HTTP yöntemini kullanın: `GET (okumak)`, `POST (oluşturmak)`, `PUT/PATCH (değiştirmek/güncellemk)`, ve `DELETE (bir kaydı silmek için)`, eğer istenen yöntem istenen kaynak için uygun değilse `405 Method Not Allowed` mesajı ile cevap verin.
 - [ ] Accept header gelen `content-type` beklediğiniz ve izin verdiğiniz formatta olup olmadığını kontrol edin. (ör. `application/xml`, `application/json`, v.b.) Format uyuşmuyorsa `406 Not Acceptable` mesajı ile cevap verin.
 - [ ] Gönderilen verileri doğrularken gelen verinin `content-type` değerini doğrulayın (ör. `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json`, v.b.).
@@ -43,7 +38,6 @@ API'nizi tasarlarken, test ederken ve yayınlarken en önemli güvenlik önlemle
 - [ ] Önbelleklemeyi ve hız sınır politikalarını (ör. `Quota`, `Spike Arrest`, `Concurrent Rate Limit`) etkinleştirmek için ve API kaynaklarını dinamik olarak dağıtmak için bir API Gateway hizmeti kullanın.
 
 ## İşleme
-
 - [ ] Kimlik doğrulama işleminin atlatılmasını önlemek için, tüm iştem uç noktalarının kimlik doğrulama arkasında korunup korunmadığını kontrol edin.
 - [ ] Kullanıcı için kendi kaynak ID'si kullanılmasından kaçınılmalıdır. `/me/orders` yerine `/user/654321/orders` kullanın.
 - [ ] Otomotik artan ID'ler kullanmayın. Yerine `UUID` kullanın.
@@ -54,30 +48,30 @@ API'nizi tasarlarken, test ederken ve yayınlarken en önemli güvenlik önlemle
 - [ ] DEBUG modunu kapatmayı unutmayın!.
 
 ## Çıktı
-
 - [ ] `X-Content-Type-Options: nosniff` header'ı gönderin.
 - [ ] `X-Frame-Options: deny` header'ı gönderin.
 - [ ] `Content-Security-Policy: default-src 'none'` header'ı gönderin.
 - [ ] Parmak izi header'larını kaldırın - `X-Powered-By`, `Server`, `X-AspNet-Version` v.b.
 - [ ] İsteğe verilen cevapta `content-type` kullanmaya zorlayın, eğer veriyi `application/json` olarak döndürürseniz, `content-type` karşılığı `application/json` olmalı.
-- [] `kimlik bilgileri` , `şifreleri` veya `güvenlik token'ları` gibi hassas verileri sonuç içinde göndermeyin.
+- [ ] `kimlik bilgileri` , `şifreleri` veya `güvenlik token'ları` gibi hassas verileri sonuç içinde göndermeyin.
 - [ ] İşlem tamamlandıktan sonra uygun durum kodunu döndürün. (ör. `200 OK`, `400 Bad Request`, `401 Unauthorized`, `405 Method Not Allowed`, v.b.).
 
 ## CI & CD
-
 - [ ] unit/integration testi kapsamı ölçümleri ile tasarımınızı ve uygulamanızı denetleyin.
 - [ ] Bir kod inceleme süreci kullanın ve kendi onayınızı dikkate almayın.
 - [ ] Kodunuzu canlıya göndemreden önce harici kitaplıkları ve diğer bağımlılıklar da dahil olmak üzere hizmetlerinizin tüm bileşenlerinin AntiVirus yazılımıyla statik olarak tarandığından emin olun.
+- [ ] Continuously run security tests (static/dynamic analysis) on your code.
+- [ ] Check your dependencies (both software and OS) for known vulnerabilities.
 - [ ] Dağıtımlar için bir geriye dönme çözümü tasarlayın.
 
+
 ---
 
 ## Ek kaynaklar:
-
 - [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) - RESTful HTTP+JSON API'leri oluşturmak için kullanışlı kaynakların bir koleksiyonu.
 
+
 ---
 
 # katkı
-
 Bu depoyu forklayarak, bazı değişiklikler yaparak ve pull requests göndererek katkıda bulunmaktan çekinmeyin. Herhangi bir sorunuz için bize bir e-posta bırakın: `team@shieldfy.io`.
diff --git a/README-tw.md b/README-tw.md
index 9d20f38..013a66e 100644
--- a/README-tw.md
+++ b/README-tw.md
@@ -60,6 +60,8 @@
 - [ ] 使用單元測試和整合測試來審計你的設計和實現.
 - [ ] 引入代碼審查流程, 不要自行批准更改.
 - [ ] 在推送到生產環境之前確保服務的所有組件都用殺毒軟件靜態地掃瞄過, 包括第三方庫和其它依賴.
+- [ ] Continuously run security tests (static/dynamic analysis) on your code.
+- [ ] Check your dependencies (both software and OS) for known vulnerabilities.
 - [ ] 為部署設計一個回滾方案.
 
 
diff --git a/README-uk.md b/README-uk.md
index a26e3be..1e6f4ff 100644
--- a/README-uk.md
+++ b/README-uk.md
@@ -60,6 +60,8 @@
 - [ ] Аудит вашого дизайну і реалізації з охопленням модулів / інтеграційних тестів.
 - [ ] Використовуйте процес перевірки коду і ігноруйте самоокупність.
 - [ ] Переконайтеся, що всі компоненти ваших служб статично скануються за допомогою антивірусів перед відправкою на виробництво, включаючи бібліотеки постачальників та інші залежності.
+- [ ] Continuously run security tests (static/dynamic analysis) on your code.
+- [ ] Check your dependencies (both software and OS) for known vulnerabilities.
 - [ ] Створіть рішення відкату для розгортання.
 
 
diff --git a/README-vi.md b/README-vi.md
index ed7fd25..6aae45d 100644
--- a/README-vi.md
+++ b/README-vi.md
@@ -60,6 +60,8 @@ Những giải pháp an toàn và cách khắc phục khi thiết kế, kiểm t
 - [ ] Kiểm tra thiết kế và thực hiện đầy đủ việc test với unit/integration.
 - [ ] Áp dụng quy trình đánh giá code và bỏ qua việc tự phê duyệt.
 - [ ] Đảm bảo các thành phần của dịch vụ được quét với các anti virus trước khi đưa ra phiên bản production, bao gồm các thư viện và các gói khác.
+- [ ] Continuously run security tests (static/dynamic analysis) on your code.
+- [ ] Check your dependencies (both software and OS) for known vulnerabilities.
 - [ ] Thiết kế một giải pháp rollback cho việc triển khai.
 
 
diff --git a/README-zh.md b/README-zh.md
index 3043a34..447c9a2 100644
--- a/README-zh.md
+++ b/README-zh.md
@@ -60,6 +60,8 @@
 - [ ] 使用单元测试以及集成测试的覆盖率来保障你的设计和实现。
 - [ ] 引入代码审查流程，禁止私自合并代码。
 - [ ] 在推送到生产环境之前确保服务的所有组件都用杀毒软件静态地扫描过，包括第三方库和其它依赖。
+- [ ] Continuously run security tests (static/dynamic analysis) on your code.
+- [ ] Check your dependencies (both software and OS) for known vulnerabilities.
 - [ ] 为部署设计一个回滚方案。
 
 

From 1e56cf3dee7adc718cbb03778d09943401d29716 Mon Sep 17 00:00:00 2001
From: Caleb Mazalevskis <maikuolan@gmail.com>
Date: Sun, 24 Jul 2022 20:33:50 +0800
Subject: [PATCH 105/149] Partial sync.

Translation progress. (Please send PRs with corrections if you spot any
errors/typos/etc).
---
 README-ar.md    |  9 ++++++---
 README-de.md    |  5 ++++-
 README-el.md    |  5 ++++-
 README-es.md    |  4 +++-
 README-fa.md    |  5 ++++-
 README-fr.md    |  3 +++
 README-hi.md    | 15 +++++++++------
 README-id.md    |  5 ++++-
 README-it.md    |  3 +++
 README-ja.md    |  3 +++
 README-ko.md    |  3 +++
 README-lo.md    | 15 +++++++++------
 README-mk.md    |  5 ++++-
 README-ml.md    | 29 +++++++++++++++--------------
 README-mn.md    |  7 +++++--
 README-nl.md    |  3 +++
 README-pl.md    |  3 +++
 README-pt_BR.md |  3 +++
 README-ru.md    |  3 +++
 README-th.md    |  5 ++++-
 README-tr.md    |  3 +++
 README-tw.md    |  5 ++++-
 README-uk.md    |  3 +++
 README-vi.md    |  5 ++++-
 README-zh.md    |  3 +++
 README.md       |  6 +++---
 26 files changed, 115 insertions(+), 43 deletions(-)

diff --git a/README-ar.md b/README-ar.md
index a0052db..659e98a 100644
--- a/README-ar.md
+++ b/README-ar.md
@@ -16,9 +16,10 @@
 
 ### JSON Web Token) JWT)
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;استخدم مفتاح عشوائي ومعقد (`JWT Secret`) لتجعل هجوم التخمين بالقوة brute forcing صعبا جدا.
-- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;لا تقم باستخراج خوارزمية التشفير من محتوى رمز الـ JWT. قم بإجبار الرمز البرمجي على استخدام خوارزمية (`HS256` or `RS256`).
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;لا تقم باستخراج خوارزمية التشفير من محتوى رمز الـ JWT. قم بإجبار الرمز البرمجي على استخدام خوارزمية (`HS256` أو `RS256`).
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;اجعل مدة انتهاء الرمز (`TTL`, `RTTL`) قصيرة قدر الإمكان.
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;لا تقم بتخزين أي بيانات حساسة داخل محتوى رمز الـ JWT, لأنه يمكن كشف هذه المحتويات بسهولة [easily](https://jwt.io/#debugger-io).
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;تجنب تخزين الكثير من البيانات. عادةً ما تتم مشاركة JWT في الرؤوس ولديها حد للحجم.
 
 ### OAuth
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;تحقق دائما من `redirect_uri` في الرمز البرمجي للخادوم لتسمح فقط بقائمة محددة من الروابط.
@@ -30,13 +31,15 @@
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;حدد الطلبات (Throttling) لتتجنب هجوم حجب الخدمة DDoS وهجوم التخمين بالقوة brute-force.
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;استخدم HTTPS على الخادوم لتتجنب هجمات التنصت على الطلبات MITM (Man In The Middle Attack).
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;استخدم `HSTS` header مع الـ SSL لتتجنب هجمات الـ SSL Strip.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;قم بإيقاف تشغيل قوائم الدليل.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;بالنسبة لواجهات برمجة التطبيقات الخاصة، اسمح بالوصول فقط من عناوين IP والمضيفين المدرجين في القائمة البيضاء.
 
 ## الإدخال
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;استخدم الوسيلة المناسبة HTTP method حسب العملية التي تريد القيام بها : `GET (للقرائة)`, `POST (انتاج أو اضافة)`, `PUT/PATCH (لإستبدال او تحديث)`, and `DELETE (لحذف سجل)`, و قم بالرد بـ `405 Method Not Allowed` في حالة إذا كانت الوسيلة method غير مناسبة .
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;قم بالتحقق من `content-type` في رأس الطلب reuest header أو ما يسمى بـ (Content Negotiation) لتسمح فقط بالتنسيقات المدعومة (مثال `application/xml`, `application/json`, إلى آخره) وقم بالرد بـ `406 Not Acceptable` إذا كان التنسيق غير ذلك.
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;قم بالتحقق من `content-type` في محتوى الطلب نفسه posted data (مثال `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json`, إلى آخره).
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;قم بالتحقق من مدخلات المستخدم لتتجنب الثغرات الشائعة (مثال `XSS`, `SQL-Injection`, `Remote Code Execution`, إلى آخره).
-- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;لا تستخدم أي بيانات حساسة (`credentials`, `Passwords`, `security tokens`, or `API keys`) في الرابط ولكن استخدم الطريقة القياسية وهي رأس الطلب الخاص بالمصادقة Authorization header.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;لا تستخدم أي بيانات حساسة (`credentials`, `Passwords`, `security tokens`, أو `API keys`) في الرابط ولكن استخدم الطريقة القياسية وهي رأس الطلب الخاص بالمصادقة Authorization header.
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;استخدم واجهة للـ API لتستفيد من التخزين المؤقت caching وسياسات تحديد عدد الطلبات Rate Limit policies (مثال `الحصة Quota`, `التنبية في الارتفاع المفاجئ Spike Arrest`, `وتحديد عدد الطلبات المتزامنة Concurrent Rate Limit`)
 
 ## المعالجة
@@ -76,5 +79,5 @@
 ---
 
 # المشاركة
-لا تتردد في المساهمة عن طريق أخذ نسخة من هذه القائمة fork ، وإجراء بعض التغييرات، وتقديم طلبات المراجعة pull request. أي أسئلة الرجاء مراسلتنا على البريد الإلكتروني `team@shieldfy.io`.
+لا تتردد في المساهمة عن طريق أخذ نسخة من هذه القائمة fork، وإجراء بعض التغييرات، وتقديم طلبات المراجعة pull request. أي أسئلة الرجاء مراسلتنا على البريد الإلكتروني `team@shieldfy.io`.
 </div>
diff --git a/README-de.md b/README-de.md
index 014c3fa..1c84851 100644
--- a/README-de.md
+++ b/README-de.md
@@ -14,9 +14,10 @@ Checkliste für die wichtigsten Sicherheitsmaßnahmen beim Designen, Testen und
 
 ### JWT (JSON Web Token)
 - [ ] Verwende einen per Zufall generierten, komplizierten Schlüssel (`JWT Secret`), um Brute Force Attacken gegen diesen so schwer wie möglich zu machen.
-- [ ] Verwende den Algorithmus des Payloads ausschließlich über das Backend, sodass dieser geheim bleibt (`HS256` or `RS256`).
+- [ ] Verwende den Algorithmus des Payloads ausschließlich über das Backend, sodass dieser geheim bleibt (`HS256` oder `RS256`).
 - [ ] Lege einen möglichst kurzen Gültigkeitszeitraum für den Token fest (`TTL`, `RTTL`).
 - [ ] Speichere keine sensitiven Daten im JWT Payload, denn dieser kann [einfach entkodiert werden](https://jwt.io/#debugger-io).
+- [ ] Vermeiden zu viele Daten zu speichern. JWT wird normalerweise in Headern geteilt und hat eine Größenbeschränkung.
 
 ### OAuth
 - [ ] Überprüfe stets die `redirect_uri` serverseitig und erlaube nur URLs aus einer Whitelist.
@@ -28,6 +29,8 @@ Checkliste für die wichtigsten Sicherheitsmaßnahmen beim Designen, Testen und
 - [ ] Limitiere alle Requests (Throttling), um DDoS / Brute-Force Attacken zu verhindern.
 - [ ] Nutze HTTPS serverseitig, um MITM (Man In The Middle Attack) zu verhindern.
 - [ ] Setze `HSTS` (HTTP Strict Transport Security) im Header bei SSL, um SSLStrip Attacken zu verhindern.
+- [ ] Deaktivieren Verzeichniseinträge.
+- [ ] Erlauben für private APIs den Zugriff nur von IPs/Hosts auf der Whitelist.
 
 ## Input
 - [ ] Nutze für Requests die passenden HTTP Methoden: `GET (Lesen)`, `POST (Erzeugen)`, `PUT/PATCH (Ersetzen/Aktualisieren)`, and `DELETE (Datensatz löschen)`, und gib `405 Method Not Allowed`, wenn die angeforderte Methode nicht auf die Ressource passt.
diff --git a/README-el.md b/README-el.md
index 542bc5a..86a9565 100644
--- a/README-el.md
+++ b/README-el.md
@@ -14,9 +14,10 @@
 
 ### JWT (JSON Web Token)
 - [ ] Χρησιμοποιήστε τυχαίο περίπλοκο κλειδί (`JWT Secret`) για να γίνει αρκετά δύσκολο να αποκρυπτογραφηθεί με brute forcing.
-- [ ] Μη χρησιμοποιήτε/αφαιρήτε τον αλγόριθμο απο το payload. Ο αλγόριθμος πρέπει να πραγματοποιήτε στο backend (`HS256` or `RS256`).
+- [ ] Μη χρησιμοποιήτε/αφαιρήτε τον αλγόριθμο απο το payload. Ο αλγόριθμος πρέπει να πραγματοποιήτε στο backend (`HS256` ή `RS256`).
 - [ ] Κάντε το token να λήγει (token expiration) (`TTL`, `RTTL`) όσο πιο σύντομα γίνεται.
 - [ ] Μη καταχωρείτε ευαίσθητα δεδομένα στο JWT payload, μπορεί να αποκρυπτογραφηθεί εύκολα [easily](https://jwt.io/#debugger-io).
+- [ ] Αποφύγετε την αποθήκευση πάρα πολλών δεδομένων. JWT είναι συνήθως κοινόχρηστο σε headers και έχουν όριο μεγέθους.
 
 ### OAuth
 - [ ] Πάντα να επαληθεύετε το `redirect_uri` στο server-side και επιτρέπετε μόνο whitelisted URLs.
@@ -28,6 +29,8 @@
 - [ ] Περιορίστε τα αιτήματα (requests) (Throttling) για να αποφύγετε επιθέσεις DDoS / brute-force.
 - [ ] Χρησιμοποιήστε HTTPS στο server side για να αποφύγετε επιθέσεις MITM (Man in the Middle Attack).
 - [ ] Χρησιμοποιήστε `HSTS` κεφαλίδα (header) με SSL για να αποφύγετε SSL Strip επιθέσεις.
+- [ ] Απενεργοποιήστε τις καταχωρίσεις directory.
+- [ ] Για ιδιωτικά API, επιτρέπεται η πρόσβαση μόνο από IP/κεντρικούς στη λίστα επιτρεπόμενων.
 
 ## Είσοδος δεδομένων (Input)
 - [ ] Χρησιμοποιήστε την κατάλληλη HTTP μέθοδο σύμφωνα με τη λειτουργία που χρειάζεστε: `GET (read)`, `POST (create)`, `PUT/PATCH (replace/update)`, και `DELETE (για διαγραφή αρχείου)`, και απαντήστε με `405 Method Not Allowed` εάν η ζητούμενη μέθοδος δεν είναι κατάλληλη για την αιτούμενη εφαρμογή.
diff --git a/README-es.md b/README-es.md
index 46ca850..1d1accd 100644
--- a/README-es.md
+++ b/README-es.md
@@ -29,13 +29,15 @@ Lista de las contramedidas de seguridad más importantes en cuanto al diseño, t
 - [ ] Limita las peticiones (`Throttling`) para prevenir ataques DDoS y de fuerza bruta.
 - [ ] Usa HTTPS en el lado del servidor para evitar ataques MITM (Man In The Middle Attack).
 - [ ] Usa la cabecera `HSTS` con SSL para evitar SSL Strip attack.
+- [ ] Desactive las listados de directorios.
+- [ ] Para las API privadas, permita el acceso solo desde hosts/IP incluidos en la lista blanca.
 
 ## Entradas
 - [ ] Usa el método HTTP apropiado a cada operación: `GET (lectura)`, `POST (creación)`, `PUT/PATCH (reemplazo/actualización)`, y `DELETE (borrado)`, y responde con `405 Method Not Allowed` si el método en la petición no es apropiado para el recurso.
 - [ ] Valida el `content-type` en la cabecera `Accept` de las peticiones (Content Negotiation), para permitir sólo los formatos soportados (e.g. `application/xml`, `application/json`, etc) y responde con `406 Not Acceptable` si no hay coincidencias.
 - [ ] Valida el `content-type` de información enviada en base a la que aceptes (e.g. `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json`, etc).
 - [ ] Valida las entradas que realizan los usuarios para evitar ataques comunes (e.g. `XSS`, `SQL-Injection`, `Remote Code Execution`, etc).
-- [ ] No utilices información sensible (`credentials`, `Passwords`, `security tokens`, or `API keys`) en la URL, en su lugar usa la cabecera estándar `Authorization`.
+- [ ] No utilices información sensible (`credentials`, `Passwords`, `security tokens`, o `API keys`) en la URL, en su lugar usa la cabecera estándar `Authorization`.
 - [ ] Usa un servicio de API Gateway para permitir almacenamiento en caché (caching), límite de peticiones (Rate Limit), Spike Arrest y el despliegue de APIs dinámicamente.
 
 ## Procesamiento
diff --git a/README-fa.md b/README-fa.md
index cfe23e4..be9c24a 100644
--- a/README-fa.md
+++ b/README-fa.md
@@ -10,7 +10,7 @@
 ## احراز هویت
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;از `Basic Auth` یا همان `اصالت‌سنجی برای دسترسی‌های اولیه` استفاده نکن. به جای آن از روش‌های استاندارد احراز هویت استفاده کن (مثلا [JWT](https://jwt.io/) یا [OAuth](https://oauth.net/)).
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;برای کارهایی مثل `احراز هویت`، `تولید توکن` و `ذخیره پسوورد` چرخ را دوباره اختراع نکن. از استانداردها استفاده کن.
-- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;برای لاگین محدودیت‌های `تعداد ماکسیمم تلاش مجدد`  و تعداد دفعات ورود را قرار بده.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;برای لاگین محدودیت‌های `تعداد ماکسیمم تلاش مجدد` و تعداد دفعات ورود را قرار بده.
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;همه‌ی داده‌های حساس را رمزگذاری کن.
 
 ### JWT (JSON Web Token)
@@ -18,6 +18,7 @@
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;الگوریتم را از هدر استخراج نکن. در بک‌اند الگوریتم را تحمیل کن (`HS256` یا `RS256`).
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;انقضای توکن (`TTL` یا `RTTL`) را تا حد ممکن کوتاه کن.
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;اطلاعات حساس را در پی‌لود JWT ذخیره نکن چون [به راحتی](https://jwt.io/#debugger-io) قابل رمزگشایی است.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;از ذخیره بیش از حد داده ها خودداری کنید. JWT معمولاً در هدر به اشتراک گذاشته می شود و محدودیت اندازه دارند.
 
 ### OAuth
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;همیشه `redirect_uri` را در سمت سرور اعتبارسنجی کن تا تنها به URLهای مجاز اجازه داده شود.
@@ -29,6 +30,8 @@
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;رکوئست‌ها را محدود کن (Throttling) تا از حملات DDos یا بروت‌فورس جلوگیری شود.
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;در سمت سرور از HTTPS استفاده کن تا از حملات مرد میانی جلوگیری شود.
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;از هدر `HSTS` استفاده کن تا از حمله‌ی SSL Strip جلوگیری شود.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;لیست های دایرکتوری را خاموش کنید.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;برای APIهای خصوصی، فقط از IPها/میزبانهای لیست سفید اجازه دسترسی داشته باشید.
 
 ## ورودی
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;از متد HTTP مناسب با توجه به نوع عملیات استفاده کن: `GET` برای خواندن، `POST` برای ایجاد کردن، `PUT/PATCH` برای جایگزین یا بروزرسانی و `DELETE` برای حذف یک رکورد، و در صورتیکه متد درخواستی برای منبع درخواست‌شده مناسب نیست با `405 Method Not Allowed` پاسخ بده.
diff --git a/README-fr.md b/README-fr.md
index 4c623bd..9e71a0e 100644
--- a/README-fr.md
+++ b/README-fr.md
@@ -17,6 +17,7 @@ Checklist des points de sécurité les plus importants lors de la conception, du
 - [ ] Ne pas extraire l'algorithme du payload. Imposer l'algorithme côté serveur (`HS256` ou `RS256`).
 - [ ] Rendre la durée de vie des tokens (`TTL`, `RTTL`) aussi courte que possible.
 - [ ] Ne pas stocker des informations sensibles du payload JWT, son décryptage est très [simple](https://jwt.io/#debugger-io).
+- [ ] Éviter de stocker trop de données. JWT est généralement partagé dans les en-têtes et ils ont une limite de taille.
 
 ### OAuth
 - [ ] Toujours valider la redirection d'uri (`redirect_uri`) côté serveur afin d'accéder uniquement aux URLs autorisées.
@@ -28,6 +29,8 @@ Checklist des points de sécurité les plus importants lors de la conception, du
 - [ ] Limiter le nombre de requêtes (limitation de bande passante) pour éviter les dénis de service et les attaques par force brute.
 - [ ] Utiliser le protocole HTTPS côté serveur afin d'éviter les attaques de l'homme du milieu (MITM).
 - [ ] Utiliser les entêtes `HSTS` avec SSL pour éviter les attaques SSL Strip.
+- [ ] Désactiver les listes du répertoires.
+- [ ] Pour les API privées, n'autorisez l'accès qu'à partir d'adresses IP/hôtes sur liste blanche.
 
 ## Entrées
 - [ ] Utiliser la bonne méthode en fonction de l'opération, `GET (lire)`, `POST (créer)`, `PUT (remplacer/mettre à jour)` et `DELETE (pour supprimer un enregistrement)`.
diff --git a/README-hi.md b/README-hi.md
index a9d2354..5c96ced 100644
--- a/README-hi.md
+++ b/README-hi.md
@@ -1,7 +1,7 @@
 [English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [فارسی](./README-fa.md) | [മലയാളം](./README-ml.md)
 
 # API सुरक्षा जांच-सूची
-अपने एपीआई को डिजाइन करने, परीक्षण करने और जारी करने के दौरान सबसे महत्वपूर्ण सुरक्षा प्रतिवाद की जांच सूची|
+अपने API को डिजाइन करने, परीक्षण करने और जारी करने के दौरान सबसे महत्वपूर्ण सुरक्षा प्रतिवाद की जांच सूची|
 
 
 ---
@@ -12,22 +12,25 @@
 - [ ] लॉग इन में `मैक्स पुन: प्रयास` और `जेल` सुविधाओं का उपयोग करें।
 - [ ] सभी संवेदनशील डेटा पर एन्क्रिप्शन का उपयोग करें।
 
-## JWT (JSON वेब टोकन)
+### JWT (JSON वेब टोकन)
 - [ ] एक यादृच्छिक जटिल कुंजी (`JWT सीक्रेट`) का प्रयोग करें ताकि brute force करने के लिए टोकन बहुत कठिन हो।
 - [ ] पेलोड से एल्गोरिदम न निकालें। बैकएण्ड (`HS256` या `RS256`) में एल्गोरिथम को बल दें।
 - [ ] टोकन की समाप्ति (`टीटीएल`, `आरटीटीएल`) को यथासंभव कम करें।
 - [ ] JWT पेलोड में संवेदनशील डेटा को संचित न करें, इसे [आसानी](https://jwt.io/#debugger-io) से डिकोड किया जा सकता है।
+- [ ] ज्यादा डाटा स्टोर करने से बचें। JWT को आमतौर पर headers में साझा किया जाता है और उनकी एक आकार सीमा होती है।
 
-## OAuth
+### OAuth
 - [ ] केवल व्हाइटलिस्ट किए गए URL को अनुमति देने के लिए हमेशा `redirect_uri` सर्वर-पक्ष को मान्य करें।
 - [ ] हमेशा कोड के लिए आदान-प्रदान करने की कोशिश नहीं करें और टोकन न दें (`response_type=token` की अनुमति न दें)
 - [ ] OAuth प्रमाणीकरण प्रक्रिया पर CSRF को रोकने के लिए एक यादृच्छिक हैश के साथ `state` पैरामीटर का उपयोग करें।
 - [ ] डिफ़ॉल्ट स्कोप को परिभाषित करें, और प्रत्येक एप्लिकेशन के लिए स्कोप मापदंडों को मान्य करें।
 
 ## Access
-- [ ] DDOS / ब्रूट-फॉरेस्ट हमलों से बचने के लिए सीमा अनुरोध (थ्रोटलिंग)
+- [ ] DDOS / ब्रूट-फॉरेस्ट हमलों से बचने के लिए सीमा अनुरोध (थ्रोटलिंग)।
 - [ ] MITM (मैन इन द मिडल अटैक) से बचने के लिए सर्वर साइड पर HTTPS का उपयोग करें।
-- [ ] SSL strip हमले से बचने के लिए SSL के साथ HSTS हैडर का उपयोग करें
+- [ ] SSL strip हमले से बचने के लिए SSL के साथ HSTS हैडर का उपयोग करें।
+- [ ] निर्देशिका लिस्टिंग बंद करें।
+- [ ] निजी API के लिए, केवल श्वेतसूची वाले IP/होस्ट से ही एक्सेस की अनुमति दें।
 
 ## Input
 - [ ] ऑपरेशन के अनुसार उचित HTTP विधि का प्रयोग करें: अनुरोधित विधि है, अगर `GET (पढ़ें)`, `पोस्ट (बनाएं)`, `पुट / पैच (प्रतिस्थापित / अद्यतन)`, और `हटाएं (रिकॉर्ड को हटाने के लिए)`, और `405 Method Not Allowed` के साथ प्रतिक्रिया न दें अनुरोधित संसाधन के लिए उचित नहीं है
@@ -35,7 +38,7 @@
 - [ ] जैसा कि आप स्वीकार करते हैं, उतनी ही पोस्ट की गई `content-type` की पुष्टि करें (जैसे `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json`, इत्यादि)।
 - [ ] सामान्य कमजोरियों (जैसे `XSS`, `SQL-Injection`, `Remote Code Execution`, आदि) से बचने के लिए उपयोगकर्ता इनपुट मान्य करें।
 - [ ] URL में किसी भी संवेदनशील डेटा (`credentials`, `Passwords`, `security tokens`, या `API keys`) का उपयोग न करें, लेकिन मानक प्राधिकरण शीर्ष लेख का उपयोग करें।
-- [ ] कैशिंग, दर सीमा नीतियों (`Quota`, `Spike Arrest`, `Concurrent Rate Limit`) को सक्षम करने के लिए एपीआई गेटवे सेवा का उपयोग करें और गतिशील रूप से API संसाधनों की तैनाती करें।
+- [ ] कैशिंग, दर सीमा नीतियों (`Quota`, `Spike Arrest`, `Concurrent Rate Limit`) को सक्षम करने के लिए API गेटवे सेवा का उपयोग करें और गतिशील रूप से API संसाधनों की तैनाती करें।
 
 ## Processing
 - [ ] जांचें कि क्या सभी समापन बिंदुओं को टूटा प्रमाणीकरण प्रक्रिया से बचने के लिए प्रमाणीकरण के पीछे सुरक्षित किया गया है या नहीं।
diff --git a/README-id.md b/README-id.md
index 6911c05..0b60a23 100644
--- a/README-id.md
+++ b/README-id.md
@@ -14,9 +14,10 @@ Checklist penanggulangan keamanan yang paling penting ketika merancang, menguji,
 
 ### JWT (JSON Web Token)
 - [ ] Gunakan kunci acak yang rumit (`JWT Secret`) untuk membuat proses pemecahan token secara paksa menjadi sangat susah.
-- [ ] Jangan gunakan algoritma yang berasal dari muatan yang dikirim oleh pengguna. Paksa penggunaan algoritma di sisi peladen (`HS256` or `RS256`).
+- [ ] Jangan gunakan algoritma yang berasal dari muatan yang dikirim oleh pengguna. Paksa penggunaan algoritma di sisi peladen (`HS256` atau `RS256`).
 - [ ] Gunakan masa tenggat token (`TTL`, `RTTL`) yang sesingkat mungkin.
 - [ ] Jangan simpan data sensitif pada muatan JWT karena muatan JWT dapat diterjemahkan [dengan mudah](https://jwt.io/#debugger-io).
+- [ ] Hindari menyimpan terlalu banyak data. JWT biasanya dibagikan di header dan mereka memiliki batas ukuran.
 
 ### OAuth
 - [ ] Selalu validasi `redirect_uri` di sisi peladen sehingga hanya URL-URL yang ada di dalam daftar putih yang boleh digunakan.
@@ -28,6 +29,8 @@ Checklist penanggulangan keamanan yang paling penting ketika merancang, menguji,
 - [ ] Batasi permintaan (_throttling_) di sisi peladen untuk menghindari serangan yang dapat melumpukan sistem (Contoh: DDoS, serangan paksa).
 - [ ] Gunakan HTTPS di sisi peladen untuk menghindari serangan pencegatan / MItM (Man In The Middle Attack).
 - [ ] Gunakan tajuk `HSTS` pada SSL untuk mencegah serangan SSL Strip.
+- [ ] Matikan daftar direktori.
+- [ ] Untuk API pribadi, izinkan akses hanya dari IP/host yang masuk daftar putih.
 
 ## Masuk
 - [ ] Gunakan metode HTTP yang sesuai dengan operasi yang digunakan, `GET untuk membaca catatan`, `POST untuk membuat catatan baru`, `PUT/PATCH untuk mengganti secara keseluruhan/mengubah sebagian catatan`, `DELETE untuk menghapus catatan` dan tanggapan `405 Method Not Allowed` jika metode permintaan tidak dikenali pada sumber daya.
diff --git a/README-it.md b/README-it.md
index 956f739..08592f3 100644
--- a/README-it.md
+++ b/README-it.md
@@ -17,6 +17,7 @@ Una checklist per le più importanti contromisure da mettere in pratica quando s
 - [ ] Non ricavare l'algoritmo dal payload. Forzare l'algoritmo nel backend (`HS256` o `RS256`).
 - [ ] Rendere la scadenza del token (`TTL`, `RTTL`) il più breve possibile.
 - [ ] Non memorizzare dati sensibili nel payload JWT, può essere decodificato [facilmente](https://jwt.io/#debugger-io).
+- [ ] Evita di archiviare troppi dati. JWT è solitamente condiviso nelle header e hanno un limite di dimensioni.
 
 ### OAuth
 - [ ] Validare sempre il valore di `redirect_uri` lato server permettendo solo url verificati nella whitelist.
@@ -28,6 +29,8 @@ Una checklist per le più importanti contromisure da mettere in pratica quando s
 - [ ] Limitare le richieste (Throttling) per evitare attacchi DDoS o brute-force.
 - [ ] Utilizzare il protocollo HTTPS per evitare attacchi MITM (Man In The Middle Attack).
 - [ ] Utilizzare l'header `HSTS` per evitare attacchi SSL Strip.
+- [ ] Disattiva gli elenchi di directory.
+- [ ] Per le API private, consenti l'accesso solo da IP/host nella whitelist (lista bianca).
 
 ## Input
 - [ ] Utilizzare il metodo HTTP appropriato in base all'azione: `GET (lettura)`, `POST (scrittura)`, `PUT/PATCH (sostituzione/modifica)`, e `DELETE (cancellazione)`, e rispondere con uno status `405 Method Not Allowed` se il metodo della richiesta non è appropriato.
diff --git a/README-ja.md b/README-ja.md
index 3dcd17f..5144b51 100644
--- a/README-ja.md
+++ b/README-ja.md
@@ -17,6 +17,7 @@ APIを設計、テスト、リリースするときの最も重要なセキュ
 - [ ] ペイロードからアルゴリズムを抽出しないこと。アルゴリズムは必ずバックエンド処理のみとする（`HS256`または`RS256`）。
 - [ ] トークンの有効期限（`TTL`, `RTTL`）を可能な限り短くする。
 - [ ] JWTのペイロードに機密情報を格納してはいけない。それは[簡単に](https://jwt.io/#debugger-io)復号できる。
+- [ ] あまり多くのデータを保存するに避けるください。JWTは通常header「ヘッダー」に共有され、サイズ制限があります。
 
 ### OAuth
 - [ ] サーバサイドで常に`redirect_uri`を検証し、ホワイトリストに含まれるURLのみを許可する。
@@ -28,6 +29,8 @@ APIを設計、テスト、リリースするときの最も重要なセキュ
 - [ ] DDoSやブルートフォース攻撃を回避するため、リクエストを制限（スロットリング）する。
 - [ ] MITM（Man in the Middle Attack）を防ぐため、サーバサイドではHTTPSを使用する。
 - [ ] SSL Strip attackを防ぐため、SSL化とともに`HSTS`ヘッダを設定する。
+- [ ] ディレクトリ・リストをオフにしてください。
+- [ ] プライベートAPIの場合、ホワイト・リストに登録されたIP/ホストからのアクセスのみを許可します。
 
 ## 入力
 - [ ] 操作に応じて適切なHTTPメソッドを利用する。`GET（読み込み）`, `POST（作成）`, `PUT/PATCH（置き換え/更新）`, `DELETE（単一レコードの削除）`。リクエストメソッドがリソースに対して適切ではない場合、`405 Method Not Allowed`を返す。
diff --git a/README-ko.md b/README-ko.md
index 60c08f9..e2065b0 100644
--- a/README-ko.md
+++ b/README-ko.md
@@ -17,6 +17,7 @@ API를 설계하고, 테스트하고, 배포할 때 고려해야 할 중요한 
 - [ ] 요청 페이로드에서 알고리즘을 가져오지 마세요. 알고리즘은 백엔드에서 강제로 적용하세요. (`HS256` 혹은 `RS256`)
 - [ ] 토큰 만료 기간 (`TTL`, `RTTL`)은 되도록 짧게 설정하세요.
 - [ ] JWT 페이로드는 [디코딩이 쉽기](https://jwt.io/#debugger-io) 때문에 민감한 데이터는 저장하지 마세요.
+- [ ] 너무 많은 데이터를 저장하지 마십시오. JWT는 일반적으로 header서 공유되며 크기 제한이 있습니다.
 
 ### OAuth
 - [ ] 허용된 URL만 받기 위해서는 서버 단에서 `redirect_uri`의 유효성을 항상 검증하세요.
@@ -28,6 +29,8 @@ API를 설계하고, 테스트하고, 배포할 때 고려해야 할 중요한 
 - [ ] DDoS나 무작위 대입 공격을 피하려면 요청 수를 제한하세요. (Throttling)
 - [ ] MITM (중간자 공격)을 피하려면 서버 단에서 HTTPS를 사용하세요.
 - [ ] SSL Strip 공격을 피하려면 `HSTS` 헤더를 SSL과 함께 사용하세요.
+- [ ] 디렉토리 목록을 끕니다.
+- [ ] 프라이빗 API의 경우, 화이트리스트에 있는 IP/호스트에서만 액세스를 허용합니다.
 
 ## 입력 및 요청 (Input)
 - [ ] 각 요청의 연산에 맞는 적절한 HTTP 메서드를 사용하세요. `GET (읽기)`, `POST (생성)`, `PUT (대체/갱신)`, `DELETE (삭제)`. 그리고 요청 메소드가 리소스에 적합하지 않은 경우 `405 Method Not Allowed`로 응답하세요.
diff --git a/README-lo.md b/README-lo.md
index 1bc1b31..bf680d0 100644
--- a/README-lo.md
+++ b/README-lo.md
@@ -7,7 +7,7 @@ Checklist ທີ່ຕ້ອງໃຫ້ຄວາມສຳຄັນເມື່
 ---
 
 ## Authentication (ການພິສູດຕົວຕົນ)
-- [ ] ບໍ່ຄວນໃຊ້ `Basic Auth` (ການ authen ປົກກະຕິດ້ວຍ username password) ສຳລັບການພິສູດຕົວຕົນ ແຕ່ໃຫ້ໃຊ້ຮູບແບບມາດຕະຖານສາກົນແທນ(e.g. JWT, OAuth).
+- [ ] ບໍ່ຄວນໃຊ້ `Basic Auth` (ການ authen ປົກກະຕິດ້ວຍ username password) ສຳລັບການພິສູດຕົວຕົນ ແຕ່ໃຫ້ໃຊ້ຮູບແບບມາດຕະຖານສາກົນແທນ(ຕົວຢ່າງ, JWT, OAuth).
 - [ ] ບໍ່ຕ້ອງເສຍເວລາສ້າງວິທີ Authentication ໃໝ່ຂຶ້ນມາ ໃຫ້ໃຊ້ທີ່ມີຢູ່ໃນມາດຕະຖານໄປເລີຍ.
 - [ ] ໃຫ້ມີການຈຳກັດຈຳນວນຄັ້ງໃນການພະຍາຍາມ authen ແລະ ສ້າງລະບົບລ໋ອກກໍລະນີພະຍາຍາມເກີນກຳນົດ.
 - [ ] ຂໍ້ມູນທີ່ສຳຄັນຄວນມີການເຂົ້າລະຫັດສະເໝີ.
@@ -17,6 +17,7 @@ Checklist ທີ່ຕ້ອງໃຫ້ຄວາມສຳຄັນເມື່
 - [ ] ບໍ່ຄວນມີການແກະຂໍ້ມູນ ຫຼື ຂັ້ນຕອນການຖອດຂໍ້ມູນໃນຝັ່ງ client. ໃຫ້ມີສະເພາະໃນ server ເທົ່ານັ້ນ ໂດຍອາດໃຊ້ວິທີເຂົ້າລະຫັດດ້ວຍ HS256 ຫຼື RS256 ແທນ.
 - [ ] ພະຍາຍາມໃຫ້ token ໝົດອາຍຸໄວທີ່ສຸດເທົ່າທີ່ຈະເປັນໄປໄດ້ (`TTL`, `RTTL`).
 - [ ] ບໍ່ຄວນເກັບຂໍ້ມູນທີ່ສຳຄັນໃນ payload ຂອງ JWT ເພາະອາດຈະຖືກແກະໄດ້ [ງ່າຍ](https://jwt.io/#debugger-io).
+- [ ] ຫຼີກເວັ້ນການເກັບຮັກສາຂໍ້ມູນຫຼາຍເກີນໄປ. JWT ມັກຈະຖືກແບ່ງປັນໃນ headers ແລະພວກເຂົາມີຂອບເຂດຈໍາກັດ.
 
 ### OAuth
 - [ ] ມີການ validate `redirect_uri` ໃນຝັ່ງ server ໂດຍຍອມຮັບ uri ສະເພາະທີ່ມີຢູ່ໃນລີສທີ່ເຮົາເຊື່ອຖືເທົ່ານັ້ນ (whitelist).
@@ -28,13 +29,15 @@ Checklist ທີ່ຕ້ອງໃຫ້ຄວາມສຳຄັນເມື່
 - [ ] ຈຳກັດຈຳນວນສູງສຸດຂອງ request ເພື່ອປ້ອງກັນ DDoS / Bruteforce.
 - [ ] ໃຊ້ https ເພື່ອປ້ອງກັນ MITM (Man In The Middle Attack).
 - [ ] ໃຊ້ `HSTS` header ກັບ SSL ເພື່ອປ້ອງກັນ SSL Strip attack.
+- [ ] ປິດລາຍຊື່ໄດເລກະທໍລີ.
+- [ ] ສໍາລັບ APIs ສ່ວນຕົວ, ອະນຸຍາດໃຫ້ເຂົ້າເຖິງພຽງແຕ່ຈາກ IPs/hosts ບັນຊີຂາວເທົ່ານັ້ນ.
 
 ## Input
 - [ ] ໃຊ້ຄຳສັ່ງ HTTP ຕາມ operation ທີ່ເຮັດ ເຊັ່ນ `GET (read)`, `POST (create)`, `PUT/PATCH (replace/update)` and `DELETE (to delete a record)` ແລະ ສົ່ງກັບດ້ວຍ `405 Method Not Allowed` ຖ້າບໍ່ມີການຮອງຮັບ request ດ້ວຍ method ນັ້ນໃນລະບົບ.
-- [ ] Validate `content-type` ໃນ header ຂາ request (Content Negotiation) ໂດຍຍອມໃຫ້ສົ່ງມາສະເພາະ format ທີ່ກຳນົດ (e.g. `application/xml`, `application/json` ... ໆລໆ) ແລະ ຕອບກັບດ້ວຍ `406 Not Acceptable` ຖ້າ format ທີ່ສົ່ງມາບໍ່ຖືກ.
-- [ ] Validate `content-type` ຂອງ data ທີ່ຮັບມາທຸກຄັ້ງ(e.g. `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json` ... ໆລໆ).
-- [ ] Validate ຂໍ້ມູນ user ໃສ່ເຂົ້າມາທຸກຄັ້ງເພື່ອປ້ອງກັນຊ່ອງໂຫວ່ທີ່ຖືກກັນຫຼາຍໆ (e.g. `XSS`, `SQL-Injection`, `Remote Code Execution` ... ໆລໆ).
-- [ ] ຫ້າມເອົາຂໍ້ມູນທີ່ສຳຄັນໄປໄວ້ໃນ URL (ເຊັ່ນ /servicexxx?creditcardnum=1234) ແຕ່ໃຫ້ໄປໃສ່ໄວ້ໃນ authorization header ແທນ (`credentials`, `Passwords`, `security tokens`, or `API keys`).
+- [ ] Validate `content-type` ໃນ header ຂາ request (Content Negotiation) ໂດຍຍອມໃຫ້ສົ່ງມາສະເພາະ format ທີ່ກຳນົດ (ຕົວຢ່າງ, `application/xml`, `application/json` ... ໆລໆ) ແລະ ຕອບກັບດ້ວຍ `406 Not Acceptable` ຖ້າ format ທີ່ສົ່ງມາບໍ່ຖືກ.
+- [ ] Validate `content-type` ຂອງ data ທີ່ຮັບມາທຸກຄັ້ງ(ຕົວຢ່າງ, `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json` ... ໆລໆ).
+- [ ] Validate ຂໍ້ມູນ user ໃສ່ເຂົ້າມາທຸກຄັ້ງເພື່ອປ້ອງກັນຊ່ອງໂຫວ່ທີ່ຖືກກັນຫຼາຍໆ (ຕົວຢ່າງ, `XSS`, `SQL-Injection`, `Remote Code Execution` ... ໆລໆ).
+- [ ] ຫ້າມເອົາຂໍ້ມູນທີ່ສຳຄັນໄປໄວ້ໃນ URL (ເຊັ່ນ /servicexxx?creditcardnum=1234) ແຕ່ໃຫ້ໄປໃສ່ໄວ້ໃນ authorization header ແທນ (`credentials`, `Passwords`, `security tokens`, ຫຼື `API keys`).
 - [ ] ເຮັດ API Gateway ເພື່ອໃຫ້ສາມາດເຮັດ caching, Rate Limit, Spike Arrest, ແລະ ຈັດການຊັບພະຍາກອນສຳລັບ API ໄດ້ຢ່າງຍືດຍຸ່ນ.
 
 ## Processing
@@ -54,7 +57,7 @@ Checklist ທີ່ຕ້ອງໃຫ້ຄວາມສຳຄັນເມື່
 - [ ] ເອົາ fingerprinting headers ອອກ - `X-Powered-By`, `Server`, `X-AspNet-Version` ໆລໆ.
 - [ ] ກຳນົດ content-type ໃນ response ເຊັ່ນຖ້າຕ້ອງການຂໍ້ມູນທີ່ເປັນ json ກັບໄປ ກໍເຊັດ `content-type` ເປັນ `application/json` ໄປເລີຍ.
 - [ ] ບໍ່ຕ້ອງສົ່ງຂໍ້ມູນສຳຄັນກັບໄປຫາ client (`credentials`, `Passwords`, `security tokens`).
-- [ ] ຕອບ status code ທີ່ກົງກັບ operation ກັບໄປ (e.g. `200 OK`, `400 Bad Request`, `401 Unauthorized`, `405 Method Not Allowed` ... ໆລໆ).
+- [ ] ຕອບ status code ທີ່ກົງກັບ operation ກັບໄປ (ຕົວຢ່າງ, `200 OK`, `400 Bad Request`, `401 Unauthorized`, `405 Method Not Allowed` ... ໆລໆ).
 
 ## CI & CD
 - [ ] ກວດສອບ design ກັບ implementation ໃນຂັ້ນ unit/integration test ຢ່າງຄອບຄຸມ.
diff --git a/README-mk.md b/README-mk.md
index f68bc4e..dd4442a 100644
--- a/README-mk.md
+++ b/README-mk.md
@@ -14,9 +14,10 @@
 
 ### JWT (JSON Web Token)
 - [ ] Користете случајно генериран и комплициран клуч (`JWT Secret`) за да направите што можно потешко погодување на токенот со испробување на секоја можна комбинација.
-- [ ] Don't extract the algorithm from the payload. Force the algorithm in the backend (`HS256` or `RS256`).
+- [ ] Не го извлекувајте алгоритмот од носивост. Присилете го алгоритмот во задниот дел (`HS256` или `RS256`).
 - [ ] Направете токенот да истече (`TTL`, `RTTL`) што е можно побрзо.
 - [ ] Не чувајте чувствителни податоци во JWR payload, може да се декодира [лесно](https://jwt.io/#debugger-io).
+- [ ] Избегнувајте да складирате премногу податоци. JWT обично се дели во header и тие имаат ограничување на големината.
 
 ### OAuth
 - [ ] Секогаш проверувајте ја `redirect_uri` од страна на серверот за да дозволите само бела листа на адреси.
@@ -28,6 +29,8 @@
 - [ ] Ограничете ги барањата (забавување) за да избегнете напади DDoS / brute-force.
 - [ ] Користете HTTPS на страната на серверот за да избегнете MITM (Man In The Middle Attack).
 - [ ] Користете `HSTS` насловот со SSL за да избегнете SSL Strip напад.
+- [ ] Исклучете ги списоците на директориуми.
+- [ ] За приватни API, дозволете пристап само од IP-а/домаќини на белата листа.
 
 ## Влез
 - [ ] Користете ја соодветната HTTP-метод според операцијата: "GET (read)", "POST (создади)", "PUT / PATCH (замени / ажурирај)" и "DELETE (за бришење на запис) 405 Метод не е дозволено` ако бараниот метод не е соодветен за бараниот ресурс.
diff --git a/README-ml.md b/README-ml.md
index 7bfd43d..6544f27 100644
--- a/README-ml.md
+++ b/README-ml.md
@@ -17,52 +17,53 @@
 - [ ] ഹെയ്ഡറിൽ നിന്ന് അൽഗോരിതം വേര്തിരിച്ചെടുക്കരുത്. അൽഗോരിതത്തെ ബെക്കൻഡിൽ തന്നെ നിലനിർത്തുക (`HS256` അല്ലെങ്കിൽ `RS256`).
 - [ ] ടോക്കൺ കാലഹരണപ്പെടൽ (` TTL`, `RTTL`) കഴിയുന്നത്ര ചെറുതാക്കുക.
 - [ ] സെൻസിറ്റീവ് ഡാറ്റ JWT പേലോഡിൽ സൂക്ഷിക്കരുത്, അത് [എളുപ്പത്തിൽ](https://jwt.io/#debugger-io) ഡീകോഡ് ചെയ്യാം .
+- [ ] വളരെയധികം ഡാറ്റ സൂക്ഷിക്കുന്നത് ഒഴിവാക്കുക. JWT സാധാരണയായി headerകളിൽ പങ്കിടുന്നു, അവയ്‌ക്ക് വലുപ്പ പരിധിയുണ്ട്.
 
-## OAuth
-- [ ] വൈറ്റ്‌ലിസ്റ്റ് ചെയ്‌ത URL-കൾ മാത്രം അനുവദിക്കുന്നതിന് എല്ലായ്‌പ്പോഴും `redirect_uri` സെർവർ സൈഡ് സാധൂകരിക്കുക .
-- [ ] `redirect_uri` എല്ലായിപ്പോഴും സെർവർ സൈഡ് വാലിഡേറ്റ് ചെയ്ത് വൈറ്റ്‌ലിസ്റ്റ് ചെയ്‌ത URL-കൾ മാത്രം അനുവദിക്കുക.
-- [ ] എപ്പോഴും  ടോക്കണുകൾ കൈമാറാതെ പകരം കോഡുകൾ കൈമാറാൻ ശ്രമിക്കുക  (`response_type=token` അനുവദിക്കരുത്)
-- [ ] `state` പരാമീറ്ററിനോടൊപ്പം ഒരു റാൻഡം ഹാഷ് ഉപയോഗിച്ച് OAuth ഓതെന്റിക്കേഷൻ പ്രോസസ്സിലെ  `CSRF` തടയാനാവും.
+### OAuth
+- [ ] വൈറ്റ്‌ലിസ്റ്റ് ചെയ്‌ത URL-കൾ മാത്രം അനുവദിക്കുന്നതിന് സെർവർ സൈഡിൽ എല്ലായ്‌പ്പോഴും `redirect_uri` സാധൂകരിക്കുക.
+- [ ] എപ്പോഴും ടോക്കണുകൾ കൈമാറാതെ പകരം കോഡുകൾ കൈമാറാൻ ശ്രമിക്കുക (`response_type=token` അനുവദിക്കരുത്).
+- [ ] `state` പരാമീറ്ററിനോടൊപ്പം ഒരു റാൻഡം ഹാഷ് ഉപയോഗിച്ച് OAuth ഓതെന്റിക്കേഷൻ പ്രോസസ്സിലെ `CSRF` തടയാനാവും.
 - [ ] ഓരോ ആപ്ലിക്കേഷനും ഡിഫോൾട്ട് സ്കോപ്പ് നിർവചിക്കുകയും സ്കോപ്പ് പാരാമീറ്ററുകൾ സാധൂകരിക്കുകയും ചെയ്യുക.
 
 ## ആക്സസ്
 - [ ] DDoS / ബ്രൂട്ട്-ഫോഴ്സ് ആക്രമണങ്ങൾ ഒഴിവാക്കാൻ റിക്വറ്റുകൾ (ത്രോട്ടിലിംഗ്) പരിമിതപ്പെടുത്തുക.
 - [ ] MITM (മാൻ ഇൻ ദ മിഡിൽ അറ്റാക്ക്) ഒഴിവാക്കാൻ സെർവർ സൈഡിൽ HTTPS ഉപയോഗിക്കുക.
-- [ ] SSL സ്ട്രിപ്പ് ആക്രമണം ഒഴിവാക്കാൻ SSL-നൊപ്പം `HSTS` ഹെഡർ ഉപയോഗിക്കുക .
+- [ ] SSL സ്ട്രിപ്പ് ആക്രമണം ഒഴിവാക്കാൻ SSL-നൊപ്പം `HSTS` ഹെഡർ ഉപയോഗിക്കുക.
+- [ ] ഡയറക്ടറി ലിസ്റ്റിംഗുകൾ ഓഫാക്കുക.
 - [ ] സ്വകാര്യ API-കൾക്കായി, വൈറ്റ്‌ലിസ്റ്റ് ചെയ്‌ത IP-കൾ/ഹോസ്റ്റുകളിൽ നിന്ന് മാത്രം ആക്‌സസ് അനുവദിക്കുക.
 
 ## ഇൻപുട്ട്
 - [ ] പ്രവർത്തനത്തിനനുസരിച്ച് ശരിയായ HTTP രീതി ഉപയോഗിക്കുക: `GET (read)`, `POST (create)`, `PUT/PATCH (replace/update)`, and `DELETE (to delete a record)`, അഭ്യർത്ഥിച്ച ഉറവിടത്തിന് അഭ്യർത്ഥിച്ച രീതി അനുയോജ്യമല്ലെങ്കിൽ `405 Method Not Allowed` എന്ന് പ്രതികരിക്കുക.
-- [ ] Accept ഹെഡ്‍ർ (കണ്ടെന്റ്  നെഗോഷിയേഷൻ) അവശ്യപെടുന്നതിനനുസരിച്ചു `content-type` വാലിഡേറ്റ് ചെയ്യുകയും സപ്പോർട്ട് ചെയ്യുന്ന ഫോർമാറ്റുകൾ മാത്രം അനുവദിക്കുകയും (ഉദാ. `application/xml`, `application/json`, മുതലായവ) പൊരുത്തപ്പെടുന്നില്ലെങ്കിൽ `406 Not Acceptable` എന്ന റെസ്പോൻഡ്‌സ് ഉപയോഗിച്ച് പ്രതികരിക്കുകയും ചെയ്യുക.
+- [ ] Accept ഹെഡ്‍ർ (കണ്ടെന്റ് നെഗോഷിയേഷൻ) അവശ്യപെടുന്നതിനനുസരിച്ചു `content-type` വാലിഡേറ്റ് ചെയ്യുകയും സപ്പോർട്ട് ചെയ്യുന്ന ഫോർമാറ്റുകൾ മാത്രം അനുവദിക്കുകയും (ഉദാ. `application/xml`, `application/json`, മുതലായവ) പൊരുത്തപ്പെടുന്നില്ലെങ്കിൽ `406 Not Acceptable` എന്ന റെസ്പോൻഡ്‌സ് ഉപയോഗിച്ച് പ്രതികരിക്കുകയും ചെയ്യുക.
 - [ ] പോസ്റ്റ് ചെയ്‌ത ടാറ്റായുടെ `content-type` നിങ്ങൾ അനുവദിക്കുന്നതതിനനുസരിച് വാലിഡേറ്റ് ചെയ്യുക. (ഉദാ: `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json`, മുതലായവ).
 - [ ] പൊതുവായ വൾനറബിലിറ്റികൾ ഒഴിവാക്കാൻ യൂസർ ഇൻപുട്ട് സാധൂകരിക്കുക (ഉദാ: `XSS`, `SQL-ഇൻജെക്ഷൻ`, `റിമോട്ട് കോഡ് എക്സിക്യൂഷൻ`, മുതലായവ).
 
 ## പ്രോസസ്സിംഗ്
 - [ ] തകർന്ന ഓതെന്റിക്കേഷൻ പ്രക്രിയ ഒഴിവാക്കാൻ എല്ലാ എൻഡ് പോയിന്റുകളും ഓതെന്റിക്കേഷൻന് പിന്നിൽ പരിരക്ഷിച്ചിട്ടുണ്ടോയെന്ന് പരിശോധിക്കുക.
 - [ ] ഉപയോക്താവിന്റെ സ്വന്തം റിസോഴ്സ് ഐഡി ഒഴിവാക്കണം. `/me/orders` പകരം `/user/654321/orders` ഉപയോഗിക്കുക.
-- [ ] ഐഡികൾ ഓട്ടോ-ഇൻക്രിമെന്റ്  ചെയ്യരുത്. പകരം `UUID` ഉപയോഗിക്കുക.
+- [ ] ഐഡികൾ ഓട്ടോ-ഇൻക്രിമെന്റ് ചെയ്യരുത്. പകരം `UUID` ഉപയോഗിക്കുക.
 - [ ] നിങ്ങൾ XML ഫയലുകൾ പാഴ്‌സ് ചെയ്യുകയാണെങ്കിൽ, `XXE` (XML ബാഹ്യ എന്റിറ്റി ആക്രമണം) ഒഴിവാക്കുവാൻ എന്റിറ്റി പാഴ്‌സിംഗ് പ്രവർത്തനക്ഷമമാക്കിയിട്ടില്ലെന്ന് ഉറപ്പാക്കുക.
-- [ ] നിങ്ങൾ XML ഫയലുകൾ പാഴ്‌സ് ചെയ്യുകയാണെങ്കിൽ, `Billion Laughs/XML bomb` വഴി എക്‌സ്‌പോണൻഷ്യൽ എന്റിറ്റി എക്സ്പാൻഷൻ അറ്റാക്ക്  ഒഴിവാക്കാൻ എന്റിറ്റി വിപുലീകരണം പ്രവർത്തനക്ഷമമാക്കിയിട്ടില്ലെന്ന് ഉറപ്പാക്കുക.
+- [ ] നിങ്ങൾ XML ഫയലുകൾ പാഴ്‌സ് ചെയ്യുകയാണെങ്കിൽ, `Billion Laughs/XML bomb` വഴി എക്‌സ്‌പോണൻഷ്യൽ എന്റിറ്റി എക്സ്പാൻഷൻ അറ്റാക്ക് ഒഴിവാക്കാൻ എന്റിറ്റി വിപുലീകരണം പ്രവർത്തനക്ഷമമാക്കിയിട്ടില്ലെന്ന് ഉറപ്പാക്കുക.
 - [ ] ഫയൽ അപ്‌ലോഡുകൾക്കായി ഒരു CDN ഉപയോഗിക്കുക.
 - [ ] നിങ്ങൾ വലിയ അളവിലുള്ള ഡാറ്റയാണ് കൈകാര്യം ചെയ്യുന്നതെങ്കിൽ, HTTP തടയൽ ഒഴിവാക്കുന്നതിന് പശ്ചാത്തലത്തിൽ കഴിയുന്നത്ര പ്രോസസ്സ് ചെയ്യാനും പ്രതികരണം വേഗത്തിൽ തിരികെ നൽകാനും വർക്കേഴ്സും ക്യൂകളും ഉപയോഗിക്കുക.
 - [ ] ഡീബഗ് മോഡ് ഓഫ് ചെയ്യാൻ മറക്കരുത്.
 
 ## ഔട്ട്പുട്ട്
-- [ ] `X-Content-Type-Options: nosniff`  ഹെഡ്‍ർ അയയ്ക്കുക.
+- [ ] `X-Content-Type-Options: nosniff` ഹെഡ്‍ർ അയയ്ക്കുക.
 - [ ] `X-Frame-Options: deny` ഹെഡ്‍ർ അയയ്ക്കുക.
 - [ ] `Content-Security-Policy: default-src 'none'` ഹെഡ്‍ർ അയയ്ക്കുക.
-- [ ] ഫിംഗർപ്രിന്റിങ് ഹെൽഡറുകൾ നീക്കം ചെയ്യുക - `X-Powered-By`, `Server`, `X-AspNet-Version`  മുതലായവ.
-- [ ] `content-type` നെ നിങ്ങളുടെ പ്രതികരണത്തിനായി നിർബന്ധിക്കുക. നിങ്ങളുടെ പ്രതികരണം `application/json` ആണെങ്കിൽ, നിങ്ങളുടെ `content-type` പ്രതികരണവും  `application/json` ആയിരിക്കും.
+- [ ] ഫിംഗർപ്രിന്റിങ് ഹെൽഡറുകൾ നീക്കം ചെയ്യുക - `X-Powered-By`, `Server`, `X-AspNet-Version` മുതലായവ.
+- [ ] `content-type` നെ നിങ്ങളുടെ പ്രതികരണത്തിനായി നിർബന്ധിക്കുക. നിങ്ങളുടെ പ്രതികരണം `application/json` ആണെങ്കിൽ, നിങ്ങളുടെ `content-type` പ്രതികരണവും `application/json` ആയിരിക്കും.
 - [ ] `Credentials`, `passwords` അല്ലെങ്കിൽ `security tokens` പോലുള്ള സെൻസിറ്റീവ് ഡാറ്റ നൽകരുത്.
 - [ ] പൂർത്തിയാക്കിയ പ്രവർത്തനത്തിനനുസരിച്ച് ശരിയായ സ്റ്റാറ്റസ് കോഡ് തിരികെ നൽകുക. (ഉദാ: `200 OK`, `400 Bad Request`, `401 Unauthorized`, `405 Method Not Allowed`, മുതലായവ).
 
 ## CI & CD
-- [ ] unit/integration tests കോവേജ് ഉപയോഗിച്ച് നിങ്ങളുടെ ഡിസൈനും  ഇമ്പലമെന്റാഷനും ഔഡിഡ് ചെയ്യുക.
+- [ ] unit/integration tests കോവേജ് ഉപയോഗിച്ച് നിങ്ങളുടെ ഡിസൈനും ഇമ്പലമെന്റാഷനും ഔഡിഡ് ചെയ്യുക.
 - [ ] ഒരു കോഡ് റിവ്യൂ പ്രക്രിയ ഉപയോഗിക്കുക, സ്വയം അംഗീകാരം അവഗണിക്കുക.
 - [ ] വെണ്ടർ ലൈബ്രറികളും മറ്റ് ഡിപൻഡൻസികളും ഉൾപ്പെടെ ഉൽപ്പാദനത്തിലേക്ക് നീങ്ങുന്നതിന് മുമ്പ് നിങ്ങളുടെ സേവനങ്ങളുടെ എല്ലാ ഘടകങ്ങളും എവി സോഫ്‌റ്റ്‌വെയർ സ്ഥിരമായി സ്കാൻ ചെയ്തിട്ടുണ്ടെന്ന് ഉറപ്പാക്കുക.
 - [ ] Continuously run security tests (static/dynamic analysis) on your code.
 - [ ] Check your dependencies (both software and OS) for known vulnerabilities.
-- [ ] ഡിപ്ലോയ്‌മെന്റിനായി  ഒരു റോൾബാക്ക് പരിഹാരം രൂപകൽപ്പന ചെയ്യുക.
+- [ ] ഡിപ്ലോയ്‌മെന്റിനായി ഒരു റോൾബാക്ക് പരിഹാരം രൂപകൽപ്പന ചെയ്യുക.
 
 
 ---
diff --git a/README-mn.md b/README-mn.md
index df0faeb..f5e8d98 100644
--- a/README-mn.md
+++ b/README-mn.md
@@ -14,9 +14,10 @@ API гаргах, загварчлах, тестлэхэд аюулгүйн та
 
 ### JWT (JSON Web Token)
 - [ ] Санамсаргүй үүссэн түлхүүр (`JWT Secret`) ашиглаж token -ыг brute force -оос хамгаал.
-- [ ] Payload -аас алгоритмаа бүү задал. Backend дээрээ хий (`HS256` or `RS256`).
+- [ ] Payload -аас алгоритмаа бүү задал. Backend дээрээ хий (`HS256` эсвэл `RS256`).
 - [ ] Токен дуусах хугацаа (`TTL`, `RTTL`) аль болох бага болго.
 - [ ] Чухал өгөгдлийг JWT payload -д бүү хадгал, decode хийхэд [амархан](https://jwt.io/#debugger-io).
+- [ ] Хэт их мэдээлэл хадгалахаас зайлсхий. JWT нь ихэвчлэн headers хэсэгт хуваагддаг бөгөөд тэдгээр нь хэмжээ хязгаартай байдаг.
 
 ### OAuth
 - [ ] `redirect_uri` -ыг үргэлж сервер талд шалган зөвшөөрөгдсөн URL эсэхийг шалга.
@@ -28,13 +29,15 @@ API гаргах, загварчлах, тестлэхэд аюулгүйн та
 - [ ] Хүсэлтийн тоог хязгаарлаж (Throttling) DDoS / brute-force дайралтаас хамгаална.
 - [ ] HTTPS ашиглаж сервер талдаа MITM (Man In The Middle Attack) дайралтаас хамгаална.
 - [ ] `HSTS` header -ыг SSL дээр ашиглаж SSL Strip дайралтаас хамгаална.
+- [ ] Лавлах жагсаалтыг унтраа.
+- [ ] Хувийн API-уудын хувьд зөвхөн зөвшөөрөгдсөн жагсаалтад орсон IP/хостоос хандахыг зөвшөөрнө үү.
 
 ## Input
 - [ ] Яг зөв HTTP хүсэлтийг ашигла: `GET (унших)`, `POST (үүсгэх)`, `PUT/PATCH (орлуулах/солих)`, мөн `DELETE (устгах)`, бас `405 Method Not Allowed` -ыг хүсэлтийн төрөл тодорхойгүй үед ашигла.
 - [ ] `content-type` -ыг хүсэлтийн header (Content Negotiation) дээр шалгаж зөвхөн дэмжигдсэн төрлийг зөвшөөр (Жнь. `application/xml`, `application/json`, гэх мэт) бас төрөл нь таарахгүй бол `406 Not Acceptable` хариу буцаа.
 - [ ] `content-type` -ыг post хийх өгөгдөл дээр шалга (Жнь. `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json`, г.м).
 - [ ] Хэрэглэгчээс гараас оруулсан утгыг шалгаж түгээмэл нүхнүүдээс сэргийлнэ. (Жнь. `XSS`, `SQL-Injection`, `Remote Code Execution`, г.м).
-- [ ] Чухал өгөгдлүүдийг (`credentials`, `Passwords`, `security tokens`, or `API keys`) URL ээр бүү явуул, оронд нь стандарт Authorization header ашигла.
+- [ ] Чухал өгөгдлүүдийг (`credentials`, `Passwords`, `security tokens`, эсвэл `API keys`) URL ээр бүү явуул, оронд нь стандарт Authorization header ашигла.
 - [ ] API Gateway үйлчилгээ ашиглан Rate Limit Policies (Жнь. `Quota`, `Spike Arrest`, `Concurrent Rate Limit`) болон cache хийх, мөн API deploy хийхэд ашигла.
 
 ## Processing
diff --git a/README-nl.md b/README-nl.md
index 20d6f48..adf89fa 100644
--- a/README-nl.md
+++ b/README-nl.md
@@ -17,6 +17,7 @@ Checklist met de belangrijkste tegenmaatregelen bij het ontwerpen, testen en uit
 - [ ] Haal het algoritme niet uit de payload. Dwing het algoritme af in de backend (`HS256` of `RS256`).
 - [ ] Zet de token vervaltijd (`TTL`, `RTTL`) zo kort mogelijk.
 - [ ] Sla geen gevoelige data op in de JWT payload, deze is [makkelijk](https://jwt.io/#debugger-io) te decoderen.
+- [ ] Vermijd het opslaan van te veel gegevens. JWT wordt meestal gedeeld in headers en ze hebben een maximale grootte.
 
 ### OAuth
 - [ ] Valideer **ALTIJD** de `redirect_uri` op de server om alleen toegestane URL te accepteren.
@@ -28,6 +29,8 @@ Checklist met de belangrijkste tegenmaatregelen bij het ontwerpen, testen en uit
 - [ ] Limiteer het aantal requests om DDoS en/of Bruteforce aanvallen te ontkrachten.
 - [ ] Gebruik HTTPS aan de server zijde om MITM (Man In The Middle Attacks) tegen te gaan.
 - [ ] Gebruik de `HSTS` header i.c.m SSL om een SSL Strip attack te ontkrachten.
+- [ ] Schakel directoryvermeldingen uit.
+- [ ] Sta voor privé-API's alleen toegang toe vanaf op de witte lijst geplaatste IP's/hosts.
 
 ## Invoer
 - [ ] Gebruik de correcte HTTP methode voor de operatie, `GET (lezen)`, `POST (schrijven)`, `PUT (vervangen/updaten)` and `DELETE (verwijderen)`.
diff --git a/README-pl.md b/README-pl.md
index 499d948..c454be6 100644
--- a/README-pl.md
+++ b/README-pl.md
@@ -17,6 +17,7 @@ Lista kontrolna najważniejszych metod zabezpieczenia podczas projektowania, tes
 - [ ] Algorytmy trzymaj w backendzie, nie upubliczniaj algorytmów.
 - [ ] Ustaw wygaszanie tokenów (`TTL`, `RTTL`) najkrótsze jak to możliwe.
 - [ ] Nie przechowuj wrażliwych danych w payloadzie `JWT`, mogą być one [łatwo zdekodowane](https://jwt.io/#debugger-io).
+- [ ] Unikaj przechowywania zbyt dużej ilości danych. JWT jest zwykle udostępniany w nagłówkach i ma limit rozmiaru.
 
 ### OAuth
 - [ ] Zawsze waliduj `redirect_uri` po stronie serwera aby zezwolić tylko URL-om z dozwolonej listy (`whitelist`).
@@ -28,6 +29,8 @@ Lista kontrolna najważniejszych metod zabezpieczenia podczas projektowania, tes
 - [ ] Ustaw limit zapytań (Throttling) aby uniknąć ataku DDoS / brute-force.
 - [ ] Użyj HTTPS aby uniknąć MITM (Man In The Middle Attack) - Ataku polegającego na pośrednictwie w wymianie informacji pomiędzy dwoma punktami np. klientem i serwerem.
 - [ ] Użyj nagłówka `HSTS` z SSL aby uniknąć SSL Strip attack.
+- [ ] Wyłącz wykazy katalogów.
+- [ ] W przypadku prywatnych API, zezwalaj na dostęp tylko z adresów IP/hostów umieszczonych na białej liście.
 
 ## Wejście
 - [ ] Użyj odpowiedniej metody protokołu HTTP dla danej operacji: `GET (odczyt)`, `POST (tworzenie)`, `PUT/PATCH (zmiana)`, and `DELETE (usuwanie)`, i odpowiadaj `405 Method Not Allowed` jeżeli metoda zapytania jest niepoprawna.
diff --git a/README-pt_BR.md b/README-pt_BR.md
index 59df9bf..8a80852 100644
--- a/README-pt_BR.md
+++ b/README-pt_BR.md
@@ -17,6 +17,7 @@ Lista das mais importantes medidas de segurança para o desenvolvimento, teste e
 - [ ] Não utilize o algoritmo de criptografia informado no cabeçalho do payload. Force o uso de um algoritmo específico no _back-end_ (`HS256` ou `RS256`).
 - [ ] Defina o tempo de vida do _token_ (`TTL`, `RTTL`) o menor possível.
 - [ ] Não armazene informações confidenciais no JWT, pois elas podem ser [facilmente decodificadas](https://jwt.io/#debugger-io).
+- [ ] Evite armazenar muitos dados. JWT geralmente é compartilhado em headers e eles têm um limite de tamanho.
 
 ### OAuth
 - [ ] Sempre valide o `redirect_uri` no seu servidor através de uma lista de URLs conhecidas (previamente cadastradas).
@@ -28,6 +29,8 @@ Lista das mais importantes medidas de segurança para o desenvolvimento, teste e
 - [ ] Limite a quantidade de requisições (_Throttling_) para evitar ataques DDoS e de força bruta.
 - [ ] Use HTTPS no seu servidor para evitar ataques MITM (_Man In The Middle Attack_).
 - [ ] Use cabeçalho `HSTS` com SSL para evitar ataques _SSL Strip_.
+- [ ] Desative as listagens de diretórios.
+- [ ] Para APIs privadas, permita o acesso apenas de IPs/hosts da lista branca (whitelist).
 
 ## Requisição (_Input_)
 - [ ] Utilize o método HTTP apropriado para cada operação, `GET (obter)`, `POST (criar)`, `PUT/PATCH (trocar/atualizar)` e `DELETE (apagar)`.
diff --git a/README-ru.md b/README-ru.md
index e81df62..59ea630 100644
--- a/README-ru.md
+++ b/README-ru.md
@@ -17,6 +17,7 @@
 - [ ] Не полагайтесь на переданное в заголовках название алгоритма, лучше закрепите его константой на сервере (`HS256` или `RS256`).
 - [ ] Сделайте срок действия токена (`TTL`, `RTTL`) как можно короче.
 - [ ] Не храните конфиденциальные данные в JWT, его можно [легко декодировать.](https://jwt.io/#debugger-io).
+- [ ] Избегайте хранения слишком большого количества данных. JWT обычно используется в header, и они имеют ограничение по размеру.
 
 ### OAuth
 - [ ] Всегда проверяйте `redirect_uri` на стороне сервера, чтобы разрешать только URL-адреса из белых списков (whitelist).
@@ -28,6 +29,8 @@
 - [ ] Установите ограничение на кол-во запросов в минуту (Throttling, RPM-Limit), чтобы избежать DDoS / Brute Force атак.
 - [ ] Используйте HTTPS на стороне сервера, чтобы избежать [MITM](https://ru.wikipedia.org/wiki/Атака_посредника) (Man In The Middle Attack / атака "человек посередине").
 - [ ] Используйте заголовок `HSTS` (HTTP Strict Transport Security) с SSL, чтобы избежать атаки SSL Strip (перехват SSL соединений).
+- [ ] Отключите списки каталогов.
+- [ ] Для частных API, разрешите доступ только с IP-адресов/хостов из белого списка.
 
 ## Запрос
 - [ ] Используйте соответствующий HTTP-метод в соответствии с операцией: `GET (чтение)`, `POST (создание)`, `PUT / PATCH (замена / обновление)` и `DELETE (удаление)`, а также ответьте `405 Method Not Allowed`, если запрошенный метод не подходит для запрашиваемого ресурса.
diff --git a/README-th.md b/README-th.md
index f8445a1..689ee98 100644
--- a/README-th.md
+++ b/README-th.md
@@ -17,6 +17,7 @@ Checklist ที่ต้องให้ความสำคัญเมื่
 - [ ] ไม่ควรมีการแกะข้อมูลหรือขั้นตอนการถอดข้อมูลในฝั่ง client. ให้มีเฉพาะในฝั่ง server เท่านั้น โดยอาจใช้วิธีเข้ารหัสด้วย HS256 หรือ RS256 เอา
 - [ ] พยายามให้ token หมดอายุให้ไวที่สุดเท่าที่จะเป็นไปได้ (`TTL`, `RTTL`)
 - [ ] ไม่ควรเก็บข้อมูลสำคัญใน payload ของ JWT เพราะอาจถูกแกะได้ [ง่าย](https://jwt.io/#debugger-io).
+- [ ] หลีกเลี่ยงการจัดเก็บข้อมูลมากเกินไป. JWT มักใช้ร่วมกันใน header และมีขนาดจำกัด.
 
 ### OAuth
 - [ ] มีการ validate `redirect_uri` ในฝั่ง server โดยยอมรับuriเฉพาะที่มีอยู่ในลิสต์ที่เราเชื่อถือเท่านั้น (whitelist)
@@ -28,13 +29,15 @@ Checklist ที่ต้องให้ความสำคัญเมื่
 - [ ] จำกัดจำนวนสูงสุดของ request เพื่อป้องกัน DDoS / Bruteforce
 - [ ] ใช้ https เพื่อป้องกัน MITM (Man In The Middle Attack).
 - [ ] ใช้ `HSTS` header กับ SSL เพื่อป้องกัน SSL Strip attack.
+- [ ] ปิดรายการไดเรกทอรี.
+- [ ] สำหรับ API ส่วนตัว อนุญาตการเข้าถึงจาก IP/โฮสต์ที่อนุญาตพิเศษเท่านั้น.
 
 ## Input
 - [ ] ใช้คำสั่ง HTTP ตาม operation ที่ทำ เช่น `GET (read)`, `POST (create)`, `PUT/PATCH (replace/update)` and `DELETE (to delete a record)` และตอบกลับด้วย `405 Method Not Allowed` ถ้าไม่มีการรองรับ request ด้วย method นั้นในระบบ.
 - [ ] Validate `content-type` ใน header ขา request (Content Negotiation) โดยยอมให้ส่งมาเฉพาะ format ที่กำหนด (e.g. `application/xml`, `application/json`... และอื่นๆ) และตอบกลับด้วย `406 Not Acceptable` ถ้า format ที่ส่งมาไม่ถูก.
 - [ ] Validate `content-type` ของ data ที่รับมาทุกครั้ง(e.g. `application/x-www-form-urlencoded`, `multipart/form-data ,application/json`... ).
 - [ ] Validate ข้อมูลที่ user ใส่เข้ามาทุกครั้งเพื่อป้องกันช่องโหว่ที่โดนกันบ่อยๆ (e.g. `XSS`, `SQL-Injection`, `Remote Code Execution` ... etc).
-- [ ] ห้ามเอาข้อมูลสำคัญไปใส่ไว้ใน URL (เช่น /servicexxx?creditcardnum=1234) แต่ให้ไปแปะไว้ใน authorization header แทน (`credentials`, `Passwords`, `security tokens`, or `API keys`)
+- [ ] ห้ามเอาข้อมูลสำคัญไปใส่ไว้ใน URL (เช่น /servicexxx?creditcardnum=1234) แต่ให้ไปแปะไว้ใน authorization header แทน (`credentials`, `Passwords`, `security tokens`, หรือ `API keys`)
 - [ ] ทำ API Gateway เพื่อให้สามารถทำ caching, Rate Limit, Spike Arrest, และการจัดสรรค์ทรัพยากรสำหรับ API ได้อย่างยืดหยุ่น
 
 ## Processing
diff --git a/README-tr.md b/README-tr.md
index aefcf6b..675a6e3 100644
--- a/README-tr.md
+++ b/README-tr.md
@@ -17,6 +17,7 @@ API'nizi tasarlarken, test ederken ve yayınlarken en önemli güvenlik önlemle
 - [ ] Algoritmayı gelen veri üzerinden belirlemeyin. Arka uçta olmasını sağlayın. (`HS256` veya `RS256`).
 - [ ] Token'in son kullanma tarihini (`TTL`, `RTTL`) olabildiğince kısa yapın.
 - [ ] Hassas verilerinizi JWT payload içine koymayın, [Kolayca](https://jwt.io/#debugger-io) çözülebilir.
+- [ ] Çok fazla veri depolamaktan kaçının. JWT genellikle header'larda paylaşılır ve bunların bir boyut sınırı vardır.
 
 ### OAuth
 - [ ] Yalnızca beyaz listeye eklenen URL'lere izin vermek için sunucu tarafındaki `redirect_uri` bilgisini her zaman doğrulayın.
@@ -28,6 +29,8 @@ API'nizi tasarlarken, test ederken ve yayınlarken en önemli güvenlik önlemle
 - [ ] DDoS ya da kaba kuvvet saldırılarından korunmak için istekleri sınırlamalısınız.
 - [ ] MITM (Man In The Middle Attack) saldırılarında korunmak için sunucu tarafında HTTPS kullanın.
 - [ ] SSL Strip saldırılarından korunmak için `HSTS` header'ı SSL ile kullan.
+- [ ] Dizin listelerini kapatın.
+- [ ] Özel API'ler için, yalnızca beyaz listedeki IP'lerden/host'lardan erişime izin verin.
 
 ## Girdi
 - [ ] İşleme göre uygun HTTP yöntemini kullanın: `GET (okumak)`, `POST (oluşturmak)`, `PUT/PATCH (değiştirmek/güncellemk)`, ve `DELETE (bir kaydı silmek için)`, eğer istenen yöntem istenen kaynak için uygun değilse `405 Method Not Allowed` mesajı ile cevap verin.
diff --git a/README-tw.md b/README-tw.md
index 013a66e..8a66773 100644
--- a/README-tw.md
+++ b/README-tw.md
@@ -17,6 +17,7 @@
 - [ ] 不要在請求體中直接提取數據, 要對數據進行加密 (`HS256` 或 `RS256`).
 - [ ] 使 token 的過期時間儘量的短 (`TTL`, `RTTL`).
 - [ ] 不要在 JWT 的請求體中存放敏感數據, 它是[可破解的](https://jwt.io/#debugger-io).
+- [ ] 避免存儲過多的數據。 JWT 通常在標頭中共享，並且它們有大小限制。
 
 ### OAuth 授權或認證協議
 - [ ] 始終在後台驗證 `redirect_uri`, 只允許白名單的 URL.
@@ -28,13 +29,15 @@
 - [ ] 限制流量來防止 DDoS 攻擊和暴力攻擊.
 - [ ] 在服務端使用 HTTPS 協議來防止 MITM 攻擊.
 - [ ] 使用 `HSTS` 協議防止 SSLStrip 攻擊.
+- [ ] 關閉目錄列表。
+- [ ] 對於私有 API，僅允許從列入白名單的 IP/主機進行訪問。
 
 ## 輸入
 - [ ] 使用與操作相符的 HTTP 操作函數, `GET (讀取)`, `POST (創建)`, `PUT (替換/更新)` 以及 `DELETE (刪除記錄)`, 如果請求的方法不適用於請求的資源則返回 `405 Method Not Allowed`.
 - [ ] 在請求頭中的 `content-type` 欄位使用內容驗證來只允許支持的格式 (如 `application/xml`, `application/json` 等等) 並在不滿足條件的時候返回 `406 Not Acceptable`.
 - [ ] 驗證 `content-type` 的發佈數據和你收到的一樣 (如 `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json` 等等).
 - [ ] 驗證用戶輸入來避免一些普通的易受攻擊缺陷 (如 `XSS`, `SQL-注入`, `遠程代碼執行` 等等).
-- [ ] 不要在 URL 中使用任何敏感的數據 (`credentials`, `Passwords`, `security tokens`, or `API keys`), 而是使用標準的認證請求頭.
+- [ ] 不要在 URL 中使用任何敏感的數據 (`credentials`, `Passwords`, `security tokens`, 或 `API keys`), 而是使用標準的認證請求頭.
 - [ ] 使用一個 API Gateway 服務來啟用緩存、訪問速率限制 (如 `Quota`, `Spike Arrest`, `Concurrent Rate Limit`) 以及動態地部署 APIs resources.
 
 ## 處理
diff --git a/README-uk.md b/README-uk.md
index 1e6f4ff..17d1398 100644
--- a/README-uk.md
+++ b/README-uk.md
@@ -17,6 +17,7 @@
 - [ ] Не виймайте алгоритм з корисного навантаження. Внесіть алгоритм в бекенда (`HS256` або` RS256`).
 - [ ] Зробіть термін дії токена (`TTL`, `RTTL`) якомога коротшим.
 - [ ] Не зберігайте конфіденційні дані в корисне навантаження JWT, її можна [легко декодувати.](Https://jwt.io/#debugger-io).
+- [ ] Уникайте зберігання занадто великої кількості даних. JWT зазвичай спільно використовується в header, і вони мають обмеження на розмір.
 
 ### OAuth
 - [ ] Завжди перевіряйте `redirect_uri` на стороні сервера, щоб дозволяти тільки URL-адреси з білими списками.
@@ -28,6 +29,8 @@
 - [ ] Обмежте запити (Throttling), щоб уникнути DDoS атак / грубої сили (Brute Force).
 - [ ] Використовуйте HTTPS на стороні сервера, щоб уникнути MITM (Man In The Middle Attack / Атака посередника).
 - [ ] Використовуйте заголовок `HSTS` (HTTP Strict Transport Security) з SSL, щоб уникнути атаки SSL Strip (перехоплення SSL з'єднань).
+- [ ] Вимкніть списки каталогів.
+- [ ] Для приватних API, дозвольте доступ лише з IP-адрес/хостів із білого списку.
 
 ## Введення
 - [ ] Використовуйте відповідний HTTP-метод відповідно до операції: `GET (читання),` POST (створення) `,` PUT / PATCH (заміна / оновлення) `і` DELETE (для видалення запису) `, а також дайте відповідь` 405 Method Not Allowed`, якщо запитаний метод не підходить для запитуваного ресурсу.
diff --git a/README-vi.md b/README-vi.md
index 6aae45d..5b25d42 100644
--- a/README-vi.md
+++ b/README-vi.md
@@ -17,6 +17,7 @@ Những giải pháp an toàn và cách khắc phục khi thiết kế, kiểm t
 - [ ] Không sử dụng các thuật toán có trong `Payload` của người dùng. Bắt buộc sử dụng thuật toán phía backend (`HS256` hoặc `RS256`).
 - [ ] Đặt thời hạn token (`TTL`, `RTTL`) càng ngắn càng tốt.
 - [ ] Không lưu các thông tin nhạy cảm trong JWT, nó có thể [dễ dàng](https://jwt.io/#debugger-io) được giải mã.
+- [ ] Tránh lưu trữ quá nhiều dữ liệu. JWT thường được chia sẻ trong header và chúng có giới hạn về kích thước.
 
 ### OAuth Ủy quyền hoặc chứng thực giao thức
 - [ ] Luôn xác nhận `redirect_uri` phía server để chỉ cho phép redirect đến các URL tin cậy.
@@ -28,13 +29,15 @@ Những giải pháp an toàn và cách khắc phục khi thiết kế, kiểm t
 - [ ] Giới hạn request (Throttling) để phòng tránh các tấn công DDoS / brute-force.
 - [ ] Sử dụng giao thức HTTPS ở phía server để tránh MITM (Man In The Middle Attack).
 - [ ] Sử dụng `HSTS` header với SSL để tránh tấn công SSL Strip.
+- [ ] Tắt danh sách thư mục.
+- [ ] Đối với các API riêng tư, chỉ cho phép truy cập từ các IP / máy chủ có trong danh sách cho phép / danh sách trắng / whitelist.
 
 ## Input
 - [ ] Sử dụng các HTTP method phù hợp với từng hành động: `GET (đọc)`, `POST (tạo mới)`, `PUT/PATCH (cập nhật/sửa)`, `DELETE (để xóa bản ghi)`, và phản hồi `405 Method Not Allowed` nếu HTTP method không phù hợp với tài nguyên được request.
 - [ ] Xác nhận dữ liệu `content-type` ở mỗi tiêu đề (Content Negotiation) chỉ cho phép những định dạng được hỗ trợ (chẳng hạn như. `application/xml`, `application/json`, vv) và phản hồi `406 Not Acceptable` nếu không khớp.
 - [ ] Xác nhận dữ liệu `content-type` được chấp nhận khi gửi lên (chẳng hạn như. `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json`...).
 - [ ] Kiểm tra dữ liệu truyền lên từ người dùng để tránh các lỗ hổng phổ biến (chẳng hạn như `XSS`, `SQL-Injection`, `Remote Code Execution`...).
-- [ ] Không sử dụng các dữ liệu nhạy cảm như (`credentials`, `Passwords`, `security tokens`, or `API keys`) tại URL, sử dụng header Authorization để xác thực.
+- [ ] Không sử dụng các dữ liệu nhạy cảm như (`credentials`, `Passwords`, `security tokens`, hoặc `API keys`) tại URL, sử dụng header Authorization để xác thực.
 - [ ] Sử dụng API Gateway để kích hoạt cache, Rate Limit policies (chẳng hạng như. `Quota`, `Spike Arrest`, `Concurrent Rate Limit`) và deploy APIs resources linh động hơn.
 
 ## Processing
diff --git a/README-zh.md b/README-zh.md
index 447c9a2..8473cba 100644
--- a/README-zh.md
+++ b/README-zh.md
@@ -17,6 +17,7 @@
 - [ ] 不要在请求体中直接提取数据，要对数据进行加密（`HS256` 或 `RS256`）。
 - [ ] 使 token 的过期时间尽量的短（`TTL`，`RTTL`）。
 - [ ] 不要在 JWT 的请求体中存放敏感数据，因为它是[可解码的](https://jwt.io/#debugger-io)。
+- [ ] 避免存储过多的数据。 JWT 通常在标头中共享，并且它们有大小限制。
 
 ### OAuth 授权或认证协议
 - [ ] 始终在后台验证 `redirect_uri`，只允许白名单的 URL。
@@ -28,6 +29,8 @@
 - [ ] 限制流量来防止 DDoS 攻击和暴力攻击。
 - [ ] 在服务端使用 HTTPS 协议来防止 MITM （中间人攻击）。
 - [ ] 使用 `HSTS` 协议防止 SSL Strip 攻击。
+- [ ] 关闭目录列表。
+- [ ] 对于私有 API，仅允许从列入白名单的 IP/主机进行访问。
 
 ## 输入
 - [ ] 使用与操作相符的 HTTP 操作函数，`GET（读取)`，`POST（创建）`，`PUT（替换/更新）` 以及 `DELETE（删除记录）`，如果请求的方法不适用于请求的资源则返回 `405 Method Not Allowed`。
diff --git a/README.md b/README.md
index f5a57b9..667c389 100644
--- a/README.md
+++ b/README.md
@@ -17,7 +17,7 @@ Checklist of the most important security countermeasures when designing, testing
 - [ ] Don't extract the algorithm from the header. Force the algorithm in the backend (`HS256` or `RS256`).
 - [ ] Make token expiration (`TTL`, `RTTL`) as short as possible.
 - [ ] Don't store sensitive data in the JWT payload, it can be decoded [easily](https://jwt.io/#debugger-io).
-- [ ] Avoid storing too much or growing up data. JWT is usually shared in headers and they have a size limit.
+- [ ] Avoid storing too much data. JWT is usually shared in headers and they have a size limit.
 
 ### OAuth
 - [ ] Always validate `redirect_uri` server-side to allow only whitelisted URLs.
@@ -28,9 +28,9 @@ Checklist of the most important security countermeasures when designing, testing
 ## Access
 - [ ] Limit requests (Throttling) to avoid DDoS / brute-force attacks.
 - [ ] Use HTTPS on server side with TLS 1.2+ and secure ciphers to avoid MITM (Man in the Middle Attack).
-- [ ] Use `HSTS` header with SSL to avoid SSL Strip attack.
+- [ ] Use `HSTS` header with SSL to avoid SSL Strip attacks.
 - [ ] Turn off directory listings.
-- [ ] For private APIs, only allow access from whitelisted IPs/hosts.
+- [ ] For private APIs, allow access only from whitelisted IPs/hosts.
 
 ## Input
 - [ ] Use the proper HTTP method according to the operation: `GET (read)`, `POST (create)`, `PUT/PATCH (replace/update)`, and `DELETE (to delete a record)`, and respond with `405 Method Not Allowed` if the requested method isn't appropriate for the requested resource.

From e63d661eb91a5ecd1c20b8d793d6eaf4d083fc8b Mon Sep 17 00:00:00 2001
From: Imorate <dev.imorate@gmail.com>
Date: Sun, 24 Jul 2022 19:04:41 +0430
Subject: [PATCH 106/149] Fix typos and translate new checklists

 Fix typos and translate new checklists for the Persian language
---
 README-fa.md | 91 +++++++++++++++++++++++++---------------------------
 1 file changed, 44 insertions(+), 47 deletions(-)

diff --git a/README-fa.md b/README-fa.md
index be9c24a..d5dbe5d 100644
--- a/README-fa.md
+++ b/README-fa.md
@@ -8,75 +8,72 @@
 ---
 
 ## احراز هویت
-- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;از `Basic Auth` یا همان `اصالت‌سنجی برای دسترسی‌های اولیه` استفاده نکن. به جای آن از روش‌های استاندارد احراز هویت استفاده کن (مثلا [JWT](https://jwt.io/) یا [OAuth](https://oauth.net/)).
-- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;برای کارهایی مثل `احراز هویت`، `تولید توکن` و `ذخیره پسوورد` چرخ را دوباره اختراع نکن. از استانداردها استفاده کن.
-- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;برای لاگین محدودیت‌های `تعداد ماکسیمم تلاش مجدد` و تعداد دفعات ورود را قرار بده.
-- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;همه‌ی داده‌های حساس را رمزگذاری کن.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;از `Basic Auth` یا همان `اصالت‌سنجی برای دسترسی‌های اولیه` استفاده نکنید. به جای آن از روش‌های استاندارد احراز هویت استفاده کنید (مثلا [JWT](https://jwt.io/) یا [OAuth](https://oauth.net/)).
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;برای کارهایی مثل `احراز هویت`، `تولید توکن` و `ذخیره پسوورد` چرخ را دوباره اختراع نکنید. از استانداردها استفاده کنید.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;برای لاگین محدودیت‌های `تعداد ماکسیمم تلاش مجدد`  و تعداد دفعات ورود را قرار بدید.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;همه‌ی داده‌های حساس را رمزگذاری کنید.
 
 ### JWT (JSON Web Token)
-- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;از یک کلید پیچیده‌ی تصادفی برای `JWT Secret` استفاده کن تا حمله‌ی بروت‌فورس به توکن بسیار سخت باشد.
-- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;الگوریتم را از هدر استخراج نکن. در بک‌اند الگوریتم را تحمیل کن (`HS256` یا `RS256`).
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;از یک کلید پیچیده‌ی تصادفی برای `JWT Secret` استفاده کنید تا حمله‌ی بروت‌فورس به توکن بسیار سخت باشد.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;الگوریتم را از هدر استخراج نکنید. در بک‌اند الگوریتم را تحمیل کنید (`HS256` یا `RS256`).
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;انقضای توکن (`TTL` یا `RTTL`) را تا حد ممکن کوتاه کن.
-- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;اطلاعات حساس را در پی‌لود JWT ذخیره نکن چون [به راحتی](https://jwt.io/#debugger-io) قابل رمزگشایی است.
-- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;از ذخیره بیش از حد داده ها خودداری کنید. JWT معمولاً در هدر به اشتراک گذاشته می شود و محدودیت اندازه دارند.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;اطلاعات حساس را در پی‌لود JWT ذخیره نکنید چون [به راحتی](https://jwt.io/#debugger-io) قابل رمزگشایی است.
 
 ### OAuth
-- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;همیشه `redirect_uri` را در سمت سرور اعتبارسنجی کن تا تنها به URLهای مجاز اجازه داده شود.
-- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;همیشه تلاش کن تا code را به جای token تبادل کنی (اجازه `response_type=token` را نده).
-- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;از پارامتر `state` با یک هش تصادفی استفاده کن تا از CSRF روی پروسه‌ی احراز هویت OAuth جلوگیری کنی.
-- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;مقدار scope پیش‌فرض را تعریف کن و پارامترهای scope را برای هر اپلیکیشن اعتبارسنجی کن.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;همیشه `redirect_uri` را در سمت سرور اعتبارسنجی کنید تا تنها به URLهای مجاز اجازه داده شود.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;همیشه تلاش کنید تا code را به جای token تبادل کنید (اجازه `response_type=token` را ندهید).
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;از پارامتر `state` با یک هش تصادفی استفاده کنید تا از CSRF روی پروسه‌ی احراز هویت OAuth جلوگیری کنید.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;مقدار scope پیش‌فرض را تعریف کنید و پارامترهای scope را برای هر اپلیکیشن اعتبارسنجی کنید.
 
 ## دسترسی
-- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;رکوئست‌ها را محدود کن (Throttling) تا از حملات DDos یا بروت‌فورس جلوگیری شود.
-- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;در سمت سرور از HTTPS استفاده کن تا از حملات مرد میانی جلوگیری شود.
-- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;از هدر `HSTS` استفاده کن تا از حمله‌ی SSL Strip جلوگیری شود.
-- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;لیست های دایرکتوری را خاموش کنید.
-- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;برای APIهای خصوصی، فقط از IPها/میزبانهای لیست سفید اجازه دسترسی داشته باشید.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;رکوئست‌ها را محدود کنید (Throttling) تا از حملات DDos یا بروت‌فورس جلوگیری شود.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;در سمت سرور از HTTPS استفاده کنید تا از حملات مرد میانی جلوگیری شود.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;از هدر `HSTS` استفاده کنید تا از حمله‌ی SSL Strip جلوگیری شود.
 
 ## ورودی
-- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;از متد HTTP مناسب با توجه به نوع عملیات استفاده کن: `GET` برای خواندن، `POST` برای ایجاد کردن، `PUT/PATCH` برای جایگزین یا بروزرسانی و `DELETE` برای حذف یک رکورد، و در صورتیکه متد درخواستی برای منبع درخواست‌شده مناسب نیست با `405 Method Not Allowed` پاسخ بده.
-- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;مقدار `content-type` را در هدر Accept رکوئست (مذاکره محتوا یا Content Negotiation) اعتبارسنجی کن تا فقط به فرمت‌های مورد پشتیبانی اجازه داده شود (مثلا `application/xml`، `application/json` و ...).
-- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;مقدار `content-type` در داده‌ی پست‌شده را اعتبارسنجی کن (مثلا `application/x-www-form-urlencoded`، `multipart/form-data`، `application/json` و ...).
-- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;ورودی کاربر را اعتبارسنجی کن تا از آسیب‌پذیری‌های معمول جلوگیری شود (مثلا `XSS`، `SQL-Injection` و `Remote Code Execution`).
-- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;هیچ داده‌ی حساسی مثل (داده‌های اعتبارسنجی، پسوورد‌ها، توکن‌های امنیتی یا کلید‌های API) را داخل URL قرار نده و از هدر Authorization استاندارد استفاده کن.
-- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;از یک سرویس API Gateway استفاده کن تا کش‌کردن و سیاست‌های Rate Limit (مثلا `Quota`، `Spike Arrest` یا `Concurrent Rate Limit`) فعال شوند و منابع APIها را به صورت داینامیک دپلوی کن.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;از متد HTTP مناسب با توجه به نوع عملیات استفاده کنید: `GET` برای خواندن، `POST` برای ایجاد کردن، `PUT/PATCH` برای جایگزین یا بروزرسانی و `DELETE` برای حذف یک رکورد، و در صورتی‌که متد درخواستی برای منبع درخواست‌شده مناسب نباشد با `405 Method Not Allowed` پاسخ بدهید.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;مقدار `content-type` را در هدر Accept رکوئست (مذاکره محتوا یا Content Negotiation) اعتبارسنجی کنید تا فقط به فرمت‌های مورد پشتیبانی اجازه داده شود (مثلا `application/xml`، `application/json` و ...). و در صورت عدم تطابق با یک پاسخ `406 Not Acceptable` پاسخ دهید.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;مقدار `content-type` در داده‌ی پست‌شده را اعتبارسنجی کنید (مثلا `application/x-www-form-urlencoded`، `multipart/form-data`، `application/json` و ...).
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;ورودی کاربر را اعتبارسنجی کنید تا از آسیب‌پذیری‌های معمول جلوگیری شود (مثلا `XSS`، `SQL-Injection` و `Remote Code Execution`). 
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;هیچ داده‌ی حساسی مثل (داده‌های اعتبارسنجی، پسوورد‌ها، توکن‌های امنیتی یا کلید‌های API) را داخل URL قرار ندهید و از هدر Authorization استاندارد استفاده کنید.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;از یک سرویس API Gateway استفاده کنید تا کش‌کردن و سیاست‌های Rate Limit (مثلا `Quota`، `Spike Arrest` یا `Concurrent Rate Limit`) فعال شوند و منابع APIها را به صورت داینامیک دپلوی کنید.
 
 ## پردازش
-- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;چک کن که تمامی endpointها توسط احراز هویت محافظت شوند تا از شکستن پروسه‌ی احراز هویت جلوگیری شود.
-- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;از استفاده از ID ریسورس خود کاربر اجتناب کن. به جای `user/654321/orders` از `/me/orders` استفاده کن.
-- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;از IDهای auto-increment استفاده نکن. به جای آن از `UUID` استفاده کن.
-- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;اگر فایل‌های XML را parse میکنی مطمئن شو تا entity parsing غیرفعال باشد تا از `XXE` (XML External entity attack) جلوگیری شود.
-- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;اگر فایل‌های XML را parse میکنی، مطمئن شو تا entity expansion غیرفعال باشد تا از `Billion Laughs/XML bomb` توسط exponential entity expansion attack جلوگیری شود.
-- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;از یک CDN برای آپلودهای فایل استفاده کن.
-- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;اگر با مقادیر بسیار حجیمی از داده باید کار کنی، از Workerها و Queueها استفاده کن تا حداکثر پردازش در بک‌گراند انجام شود و سریع پاسخ را برگردان تا از HTTP Blocking جلوگیری شود.
-- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;خاموش کردن حالت DEBUG را فراموش نکن.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;چک کنید که تمامی endpointها توسط احراز هویت محافظت شوند تا از پروسه‌ی احراز هویت ناقص جلوگیری شود.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;از استفاده از ID ریسورس خود کاربر اجتناب کنید. به جای `user/654321/orders` از `/me/orders` استفاده کنید.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;از IDهای auto-increment استفاده نکنید. به جای آن از `UUID` استفاده کنید.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;اگر فایل‌های XML را parse می‌کنید مطمئن شوید تا entity parsing غیرفعال باشد تا از `XXE` (XML External entity attack) جلوگیری شود.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;اگر فایل‌های XML، YAML یا هر زبان دیگری را با استفاده از anchor ها و ref ها parse می‌کنید، مطمئن شوید تا entity expansion غیرفعال باشد تا از `Billion Laughs/XML bomb` توسط exponential entity expansion attack جلوگیری شود.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;از یک CDN برای آپلودهای فایل استفاده کنید.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;اگر با مقادیر بسیار حجیمی از داده سر و کار دارید، از Workerها و Queueها استفاده کنید تا حد الامکان پردازش در بک‌گراند انجام شود و سریع پاسخ را برگردانید تا از HTTP Blocking جلوگیری شود.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;خاموش کردن حالت DEBUG را فراموش نکنید.
 
 ## خروجی
-- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;هدر `X-Content-Type-Options: nosniff` را ارسال کن.
-- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;هدر `X-Frame-Options: deny` را ارسال کن.
-- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;هدر `'Content-Security-Policy: default-src 'none` را ارسال کن.
-- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;هدرهایی که به نوعی اثرانگشت برجای میگذارند را حذف کن، مثلا `X-Powered-By`، `Server` و ‍`X-AspNet-Version`.
-- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;مقدار `content-type` را برای جواب اجباری کن. اگر `application/json` برمیگردانی، پس `content-type` پاسخ `application/json` است.
-- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;اطلاعات حساس مثل `داده‌های اعتبارسنجی`، `پسوورد‌ها` و `توکن‌های امنیتی` را برنگردان.
-- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;با توجه به عملیات انجام‌شده، status code مناسب را برگردان. مثلا `200 OK`، `400 Bad Request`، `401 Unauthorized` و `405 Method Not Allowed`.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;هدر `X-Content-Type-Options: nosniff` را ارسال کنید.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;هدر `X-Frame-Options: deny` را ارسال کنید.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;هدر `'Content-Security-Policy: default-src 'none` را ارسال کنید.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;هدرهایی که به نوعی اثرانگشت برجای می‌گذارند را حذف کنید، مثلا `X-Powered-By`، `Server` و ‍`X-AspNet-Version`.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;مقدار `content-type` را برای پاسخ اجباری کنید. اگر `application/json` برمیگردانید، پس `content-type` پاسخ، `application/json` است.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;اطلاعات حساس مثل `داده‌های اعتبارسنجی`، `رمز های عبور` و `توکن‌های امنیتی` را برنگردانید.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;با توجه به عملیات انجام‌شده، status code مناسب را برگردانِد. مثلا `200 OK`، `400 Bad Request`، `401 Unauthorized` و `405 Method Not Allowed`.
 
 ## CI & CD
-- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;طراحی و پیاده سازی خودت را با پوشش تست‌های unit/integration بازرسی کن.
-- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;از یک پروسه‌ی مرور کد استفاده کن و خود-تاییدی را نادیده بگیر.
-- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;مطمئن شو تا تمامی اجزای سرویس‌هایت، شامل کتابخانه‌های استفاده‌شده و دیگر وابستگی‌ها، قبل از انتشار در حالت production، به طور ایستا توسط نرم‌افزارهای آنتی‌ویروس اسکن شده‌اند.
-- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Continuously run security tests (static/dynamic analysis) on your code.
-- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Check your dependencies (both software and OS) for known vulnerabilities.
-- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;برای دپلوی، یک راه‌حل با قابلیت عقبگرد (rollback) طراحی کن.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;طراحی و پیاده سازی خودتان را با پوشش تست‌های unit/integration بازرسی کنید.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;از یک پروسه‌ی مرور کد استفاده کنید و خود-تاییدی را نادیده بگیرید.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;مطمئن شوید تا تمامی اجزای سرویس‌هایتان، شامل کتابخانه‌های استفاده‌شده و دیگر وابستگی‌ها، قبل از انتشار در حالت production، به طور ایستا توسط نرم‌افزارهای آنتی‌ویروس اسکن شده‌اند.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;به صورت پیوسته روی کدتان تست‌های امنیتی (آنالیز ایستا و پویا)، اجرا کنید.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;وابستگی‌هایتان (نرم افزار و سیستم عامل، هردو) را برای آسیب‌پذیری‌های شناخته شده، چک کنید.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;برای دپلوی‌هایتان، یک راه‌حل با قابلیت عقبگرد (rollback) طراحی کنید.
 
 
 ---
 
-## نگاهی بیانداز به:
-- [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) - یک مجموعه از منابع بردردبخور برای ساختن APIهای RESTful با HTTP و JSON -
+## نگاهی بیاندازید به:
+- [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) - یک مجموعه از منابع مفید برای ساختن APIهای RESTful با HTTP و JSON -
 
 
 ---
 
 # مشارکت
-برای همکاری و کمک می‌توانی به راحتی این مخزن را fork کنی، تغییرات مورد نظرت را اعمال کنی و یک pull request ثب کنی. اگر سوالی داشتی به آدرس `team@shieldfy.io` ایمیل بزن.
+برای همکاری و کمک می‌توانید به راحتی این مخزن را fork کنید، تغییرات مورد نظرت را اعمال کنید و یک pull request ثب کنید. اگر سوالی داشتید به آدرس `team@shieldfy.io` ایمیل بزنید.
 </div>

From 3764919bc615284063013b27a5113410f229eb05 Mon Sep 17 00:00:00 2001
From: Caleb Mazalevskis <maikuolan@gmail.com>
Date: Sun, 24 Jul 2022 22:36:35 +0800
Subject: [PATCH 107/149] Partial sync.

Translation progress. (Please send PRs with corrections if you spot any
errors/typos/etc).
---
 README-ar.md    |  2 ++
 README-de.md    |  2 ++
 README-el.md    |  2 ++
 README-es.md    |  2 ++
 README-fa.md    |  2 ++
 README-fr.md    |  2 ++
 README-hi.md    |  2 ++
 README-id.md    |  2 ++
 README-it.md    |  2 ++
 README-ja.md    |  2 ++
 README-ko.md    |  2 ++
 README-lo.md    |  2 ++
 README-mk.md    |  2 ++
 README-ml.md    |  2 ++
 README-mn.md    |  2 ++
 README-nl.md    |  2 ++
 README-pl.md    |  2 ++
 README-pt_BR.md |  2 ++
 README-ru.md    |  2 ++
 README-th.md    | 20 +++++++++++---------
 README-tr.md    |  4 +++-
 README-tw.md    |  2 ++
 README-uk.md    |  2 ++
 README-vi.md    |  2 ++
 README-zh.md    |  2 ++
 README.md       | 16 ++++++++--------
 26 files changed, 68 insertions(+), 18 deletions(-)

diff --git a/README-ar.md b/README-ar.md
index 659e98a..1532514 100644
--- a/README-ar.md
+++ b/README-ar.md
@@ -40,6 +40,7 @@
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;قم بالتحقق من `content-type` في محتوى الطلب نفسه posted data (مثال `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json`, إلى آخره).
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;قم بالتحقق من مدخلات المستخدم لتتجنب الثغرات الشائعة (مثال `XSS`, `SQL-Injection`, `Remote Code Execution`, إلى آخره).
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;لا تستخدم أي بيانات حساسة (`credentials`, `Passwords`, `security tokens`, أو `API keys`) في الرابط ولكن استخدم الطريقة القياسية وهي رأس الطلب الخاص بالمصادقة Authorization header.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;استخدم فقط التشفير من جانب الخادم.
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;استخدم واجهة للـ API لتستفيد من التخزين المؤقت caching وسياسات تحديد عدد الطلبات Rate Limit policies (مثال `الحصة Quota`, `التنبية في الارتفاع المفاجئ Spike Arrest`, `وتحديد عدد الطلبات المتزامنة Concurrent Rate Limit`)
 
 ## المعالجة
@@ -51,6 +52,7 @@
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;استخدم شبكات تسليم المحتوى CDN لرفع الملفات.
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;لو كنت تتعامل مع حجم بيانات ضخم، استخدم عمليات منفصلة Workers, Queues لمعالجة البيانات في الخلفية والرد على المستخدم بسرعة لتجنب حجب الطلب HTTP Blocking.
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;لا تترك وضع التصحيح DEBUG mode في حالة التشغيل.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;استخدم مكدسات غير قابلة للتنفيذ عند توفرها.
 
 ## المخرجات
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;استخدم `X-Content-Type-Options: nosniff` في رأس الطلب header.
diff --git a/README-de.md b/README-de.md
index 1c84851..fc6766c 100644
--- a/README-de.md
+++ b/README-de.md
@@ -38,6 +38,7 @@ Checkliste für die wichtigsten Sicherheitsmaßnahmen beim Designen, Testen und
 - [ ] Validiere den `Content-Type` im Header der Anfrage für übertragene Daten (bspw. POST oder PUT) wie bspw. `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json`, usw.
 - [ ] Validiere immer alle Eingaben im Request und allen Parametern um allgemeine Angriffsmöglichkeiten zu verhindern (bspw. `XSS`, `SQL-Injection`, `Remote Code Execution`, usw).
 - [ ] Verwende niemals sensitive Daten (`Anmeldedaten`, `Passwörter`, `Security Tokens`, oder `API-Schlüssel`) in der URL, aber nutze den standardisierten "Authorization" Header.
+- [ ] Verwenden nur serverseitige Verschlüsselung.
 - [ ] Nutze ein API Gateway Service für Caching, Rate Limit Regeln (bspw. `Quota`, `Spike Arrest`, `Concurrent Rate Limit`) und der Bereitstellung dynamischer API Ressourcen.
 
 ## Verarbeitung
@@ -49,6 +50,7 @@ Checkliste für die wichtigsten Sicherheitsmaßnahmen beim Designen, Testen und
 - [ ] Nutze CDN für Dateiuploads.
 - [ ] Wenn du eine große Menge an Daten verarbeiten musst, nutze Worker und Queues, um so viel wie möglich im Hintergrund zu verarbeiten und schnelle Antwortzeiten zu gewährleisten.
 - [ ] Vergiss nicht den DEBUG Modus zu deaktivieren.
+- [ ] Verwenden nicht ausführbare Stacks sofern verfügbar.
 
 ## Output
 - [ ] Sende `X-Content-Type-Options: nosniff` im Header.
diff --git a/README-el.md b/README-el.md
index 86a9565..3d06f3c 100644
--- a/README-el.md
+++ b/README-el.md
@@ -38,6 +38,7 @@
 - [ ] Επικυρώστε `content-type` δεδομένα που στέλνετε, με τον ίδιο τρόπο όπως τα δέχεστε (π.χ. `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json`, κτλ.).
 - [ ] Επικυρώστε την οποιαδήποτε είσοδο δεδομένων απο τους χρήστες, για να αποφύγετε τα κοινά κενά ασφαλείας (π.χ. `XSS`, `SQL-Injection`, `Remote Code Execution`, κτλ.).
 - [ ] Μη χρησιμοποιήτε ευαίσθητα δεδομένα (`credentials`, `Passwords`, `security tokens`, ή `API keys`) στο URL, αλλά χρησιμοποιήστε τη κοινή Authorization κεφαλίδα (standard Authorization header).
+- [ ] Χρησιμοποιήστε μόνο κρυπτογράφηση από την πλευρά του διακομιστή.
 - [ ] Χρησιμοποιήστε API Gateway service για να ενεργοποιήσετε caching, Rate Limit policies (π.χ. `Quota`, `Spike Arrest`, ή `Concurrent Rate Limit`) και κάντε deploy APIs resources δυναμικά.
 
 ## Επεξεργασία (Processing)
@@ -49,6 +50,7 @@
 - [ ] Χρησιμοποιήστε CDN για την φόρτωση αρχείων (file uploads).
 - [ ] Εάν επεξεργάζεστε μεγάλο αριθμο δεδομένων, χρησιμοποιήστε Workers και Queues για να γίνετε η επεξεργασία στο background και να γίνεται η επιστροφή απάντησης πολύ πιο γρήγορα, αποφεύγοντας HTTP Blocking.
 - [ ] Μην ξεχνάτε να απενεργοποιήσετε το DEBUG mode.
+- [ ] Χρησιμοποιήστε μη εκτελέσιμες στοίβες όταν είναι διαθέσιμες.
 
 ## Αποστολή/Επιστροφή δεδομένων (Output)
 - [ ] Αποστέλετε `X-Content-Type-Options: nosniff` κεφαλίδα (header).
diff --git a/README-es.md b/README-es.md
index 1d1accd..f9fb326 100644
--- a/README-es.md
+++ b/README-es.md
@@ -38,6 +38,7 @@ Lista de las contramedidas de seguridad más importantes en cuanto al diseño, t
 - [ ] Valida el `content-type` de información enviada en base a la que aceptes (e.g. `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json`, etc).
 - [ ] Valida las entradas que realizan los usuarios para evitar ataques comunes (e.g. `XSS`, `SQL-Injection`, `Remote Code Execution`, etc).
 - [ ] No utilices información sensible (`credentials`, `Passwords`, `security tokens`, o `API keys`) en la URL, en su lugar usa la cabecera estándar `Authorization`.
+- [ ] Use solo cifrado del lado del servidor.
 - [ ] Usa un servicio de API Gateway para permitir almacenamiento en caché (caching), límite de peticiones (Rate Limit), Spike Arrest y el despliegue de APIs dinámicamente.
 
 ## Procesamiento
@@ -49,6 +50,7 @@ Lista de las contramedidas de seguridad más importantes en cuanto al diseño, t
 - [ ] Utiliza CDN para subidas de ficheros.
 - [ ] Si lidias con grandes cantidades de información, utiliza Workers y Colas para procesar tanto cómo sea posible en segundo plano, y devuelve una respuesta rápido para evitar un bloqueo HTTP.
 - [ ] No olvides deshabilitar el modo Debug.
+- [ ] Utilice stacks no ejecutables cuando estén disponibles.
 
 ## Salidas
 - [ ] Envía la cabecera `X-Content-Type-Options: nosniff`.
diff --git a/README-fa.md b/README-fa.md
index be9c24a..8b997c4 100644
--- a/README-fa.md
+++ b/README-fa.md
@@ -39,6 +39,7 @@
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;مقدار `content-type` در داده‌ی پست‌شده را اعتبارسنجی کن (مثلا `application/x-www-form-urlencoded`، `multipart/form-data`، `application/json` و ...).
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;ورودی کاربر را اعتبارسنجی کن تا از آسیب‌پذیری‌های معمول جلوگیری شود (مثلا `XSS`، `SQL-Injection` و `Remote Code Execution`).
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;هیچ داده‌ی حساسی مثل (داده‌های اعتبارسنجی، پسوورد‌ها، توکن‌های امنیتی یا کلید‌های API) را داخل URL قرار نده و از هدر Authorization استاندارد استفاده کن.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;فقط از رمزگذاری سمت سرور استفاده کنید.
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;از یک سرویس API Gateway استفاده کن تا کش‌کردن و سیاست‌های Rate Limit (مثلا `Quota`، `Spike Arrest` یا `Concurrent Rate Limit`) فعال شوند و منابع APIها را به صورت داینامیک دپلوی کن.
 
 ## پردازش
@@ -50,6 +51,7 @@
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;از یک CDN برای آپلودهای فایل استفاده کن.
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;اگر با مقادیر بسیار حجیمی از داده باید کار کنی، از Workerها و Queueها استفاده کن تا حداکثر پردازش در بک‌گراند انجام شود و سریع پاسخ را برگردان تا از HTTP Blocking جلوگیری شود.
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;خاموش کردن حالت DEBUG را فراموش نکن.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;در صورت وجود از پشته های غیر قابل اجرا استفاده کنید.
 
 ## خروجی
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;هدر `X-Content-Type-Options: nosniff` را ارسال کن.
diff --git a/README-fr.md b/README-fr.md
index 9e71a0e..4f52944 100644
--- a/README-fr.md
+++ b/README-fr.md
@@ -38,6 +38,7 @@ Checklist des points de sécurité les plus importants lors de la conception, du
 - [ ] Valider le `content-type` des données postées avec celles acceptées (e.g. `application/x-www-form-urlencoded`, `multipart/form-data, application/json`, etc…).
 - [ ] Valider les entrées utilisateur pour éviter les vulnérabilités classiques (e.g. `XSS`, `SQL-Injection`, `Remote Code Execution`, etc…).
 - [ ] N'utiliser aucune donnée sensible (`identifiants`, `mots de passe`, `tokens de sécurité`, ou `clés d'API`) dans l'URL, mais utiliser les en-têtes d'autorisations standards.
+- [ ] Utiliser uniquement le chiffrement côté serveur.
 - [ ] Utiliser un service de passerelle d'API afin d'obtenir la mise en cache, une limitation de la saturation des ressources, la gestion des pics d'activités et le déploiement automatique des ressources.
 
 ## Traitement
@@ -49,6 +50,7 @@ Checklist des points de sécurité les plus importants lors de la conception, du
 - [ ] Utiliser les réseaux de diffusion de contenu (CDN) pour l'envoie de fichier.
 - [ ] Dans le cas du traitement d'importantes quantités de données, utiliser des Workers et des Queues pour retourner les réponses rapidement et éviter un blocage HTTP.
 - [ ] Ne pas oublier de désactiver le mode DEBUG.
+- [ ] Utiliser des piles non exécutables lorsqu'elles sont disponibles.
 
 ## Sorties
 - [ ] Envoyer l'en-tête `X-Content-Type-Options: nosniff`.
diff --git a/README-hi.md b/README-hi.md
index 5c96ced..03454fa 100644
--- a/README-hi.md
+++ b/README-hi.md
@@ -38,6 +38,7 @@
 - [ ] जैसा कि आप स्वीकार करते हैं, उतनी ही पोस्ट की गई `content-type` की पुष्टि करें (जैसे `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json`, इत्यादि)।
 - [ ] सामान्य कमजोरियों (जैसे `XSS`, `SQL-Injection`, `Remote Code Execution`, आदि) से बचने के लिए उपयोगकर्ता इनपुट मान्य करें।
 - [ ] URL में किसी भी संवेदनशील डेटा (`credentials`, `Passwords`, `security tokens`, या `API keys`) का उपयोग न करें, लेकिन मानक प्राधिकरण शीर्ष लेख का उपयोग करें।
+- [ ] केवल सर्वर-साइड एन्क्रिप्शन का उपयोग करें।
 - [ ] कैशिंग, दर सीमा नीतियों (`Quota`, `Spike Arrest`, `Concurrent Rate Limit`) को सक्षम करने के लिए API गेटवे सेवा का उपयोग करें और गतिशील रूप से API संसाधनों की तैनाती करें।
 
 ## Processing
@@ -49,6 +50,7 @@
 - [ ] फ़ाइल अपलोड के लिए CDN का उपयोग करें।
 - [ ] यदि आप बड़ी मात्रा में डेटा के साथ काम कर रहे हैं, तो Workers और Queues का उपयोग पृष्ठभूमि में यथासंभव प्रक्रिया करने के लिए और HTTP अवरोधन(Blocking) से बचने के लिए तेज़ी से return response करें।
 - [ ] DEBUG मोड बंद करने के लिए मत भूलना।
+- [ ] उपलब्ध होने पर गैर-निष्पादन योग्य stack का उपयोग करें।
 
 ## Output
 - [ ] `X-Content-Type-Options: nosniff` हेडर भेजें।
diff --git a/README-id.md b/README-id.md
index 0b60a23..554b13d 100644
--- a/README-id.md
+++ b/README-id.md
@@ -38,6 +38,7 @@ Checklist penanggulangan keamanan yang paling penting ketika merancang, menguji,
 - [ ] Validasi `content-type` dari data yang dipos oleh pengguna (Contoh: `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json`, dan lain sebagainya).
 - [ ] Validasi masukan dari pengguna untuk menghindari kerentanan umum (Contoh: `XSS`, `SQL-Injection`, `Remote Code Execution`, dan lain sebagainya).
 - [ ] Jangan gunakan data sensitif seperti `kredensial`, `kata sandi`, `token keamanan`, atau `kunci API` pada URL. Gunakan tajuk _Authorization_ baku.
+- [ ] Gunakan hanya enkripsi sisi server.
 - [ ] Gunakan layanan pintu gerbang API (_API Gateway_) untuk memungkinan singgahan, pembatasan laju, pendeteksian lalu lintas tinggi, dan penyebaran sumber daya API secara dinamis.
 
 ## Pemrosesan
@@ -49,6 +50,7 @@ Checklist penanggulangan keamanan yang paling penting ketika merancang, menguji,
 - [ ] Gunakan CDN untuk unggah berkas.
 - [ ] Jika berhubungan dengan jumlah data yang sangat besar, gunakan Pekerja dan Antrian untuk memproses sebanyak mungkin di balik layar dan kembalikan tanggapan cepat untuk menghindari pemblokiran HTTP.
 - [ ] Jangan lupa untuk mematikan mode DEBUG.
+- [ ] Gunakan stack yang tidak dapat dieksekusi jika tersedia.
 
 ## Keluaran
 - [ ] Kirim tajuk `X-Content-Type-Options: nosniff`.
diff --git a/README-it.md b/README-it.md
index 08592f3..20ed837 100644
--- a/README-it.md
+++ b/README-it.md
@@ -38,6 +38,7 @@ Una checklist per le più importanti contromisure da mettere in pratica quando s
 - [ ] Validare il `content-type` in base alle strutture accettate (es. `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json`, ecc.).
 - [ ] Validare sempre gli input dell'utente per evitare attacchi comuni (es. `XSS`, `SQL-Injection`, `Remote Code Execution`, ecc.).
 - [ ] Non utilizzare mai dati sensibili (`credenziali`, `password`, `security tokens`, o `API keys`) nell'url, utilizzare piuttosto gli Authorization header.
+- [ ] Utilizzare solo la crittografia lato server.
 - [ ] Utilizzare un gateway per abilitare il caching delle API, con sistema di controllo delle chiamate (es. `Quota`, `Spike Arrest`, `Concurrent Rate Limit`).
 
 ## Processing
@@ -49,6 +50,7 @@ Una checklist per le più importanti contromisure da mettere in pratica quando s
 - [ ] Utilizzare una CDN per l'upload dei file.
 - [ ] Se stai gestendo grandi moli di dati, utilizza Workers e Queues per processare i dati in background evitando che la chiamata HTTP vada in blocco.
 - [ ] Ricordarsi sempre di disattivare le eventuali modalità di DEBUG.
+- [ ] Utilizzare stack non eseguibili quando disponibili.
 
 ## Output
 - [ ] Inviare l'header `X-Content-Type-Options: nosniff`.
diff --git a/README-ja.md b/README-ja.md
index 5144b51..875a5bd 100644
--- a/README-ja.md
+++ b/README-ja.md
@@ -38,6 +38,7 @@ APIを設計、テスト、リリースするときの最も重要なセキュ
 - [ ] POSTされたデータの`content-type`が受け入れ可能（例: `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json`等）かどうかを検証する。
 - [ ] ユーザーの入力に一般的な脆弱性が含まれていないことを検証する（例: `XSS`, `SQLインジェクション`, `リモートコード実行`等）。
 - [ ] URLの中に機密情報（`認証情報`, `パスワード`, `セキュリティトークン`）を利用せず、標準的な認証ヘッダを使用する。
+- [ ] サーバー側の暗号化のみを使用してください。
 - [ ] キャッシュ、Rate Limit policies（例: `Quota`, `Spike Arrest`, `Concurrent Rate Limit`）を有効化し、APIリソースのデプロイを動的に行うため、APIゲートウェイサービスを利用する。
 
 ## 処理
@@ -49,6 +50,7 @@ APIを設計、テスト、リリースするときの最も重要なセキュ
 - [ ] ファイルアップロードにはCDNを利用する。
 - [ ] 大量のデータを扱う場合、バックグラウンドでWorkerプロセスやキューを出来る限り使用し、レスポンスを速く返すことでHTTPブロッキングを避ける。
 - [ ] デバッグ・モードを無効にすることを忘れないでください。
+- [ ] 可能な場合は、実行不可能なスタックを使用してください。
 
 ## 出力
 - [ ] `X-Content-Type-Options: nosniff`をヘッダに付与する。
diff --git a/README-ko.md b/README-ko.md
index e2065b0..eab59a2 100644
--- a/README-ko.md
+++ b/README-ko.md
@@ -38,6 +38,7 @@ API를 설계하고, 테스트하고, 배포할 때 고려해야 할 중요한 
 - [ ] 요청받은 POST 데이터의 `content-type`을 검증하세요. (예를 들어 `application/x-www-form-urlencoded`나 `multipart/form-data` 또는 `application/json` 등)
 - [ ] 일반적인 취약점들을 피하기 위해선 사용자 입력의 유효성을 검증하세요. (예를 들어 `XSS`, `SQL-Injection` 또는 `Remote Code Execution` 등)
 - [ ] URL에는 그 어떤 민감한 데이터 (`자격 인증 (credentials)`, `패스워드`, `보안 토큰` 또는 `API 키`)도 포함하고 있어서는 안 되며 이러한 것들은 표준 인증 방식의 헤더를 사용하세요.
+- [ ] 서버 측 암호화만 사용하십시오.
 - [ ] 캐싱과 속도 제한 정책을 제공하는 API 게이트웨이 서비스 (예를 들어 `Quota`, `Spike Arrest`, `Concurrent Rate Limit`)를 사용하고, API 리소스를 동적으로 배포하세요.
 
 ## 서버 처리
@@ -49,6 +50,7 @@ API를 설계하고, 테스트하고, 배포할 때 고려해야 할 중요한 
 - [ ] 파일 업로드에는 CDN을 사용하세요.
 - [ ] 거대한 양의 데이터를 다루고 있다면, 워커나 큐를 사용하여 가능한 한 백그라운드에서 처리하고, HTTP 블로킹을 피하기 위해 응답을 빠르게 반환하세요.
 - [ ] 디버그 모드를 꺼놓는 일을 절대 잊지 마세요.
+- [ ] 가능한 경우 실행 불가능한 스택을 사용하십시오.
 
 ## 반환 및 응답 (Output)
 - [ ] `X-Content-Type-Options: nosniff` 헤더를 반환하세요.
diff --git a/README-lo.md b/README-lo.md
index bf680d0..c86f2a6 100644
--- a/README-lo.md
+++ b/README-lo.md
@@ -38,6 +38,7 @@ Checklist ທີ່ຕ້ອງໃຫ້ຄວາມສຳຄັນເມື່
 - [ ] Validate `content-type` ຂອງ data ທີ່ຮັບມາທຸກຄັ້ງ(ຕົວຢ່າງ, `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json` ... ໆລໆ).
 - [ ] Validate ຂໍ້ມູນ user ໃສ່ເຂົ້າມາທຸກຄັ້ງເພື່ອປ້ອງກັນຊ່ອງໂຫວ່ທີ່ຖືກກັນຫຼາຍໆ (ຕົວຢ່າງ, `XSS`, `SQL-Injection`, `Remote Code Execution` ... ໆລໆ).
 - [ ] ຫ້າມເອົາຂໍ້ມູນທີ່ສຳຄັນໄປໄວ້ໃນ URL (ເຊັ່ນ /servicexxx?creditcardnum=1234) ແຕ່ໃຫ້ໄປໃສ່ໄວ້ໃນ authorization header ແທນ (`credentials`, `Passwords`, `security tokens`, ຫຼື `API keys`).
+- [ ] ໃຊ້ພຽງແຕ່ການເຂົ້າລະຫັດຂ້າງເຊີບເວີ.
 - [ ] ເຮັດ API Gateway ເພື່ອໃຫ້ສາມາດເຮັດ caching, Rate Limit, Spike Arrest, ແລະ ຈັດການຊັບພະຍາກອນສຳລັບ API ໄດ້ຢ່າງຍືດຍຸ່ນ.
 
 ## Processing
@@ -49,6 +50,7 @@ Checklist ທີ່ຕ້ອງໃຫ້ຄວາມສຳຄັນເມື່
 - [ ] ໃຊ້ CDN ເມື່ອຈຳເປັນຕ້ອງມີການ upload ຟາຍຈາກ client.
 - [ ] ຫາກຕ້ອງເຈິກັບຂໍ້ມູນຂະໜາດໃຫຍ່ ໃຫ້ໃຊ້ Workers ກັບ ຄິວໃນການຈັດການເພື່ອໃຫ້ມີການຕອບຂໍ້ມູນກັບໄດ້ຢ່າງວ່ອງໄວຈະໄດ້ບໍ່ເກີດຄວາມສ່ຽງຂຶ້ນ.
 - [ ] ຢ່າລືມປິດໂໝດ DEBUG ໃນ code ຫາກເຮັດໄວ້.
+- [ ] ໃຊ້ stacks ທີ່ບໍ່ສາມາດປະຕິບັດໄດ້ເມື່ອມີ.
 
 ## Output
 - [ ] ຕັ້ງ `X-Content-Type-Options: nosniff` ໃນ header.
diff --git a/README-mk.md b/README-mk.md
index dd4442a..47786e1 100644
--- a/README-mk.md
+++ b/README-mk.md
@@ -38,6 +38,7 @@
 - [ ] Потврдете ги `content-type` на објавените податоци што ги прифаќате (на пр., `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json`, итн.).
 - [ ] Потврдете го корисничкиот влез за да избегнете вообичаени слабости (п.р. `XSS`, `SQL-Injection`, `Remote Code Execution`, итн).
 - [ ] Не користете чувствителни податоци(`credentials`, `Passwords`, `security tokens`, или `API keys`) во URL-то, но користете стандарден заглавие за авторизација.
+- [ ] Користете само шифрирање од страна на серверот.
 - [ ] Користете API Gateway-услуга за да овозможите кеширање, политики за ограничување на тарифите (пр. `Quota`, `Spike Arrest`, `Concurrent Rate Limit`) и динамички да ги распоредите ресурсите за API-то.
 
 ## Processing
@@ -49,6 +50,7 @@
 - [ ] Користете CDN за закачување на фајлови.
 - [ ] Ако се занимавате со огромни количини на податоци, користете Workers and Queues за да процесирате што е можно повеќе во позадина и да го вратите одговорот брзо за да избегнете блокирање на HTTP.
 - [ ] Не заборавајте да го исклучите режимот DEBUG.
+- [ ] Користете неизвршни stack кога е достапно.
 
 ## Излез
 - [ ] Праќај `X-Content-Type-Options: nosniff` хедер.
diff --git a/README-ml.md b/README-ml.md
index 6544f27..1295505 100644
--- a/README-ml.md
+++ b/README-ml.md
@@ -37,6 +37,7 @@
 - [ ] Accept ഹെഡ്‍ർ (കണ്ടെന്റ് നെഗോഷിയേഷൻ) അവശ്യപെടുന്നതിനനുസരിച്ചു `content-type` വാലിഡേറ്റ് ചെയ്യുകയും സപ്പോർട്ട് ചെയ്യുന്ന ഫോർമാറ്റുകൾ മാത്രം അനുവദിക്കുകയും (ഉദാ. `application/xml`, `application/json`, മുതലായവ) പൊരുത്തപ്പെടുന്നില്ലെങ്കിൽ `406 Not Acceptable` എന്ന റെസ്പോൻഡ്‌സ് ഉപയോഗിച്ച് പ്രതികരിക്കുകയും ചെയ്യുക.
 - [ ] പോസ്റ്റ് ചെയ്‌ത ടാറ്റായുടെ `content-type` നിങ്ങൾ അനുവദിക്കുന്നതതിനനുസരിച് വാലിഡേറ്റ് ചെയ്യുക. (ഉദാ: `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json`, മുതലായവ).
 - [ ] പൊതുവായ വൾനറബിലിറ്റികൾ ഒഴിവാക്കാൻ യൂസർ ഇൻപുട്ട് സാധൂകരിക്കുക (ഉദാ: `XSS`, `SQL-ഇൻജെക്ഷൻ`, `റിമോട്ട് കോഡ് എക്സിക്യൂഷൻ`, മുതലായവ).
+- [ ] സെർവർ സൈഡ് എൻക്രിപ്ഷൻ മാത്രം ഉപയോഗിക്കുക.
 
 ## പ്രോസസ്സിംഗ്
 - [ ] തകർന്ന ഓതെന്റിക്കേഷൻ പ്രക്രിയ ഒഴിവാക്കാൻ എല്ലാ എൻഡ് പോയിന്റുകളും ഓതെന്റിക്കേഷൻന് പിന്നിൽ പരിരക്ഷിച്ചിട്ടുണ്ടോയെന്ന് പരിശോധിക്കുക.
@@ -47,6 +48,7 @@
 - [ ] ഫയൽ അപ്‌ലോഡുകൾക്കായി ഒരു CDN ഉപയോഗിക്കുക.
 - [ ] നിങ്ങൾ വലിയ അളവിലുള്ള ഡാറ്റയാണ് കൈകാര്യം ചെയ്യുന്നതെങ്കിൽ, HTTP തടയൽ ഒഴിവാക്കുന്നതിന് പശ്ചാത്തലത്തിൽ കഴിയുന്നത്ര പ്രോസസ്സ് ചെയ്യാനും പ്രതികരണം വേഗത്തിൽ തിരികെ നൽകാനും വർക്കേഴ്സും ക്യൂകളും ഉപയോഗിക്കുക.
 - [ ] ഡീബഗ് മോഡ് ഓഫ് ചെയ്യാൻ മറക്കരുത്.
+- [ ] ലഭ്യമാകുമ്പോൾ എക്സിക്യൂട്ടബിൾ അല്ലാത്ത stackകൾ ഉപയോഗിക്കുക.
 
 ## ഔട്ട്പുട്ട്
 - [ ] `X-Content-Type-Options: nosniff` ഹെഡ്‍ർ അയയ്ക്കുക.
diff --git a/README-mn.md b/README-mn.md
index f5e8d98..38712fe 100644
--- a/README-mn.md
+++ b/README-mn.md
@@ -38,6 +38,7 @@ API гаргах, загварчлах, тестлэхэд аюулгүйн та
 - [ ] `content-type` -ыг post хийх өгөгдөл дээр шалга (Жнь. `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json`, г.м).
 - [ ] Хэрэглэгчээс гараас оруулсан утгыг шалгаж түгээмэл нүхнүүдээс сэргийлнэ. (Жнь. `XSS`, `SQL-Injection`, `Remote Code Execution`, г.м).
 - [ ] Чухал өгөгдлүүдийг (`credentials`, `Passwords`, `security tokens`, эсвэл `API keys`) URL ээр бүү явуул, оронд нь стандарт Authorization header ашигла.
+- [ ] Зөвхөн сервер талын шифрлэлтийг ашиглана уу.
 - [ ] API Gateway үйлчилгээ ашиглан Rate Limit Policies (Жнь. `Quota`, `Spike Arrest`, `Concurrent Rate Limit`) болон cache хийх, мөн API deploy хийхэд ашигла.
 
 ## Processing
@@ -49,6 +50,7 @@ API гаргах, загварчлах, тестлэхэд аюулгүйн та
 - [ ] Файл upload хийхэд CDN ашигла.
 - [ ] Их хэмжээний өгөгдөлтэй ажиллах үед Workers болон Queue ашиглан үйлдлийг аль болох background -д ажиллуулж хариуг хурдан явуулах нь HTTP Blocking -оос сэргийлнэ.
 - [ ] DEBUG горимыг унтраах.
+- [ ] Боломжтой үед гүйцэтгэх боломжгүй stack ашигла.
 
 ## Output
 - [ ] `X-Content-Type-Options: nosniff` header дээр явуул.
diff --git a/README-nl.md b/README-nl.md
index adf89fa..92add65 100644
--- a/README-nl.md
+++ b/README-nl.md
@@ -38,6 +38,7 @@ Checklist met de belangrijkste tegenmaatregelen bij het ontwerpen, testen en uit
 - [ ] Valideer de `content-type` header van gestuurde data (b.v. `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json` ... enz).
 - [ ] Valideer de gebruiker invoer om veel voorkomende kwetsbaarheden te voorkomen (v.b. `XSS`, `SQL-Injection`, `Remote Code Execution` ... enz).
 - [ ] Gebruik geen gevoelige data (`credentials`, `Wachtwoorden`, `security tokens`, of `API keys`) in de URL, maar gebruik de standaard Authorization header.
+- [ ] Gebruik alleen versleuteling aan de serverzijde.
 - [ ] Gebruik een API Gateway service voor caching, policies (b.v. `Quota`, `Spike Arrest`, `Concurrent Rate Limit`) en voor het dynamisch deployen van API middelen.
 
 ## Processing
@@ -49,6 +50,7 @@ Checklist met de belangrijkste tegenmaatregelen bij het ontwerpen, testen en uit
 - [ ] Gebruik CDN voor het uploaden van bestanden.
 - [ ] Als er met grote/mega hoeveelheden data gewerkt wordt, gebruik dan Workers en Queues om snel een response te geven en HTTP Blocking te voorkomen.
 - [ ] Vergeet niet om de DEBUG mode uit te zetten.
+- [ ] Gebruik niet-uitvoerbare stacks indien beschikbaar.
 
 ## Output
 - [ ] Stel de `X-Content-Type-Options: nosniff` header in.
diff --git a/README-pl.md b/README-pl.md
index c454be6..1c7720e 100644
--- a/README-pl.md
+++ b/README-pl.md
@@ -38,6 +38,7 @@ Lista kontrolna najważniejszych metod zabezpieczenia podczas projektowania, tes
 - [ ] Waliduj `content-type` informacji przekazywanych metodą POST (np. `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json`).
 - [ ] Waliduj informacje wprowadzane przez użytkownika, aby uniknąć zagrożeń (np.. `XSS`, `SQL-Injection`, `Zdalne Wykonanie Skryptu`).
 - [ ] Nie używaj żadnych wrażliwych danych w URL, zamiast tego użyj standardowego nagłówka Autoryzującego.
+- [ ] Użyj tylko szyfrowania po stronie serwera.
 - [ ] Użyj usługi API Gateway aby włączyć caching oraz np. `Quota`, `Spike Arrest`, `Concurrent Rate Limit`.
 
 ## Przetwarzanie
@@ -48,6 +49,7 @@ Lista kontrolna najważniejszych metod zabezpieczenia podczas projektowania, tes
 - [ ] Użyj CDN do przechowywania wysyłanych plików.
 - [ ] Jeżeli pracujesz z dużą ilością danych, użyj procesów Workers oraz kolejkowania Queues aby przetworzyć jak najwięcej w tle i zwrócić informacje szybko aby uniknąć blokowania HTTP.
 - [ ] Nie zapomnij o wyłączeniu trybu debugowania.
+- [ ] Użyj niewykonywalnych stacks jeśli są dostępne.
 
 ## Wyjście
 - [ ] Wyślij nagłówek `X-Content-Type-Options: nosniff`.
diff --git a/README-pt_BR.md b/README-pt_BR.md
index 8a80852..f6319c5 100644
--- a/README-pt_BR.md
+++ b/README-pt_BR.md
@@ -38,6 +38,7 @@ Lista das mais importantes medidas de segurança para o desenvolvimento, teste e
 - [ ] Valide o tipo de conteúdo do conteúdo da requisição informado no cabeçalho `Content-Type` da requisição para permitir apenas os formatos suportados pela sua API (ex. `application/x-www-form-urlencoded`, `multipart/form-data, application/json` ... etc).
 - [ ] Valide o conteúdo da requisição para evitar as vulnerabilidades mais comuns (ex. `XSS`, `SQL-Injection`, `Remote Code Execution` ... etc).
 - [ ] Não utilize nenhuma informação sensível (credenciais, senhas, _tokens_ de autenticação) na URL. Use o cabeçalho `Authorization` da requisição.
+- [ ] Use apenas criptografia do lado do servidor.
 - [ ] Use um serviço _gateway_ para a sua API para habilitar _cache_, limitar acessos sucessivos (ex. por quantidade máxima permitida (_Quota_), por limitar tráfego em situações de estresse (_spike arrest_) ou por limitar o número de conexões simultâneas na sua API (_Concurrent Rate Limit_)), e facilitar o _deploy_ de novas funcionalidades.
 
 ## Processamento (_Processing_)
@@ -49,6 +50,7 @@ Lista das mais importantes medidas de segurança para o desenvolvimento, teste e
 - [ ] Use CDN para _uploads_ de arquivos.
 - [ ] Se você estiver trabalhando com uma grande quantidade de dados, use _workers_ e _queues_ (fila de processos) para retornar uma resposta rapidamente e evitar o bloqueio de requisições HTTP.
 - [ ] Não se esqueça de desativar o modo de depuração (_DEBUG mode OFF_).
+- [ ] Use stacks não executáveis quando disponíveis.
 
 ## Resposta (_Output_)
 - [ ] Envie o cabeçalho `X-Content-Type-Options: nosniff`.
diff --git a/README-ru.md b/README-ru.md
index 59ea630..b42071a 100644
--- a/README-ru.md
+++ b/README-ru.md
@@ -38,6 +38,7 @@
 - [ ] Проверяйте, сможете ли вы обработать тип получаемых данных (например, `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json` и т.д.).
 - [ ] Проверьте пользовательский ввод во избежание распространенных уязвимостей (например: `XSS`, `SQL-инъекций`, `удаленное выполнение кода` и т.д.).
 - [ ] Не передавайте конфиденциальные данные (`учетные данные`, `пароли`, `токены` или `ключи API`) в URL-адресе, вместо него используйте стандартный заголовок `Authorization`.
+- [ ] Используйте только шифрование на стороне сервера.
 - [ ] Используйте единый API-шлюз, чтобы можно было настроить кеширование, ограничение на кол-во запросов, Spike Arrest, а также динамическое развертывание API.
 
 ## Обработка
@@ -49,6 +50,7 @@
 - [ ] Используйте CDN для загрузки файлов.
 - [ ] Если вы имеете дело с огромным количеством данных, используйте Workers and Queues, чтобы обрабатывать как можно больше в фоновом режиме и быстро возвращать ответ, чтобы избежать блокирования HTTP.
 - [ ] Не забудьте выключить режим отладки (debug).
+- [ ] Используйте неисполняемые stack когда они доступны.
 
 ## Ответ
 - [ ] Отправляйте заголовок `X-Content-Type-Options: nosniff`.
diff --git a/README-th.md b/README-th.md
index 689ee98..241ef6d 100644
--- a/README-th.md
+++ b/README-th.md
@@ -26,7 +26,7 @@ Checklist ที่ต้องให้ความสำคัญเมื่
 - [ ] กำหนด scope และมีการ validate scope ตัวแปรสำหรับแต่ละแอป
 
 ## Access
-- [ ] จำกัดจำนวนสูงสุดของ request เพื่อป้องกัน DDoS / Bruteforce
+- [ ] จำกัดจำนวนสูงสุดของ request เพื่อป้องกัน DDoS / Bruteforce.
 - [ ] ใช้ https เพื่อป้องกัน MITM (Man In The Middle Attack).
 - [ ] ใช้ `HSTS` header กับ SSL เพื่อป้องกัน SSL Strip attack.
 - [ ] ปิดรายการไดเรกทอรี.
@@ -38,16 +38,18 @@ Checklist ที่ต้องให้ความสำคัญเมื่
 - [ ] Validate `content-type` ของ data ที่รับมาทุกครั้ง(e.g. `application/x-www-form-urlencoded`, `multipart/form-data ,application/json`... ).
 - [ ] Validate ข้อมูลที่ user ใส่เข้ามาทุกครั้งเพื่อป้องกันช่องโหว่ที่โดนกันบ่อยๆ (e.g. `XSS`, `SQL-Injection`, `Remote Code Execution` ... etc).
 - [ ] ห้ามเอาข้อมูลสำคัญไปใส่ไว้ใน URL (เช่น /servicexxx?creditcardnum=1234) แต่ให้ไปแปะไว้ใน authorization header แทน (`credentials`, `Passwords`, `security tokens`, หรือ `API keys`)
-- [ ] ทำ API Gateway เพื่อให้สามารถทำ caching, Rate Limit, Spike Arrest, และการจัดสรรค์ทรัพยากรสำหรับ API ได้อย่างยืดหยุ่น
+- [ ] ใช้การเข้ารหัสฝั่งเซิร์ฟเวอร์เท่านั้น.
+- [ ] ทำ API Gateway เพื่อให้สามารถทำ caching, Rate Limit, Spike Arrest, และการจัดสรรค์ทรัพยากรสำหรับ API ได้อย่างยืดหยุ่น.
 
 ## Processing
-- [ ] ตรวจดูว่า endpoints ทุกจุดอยู่ภายใต้ authentication เพื่อป้องกันช่องโหว่ที่ทำให้คนอื่นมาเรียกใช้โดยไม่จำเป็นต้องพิสูจน์ตัวตน
-- [ ] ไม่ควรนำ resource ID ของ user ไปใช้ (`/user/654321/orders`) แต่ให้ไปใช้แบบ `/me/orders` แทน เพื่อป้องกัน user เปลี่ยนไปใช้ของคนอื่น
-- [ ] เลข ID ของ user ไม่ควรมีการสร้างแบบไล่ลำดับเพิ่มไปเรื่อยๆ แต่ให้สร้าง UUID แทน
-- [ ] ถ้ามีการ parsing ไฟล์ XML, ให้ปิดส่วนของ Entity parsing ไว้เพื่อเลี่ยงที่จะโดนช่องโหว่ต่างๆเช่น (XML external entity attack, Billion Laughs/XML bomb)
-- [ ] ใช้ CDN เมื่อจำเป็นต้องมีการ upload ไฟล์จาก client
-- [ ] หากต้องเผชิญกับข้อมูลขนาดใหญ่ ให้ใช้ Workers กับ คิวในการจัดการเพื่อให้มีการตอบข้อมูลกลับได้อย่างรวดเร็วจะได้ไม่เกิดคอขวดขึ้น
-- [ ] อย่าลืมปิดโหมด DEBUG ใน code หากทำไว้
+- [ ] ตรวจดูว่า endpoints ทุกจุดอยู่ภายใต้ authentication เพื่อป้องกันช่องโหว่ที่ทำให้คนอื่นมาเรียกใช้โดยไม่จำเป็นต้องพิสูจน์ตัวตน.
+- [ ] ไม่ควรนำ resource ID ของ user ไปใช้ (`/user/654321/orders`) แต่ให้ไปใช้แบบ `/me/orders` แทน เพื่อป้องกัน user เปลี่ยนไปใช้ของคนอื่น.
+- [ ] เลข ID ของ user ไม่ควรมีการสร้างแบบไล่ลำดับเพิ่มไปเรื่อยๆ แต่ให้สร้าง UUID แทน.
+- [ ] ถ้ามีการ parsing ไฟล์ XML, ให้ปิดส่วนของ Entity parsing ไว้เพื่อเลี่ยงที่จะโดนช่องโหว่ต่างๆเช่น (XML external entity attack, Billion Laughs/XML bomb).
+- [ ] ใช้ CDN เมื่อจำเป็นต้องมีการ upload ไฟล์จาก client.
+- [ ] หากต้องเผชิญกับข้อมูลขนาดใหญ่ ให้ใช้ Workers กับ คิวในการจัดการเพื่อให้มีการตอบข้อมูลกลับได้อย่างรวดเร็วจะได้ไม่เกิดคอขวดขึ้น.
+- [ ] อย่าลืมปิดโหมด DEBUG ใน code หากทำไว้.
+- [ ] ใช้ stack ที่ไม่สามารถเรียกใช้งานได้เมื่อมี.
 
 ## Output
 - [ ] ตั้ง `X-Content-Type-Options: nosniff` ใน header.
diff --git a/README-tr.md b/README-tr.md
index 675a6e3..1d028ac 100644
--- a/README-tr.md
+++ b/README-tr.md
@@ -38,6 +38,7 @@ API'nizi tasarlarken, test ederken ve yayınlarken en önemli güvenlik önlemle
 - [ ] Gönderilen verileri doğrularken gelen verinin `content-type` değerini doğrulayın (ör. `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json`, v.b.).
 - [ ] Genel güvenlik açıklarını önlemek için kullanıcıdan gelen her veriyi doğrulayın (ör. `XSS`, `SQL-Injection`, `Remote Code Execution`, v.b.).
 - [ ] URL'de hassas veriler (`credentials`, `Passwords`, `security tokens`, veya `API keys`) kullanmayın, ancak standart Authorization header kullanın.
+- [ ] Yalnızca sunucu tarafı şifreleme kullanın.
 - [ ] Önbelleklemeyi ve hız sınır politikalarını (ör. `Quota`, `Spike Arrest`, `Concurrent Rate Limit`) etkinleştirmek için ve API kaynaklarını dinamik olarak dağıtmak için bir API Gateway hizmeti kullanın.
 
 ## İşleme
@@ -48,7 +49,8 @@ API'nizi tasarlarken, test ederken ve yayınlarken en önemli güvenlik önlemle
 - [ ] Eğer XML dosyarını (parse) ayrıştırıyorsanız, `Billion Laughs/XML bomb` varlık genişletme saldırısı yoluyla,varlığın genişlemesinin önlemek için etkinleştirilmediğinden emin olun.
 - [ ] Dosya yüklemeleri için bir CDN kullanın.
 - [ ] Büyük miktarda veri ile uğraşıyorsanız, HTTP tıkanmasını engellemeyi önlemek için işleyici (Worker) ve kuyrukları (Queues) yapılarını arka planda işlem yapmak ve yanıtı hızlı bir şekilde yanıtlamak için mümkün oluğu kadar kullanın.
-- [ ] DEBUG modunu kapatmayı unutmayın!.
+- [ ] DEBUG modunu kapatmayı unutmayın!
+- [ ] Varsa yürütülemez yığınları kullanın.
 
 ## Çıktı
 - [ ] `X-Content-Type-Options: nosniff` header'ı gönderin.
diff --git a/README-tw.md b/README-tw.md
index 8a66773..983b0a5 100644
--- a/README-tw.md
+++ b/README-tw.md
@@ -38,6 +38,7 @@
 - [ ] 驗證 `content-type` 的發佈數據和你收到的一樣 (如 `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json` 等等).
 - [ ] 驗證用戶輸入來避免一些普通的易受攻擊缺陷 (如 `XSS`, `SQL-注入`, `遠程代碼執行` 等等).
 - [ ] 不要在 URL 中使用任何敏感的數據 (`credentials`, `Passwords`, `security tokens`, 或 `API keys`), 而是使用標準的認證請求頭.
+- [ ] 僅使用服務器端加密。
 - [ ] 使用一個 API Gateway 服務來啟用緩存、訪問速率限制 (如 `Quota`, `Spike Arrest`, `Concurrent Rate Limit`) 以及動態地部署 APIs resources.
 
 ## 處理
@@ -49,6 +50,7 @@
 - [ ] 在文件上傳中使用 CDN.
 - [ ] 如果需要處理大量的數據, 使用 Workers 和 Queues 來快速響應, 從而避免 HTTP 阻塞.
 - [ ] 不要忘了把 DEBUG 模式關掉.
+- [ ] 可用時使用不可執行的堆棧。
 
 ## 輸出
 - [ ] 發送 `X-Content-Type-Options: nosniff` 頭.
diff --git a/README-uk.md b/README-uk.md
index 17d1398..b438614 100644
--- a/README-uk.md
+++ b/README-uk.md
@@ -38,6 +38,7 @@
 - [ ] Перевіряйте вміст опублікованих даних `типу контенту` в міру їх прийняття (наприклад,` application/x-www-form-urlencoded`, `multipart/form-data`, `application/json` і т.д.).
 - [ ] Перевірте користувальницьке введення щоб уникнути поширених вразливостей (наприклад: `XSS`, `SQL-ін'єкцій`, `віддалене виконання коду` і т.д.).
 - [ ] Не використовуйте конфіденційні дані (`облікові дані`, `паролі`, `маркери безпеки` або `ключі API`) в URL-адресі, але використовуйте стандартний заголовок авторизації.
+- [ ] Використовуйте лише шифрування на стороні сервера.
 - [ ] Використовуйте службу шлюзу API, щоб активувати кешування, обмеження швидкості, спайк-арешт і динамічне розгортання ресурсів API.
 
 ## Обробка
@@ -49,6 +50,7 @@
 - [ ] Використовуйте CDN для завантаження файлів.
 - [ ] Якщо ви маєте справу з величезною кількістю даних, використовуйте Workers and Queues, щоб обробляти якомога більше в фоновому режимі і швидко повертати відповідь, щоб уникнути блокування HTTP.
 - [ ] Не забудьте вимкнути режим DEBUG.
+- [ ] Використовуйте невиконувані stack якщо вони доступні.
 
 ## Виведення
 - [ ] Надсилайте заголовок `X-Content-Type-Options: nosniff`.
diff --git a/README-vi.md b/README-vi.md
index 5b25d42..ed73ab0 100644
--- a/README-vi.md
+++ b/README-vi.md
@@ -38,6 +38,7 @@ Những giải pháp an toàn và cách khắc phục khi thiết kế, kiểm t
 - [ ] Xác nhận dữ liệu `content-type` được chấp nhận khi gửi lên (chẳng hạn như. `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json`...).
 - [ ] Kiểm tra dữ liệu truyền lên từ người dùng để tránh các lỗ hổng phổ biến (chẳng hạn như `XSS`, `SQL-Injection`, `Remote Code Execution`...).
 - [ ] Không sử dụng các dữ liệu nhạy cảm như (`credentials`, `Passwords`, `security tokens`, hoặc `API keys`) tại URL, sử dụng header Authorization để xác thực.
+- [ ] Chỉ sử dụng mã hóa phía máy chủ.
 - [ ] Sử dụng API Gateway để kích hoạt cache, Rate Limit policies (chẳng hạng như. `Quota`, `Spike Arrest`, `Concurrent Rate Limit`) và deploy APIs resources linh động hơn.
 
 ## Processing
@@ -49,6 +50,7 @@ Những giải pháp an toàn và cách khắc phục khi thiết kế, kiểm t
 - [ ] Sử dụng CDN để tải lên tệp tin.
 - [ ] Nếu bạn đang cần xử lý với lượng dữ liệu lớn, sử dụng các kỹ thuật Workers và Queues để xử lý tác vụ dưới nền càng nhiều càng tốt và giúp phản hồi nhanh để tránh bị timeout HTTP.
 - [ ] Đừng quên tắt chế độ DEBUG.
+- [ ] Sử dụng stack không thực thi khi có sẵn.
 
 ## Output
 - [ ] Thêm `X-Content-Type-Options: nosniff` vào response headers.
diff --git a/README-zh.md b/README-zh.md
index 8473cba..965adf2 100644
--- a/README-zh.md
+++ b/README-zh.md
@@ -38,6 +38,7 @@
 - [ ] 验证 `content-type` 中申明的编码和你收到正文编码一致（如 `application/x-www-form-urlencoded`，`multipart/form-data`，`application/json` 等等）。
 - [ ] 验证用户输入来避免一些普通的易受攻击缺陷（如 `XSS`，`SQL-注入`，`远程代码执行` 等等）。
 - [ ] 不要在 URL 中使用任何敏感的数据（`credentials`，`Passwords`，`security tokens`，or `API keys`），而是使用标准的认证请求头。
+- [ ] 仅使用服务器端加密。
 - [ ] 使用一个 API Gateway 服务来启用缓存、限制访问速率（如 `Quota`，`Spike Arrest`，`Concurrent Rate Limit`）以及动态地部署 APIs resources。
 
 ## 处理
@@ -49,6 +50,7 @@
 - [ ] 在文件上传中使用 CDN。
 - [ ] 如果数据处理量很大，尽可能使用队列或者 Workers 在后台处理来避免阻塞请求，从而快速响应客户端。
 - [ ] 不要忘了把 DEBUG 模式关掉。
+- [ ] 可用时使用不可执行的堆栈。
 
 ## 输出
 - [ ] 增加请求返回头 `X-Content-Type-Options: nosniff`。
diff --git a/README.md b/README.md
index 667c389..54920e1 100644
--- a/README.md
+++ b/README.md
@@ -7,7 +7,7 @@ Checklist of the most important security countermeasures when designing, testing
 ---
 
 ## Authentication
-- [ ] Don't use `Basic Auth`. Use standard authentication instead (e.g. [JWT](https://jwt.io/), [OAuth](https://oauth.net/)).
+- [ ] Don't use `Basic Auth`. Use standard authentication instead (e.g., [JWT](https://jwt.io/), [OAuth](https://oauth.net/)).
 - [ ] Don't reinvent the wheel in `Authentication`, `token generation`, `password storage`. Use the standards.
 - [ ] Use `Max Retry` and jail features in Login.
 - [ ] Use encryption on all sensitive data.
@@ -34,12 +34,12 @@ Checklist of the most important security countermeasures when designing, testing
 
 ## Input
 - [ ] Use the proper HTTP method according to the operation: `GET (read)`, `POST (create)`, `PUT/PATCH (replace/update)`, and `DELETE (to delete a record)`, and respond with `405 Method Not Allowed` if the requested method isn't appropriate for the requested resource.
-- [ ] Validate `content-type` on request Accept header (Content Negotiation) to allow only your supported format (e.g. `application/xml`, `application/json`, etc.) and respond with `406 Not Acceptable` response if not matched.
-- [ ] Validate `content-type` of posted data as you accept (e.g. `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json`, etc.).
-- [ ] Validate user input to avoid common vulnerabilities (e.g. `XSS`, `SQL-Injection`, `Remote Code Execution`, etc.).
+- [ ] Validate `content-type` on request Accept header (Content Negotiation) to allow only your supported format (e.g., `application/xml`, `application/json`, etc.) and respond with `406 Not Acceptable` response if not matched.
+- [ ] Validate `content-type` of posted data as you accept (e.g., `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json`, etc.).
+- [ ] Validate user input to avoid common vulnerabilities (e.g., `XSS`, `SQL-Injection`, `Remote Code Execution`, etc.).
 - [ ] Don't use any sensitive data (`credentials`, `Passwords`, `security tokens`, or `API keys`) in the URL, but use standard Authorization header.
-- [ ] Use only server side encryption.
-- [ ] Use an API Gateway service to enable caching, Rate Limit policies (e.g. `Quota`, `Spike Arrest`, or `Concurrent Rate Limit`) and deploy APIs resources dynamically.
+- [ ] Use only server-side encryption.
+- [ ] Use an API Gateway service to enable caching, Rate Limit policies (e.g., `Quota`, `Spike Arrest`, or `Concurrent Rate Limit`) and deploy APIs resources dynamically.
 
 ## Processing
 - [ ] Check if all the endpoints are protected behind authentication to avoid broken authentication process.
@@ -58,8 +58,8 @@ Checklist of the most important security countermeasures when designing, testing
 - [ ] Send `Content-Security-Policy: default-src 'none'` header.
 - [ ] Remove fingerprinting headers - `X-Powered-By`, `Server`, `X-AspNet-Version`, etc.
 - [ ] Force `content-type` for your response. If you return `application/json`, then your `content-type` response is `application/json`.
-- [ ] Don't return sensitive data like `credentials`, `Passwords`, or `security tokens`.
-- [ ] Return the proper status code according to the operation completed. (e.g. `200 OK`, `400 Bad Request`, `401 Unauthorized`, `405 Method Not Allowed`, etc.).
+- [ ] Don't return sensitive data like `credentials`, `passwords`, or `security tokens`.
+- [ ] Return the proper status code according to the operation completed. (e.g., `200 OK`, `400 Bad Request`, `401 Unauthorized`, `405 Method Not Allowed`, etc.).
 
 ## CI & CD
 - [ ] Audit your design and implementation with unit/integration tests coverage.

From 884a3690f57ad31a156deb513b92ccbbb000d487 Mon Sep 17 00:00:00 2001
From: Caleb Mazalevskis <maikuolan@gmail.com>
Date: Sun, 24 Jul 2022 23:37:43 +0800
Subject: [PATCH 108/149] Sync.

Finished what I could immediately see. Might be stuff missing, or there
might be mistakes/errors/etc. If you spot anything, please send some PRs
with corrections/fixes/improvements/etc. :-)
---
 README-ar.md    | 4 ++--
 README-de.md    | 4 ++--
 README-el.md    | 4 ++--
 README-es.md    | 4 ++--
 README-fa.md    | 5 +++++
 README-fr.md    | 4 ++--
 README-hi.md    | 4 ++--
 README-id.md    | 4 ++--
 README-it.md    | 4 ++--
 README-ja.md    | 4 ++--
 README-ko.md    | 4 ++--
 README-lo.md    | 4 ++--
 README-mk.md    | 4 ++--
 README-ml.md    | 4 ++--
 README-mn.md    | 4 ++--
 README-nl.md    | 4 ++--
 README-pl.md    | 4 ++--
 README-pt_BR.md | 4 ++--
 README-ru.md    | 4 ++--
 README-th.md    | 4 ++--
 README-tr.md    | 4 ++--
 README-tw.md    | 4 ++--
 README-uk.md    | 4 ++--
 README-vi.md    | 4 ++--
 README-zh.md    | 4 ++--
 25 files changed, 53 insertions(+), 48 deletions(-)

diff --git a/README-ar.md b/README-ar.md
index 1532514..31b6dba 100644
--- a/README-ar.md
+++ b/README-ar.md
@@ -67,8 +67,8 @@
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;مراجعة التصميم الخاص بك والتنفيذ مع وحدة / التكامل اختبارات الاختبار unit/integration tests coverage.
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;استخدام عملية مراجعة الرمز البرمجي وتجاهل الموافقة على الرمز البرمجي الذي قمت بكتابته.
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;تأكد من أن جميع مكونات الخدمات الخاصة بك يتم فحصها بشكل ثابت بواسطة برامج الفيروسات قبل إرسالها إلى الإنتاج، بما في ذلك المكتبات الخارجية وغيرها من التبعيات.
-- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Continuously run security tests (static/dynamic analysis) on your code.
-- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Check your dependencies (both software and OS) for known vulnerabilities.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;قم بإجراء اختبارات الأمان باستمرار (التحليل الثابت/الديناميكي) على التعليمات البرمجية الخاصة بك.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;تحقق من تبعياتك (البرنامج ونظام التشغيل) بحثًا عن نقاط الضعف المعروفة.
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;تصميم حل التراجع عن عمليات النشر rollback.
 
 
diff --git a/README-de.md b/README-de.md
index fc6766c..1bf58ad 100644
--- a/README-de.md
+++ b/README-de.md
@@ -65,8 +65,8 @@ Checkliste für die wichtigsten Sicherheitsmaßnahmen beim Designen, Testen und
 - [ ] Nutze Unit- und Integrationstest und deren Abdeckung (Test Coverage), um deine Implementierungen und Design zu kontrollieren.
 - [ ] Nutze einen Code Review Prozess, aber bleib sachlich.
 - [ ] Stelle sicher, dass alle verwendeten Komponenten (Bibliotheken und alle anderen Abhängigkeiten) noch einmal statisch von einer Anti-Virus Software überprüft wurden bevor diese in die Produktionsumgebung gehen.
-- [ ] Continuously run security tests (static/dynamic analysis) on your code.
-- [ ] Check your dependencies (both software and OS) for known vulnerabilities.
+- [ ] Führen kontinuierlich Sicherheitstests (statische/dynamische Analyse) für Ihren Code.
+- [ ] Überprüfen Ihre Abhängigkeiten (Software und Betriebssystem) auf bekannte Schwachstellen.
 - [ ] Stelle sicher, dass du im Fehlerfall auch schnell wieder den vorherigen Stand einspielen kannst (Rollback).
 
 
diff --git a/README-el.md b/README-el.md
index 3d06f3c..32d27fe 100644
--- a/README-el.md
+++ b/README-el.md
@@ -65,8 +65,8 @@
 - [ ] Ελέγξτε το σχεδιασμό και την κατάσταση της εφαρμογή σας με επαρκή κάλυψη τεστ Unit / integration.
 - [ ] Χρησιμοποιήτε code review διαδικασίες και μη δέχεστε self-approval απο την ομάδα.
 - [ ] Εξασφαλίστε ότι όλα τα στοιχέια των υπηρεσιών σας περνούν απο στατικό έλεγχο με AV software πριν τα αναρτήσετε στο production, συμπεριλαμβανομένου οποιασδήποτε εξωτερικής βιβλιοθήκης που μπορει να χρησιμοποιήτε.
-- [ ] Continuously run security tests (static/dynamic analysis) on your code.
-- [ ] Check your dependencies (both software and OS) for known vulnerabilities.
+- [ ] Εκτελείτε συνεχώς δοκιμές ασφαλείας (στατική/δυναμική ανάλυση) στον κώδικά σας.
+- [ ] Ελέγξτε τις εξαρτήσεις σας (τόσο το λογισμικό όσο και το λειτουργικό σύστημα) για γνωστά τρωτά σημεία.
 - [ ] Σχεδιάστε rollback διαδικασίες για deployments.
 
 
diff --git a/README-es.md b/README-es.md
index f9fb326..2255cb2 100644
--- a/README-es.md
+++ b/README-es.md
@@ -65,8 +65,8 @@ Lista de las contramedidas de seguridad más importantes en cuanto al diseño, t
 - [ ] Audita tu diseño e implementación con tests unitarios/integración y test coverage.
 - [ ] Usa procesos de revisión de código y evita la auto aprobación.
 - [ ] Asegura que todos los componentes de tus servicios se escanean estáticamente con un software AV antes de ir a producción, incluyendo librerías de terceros y dependencias.
-- [ ] Continuously run security tests (static/dynamic analysis) on your code.
-- [ ] Check your dependencies (both software and OS) for known vulnerabilities.
+- [ ] Ejecute continuamente pruebas de seguridad (análisis estático/dinámico) en su código.
+- [ ] Verifique sus dependencias (tanto software como sistema operativo) en busca de vulnerabilidades conocidas.
 - [ ] Diseña un proceso de `rollback` para tus `deploys`.
 
 
diff --git a/README-fa.md b/README-fa.md
index d5dbe5d..961300d 100644
--- a/README-fa.md
+++ b/README-fa.md
@@ -18,6 +18,7 @@
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;الگوریتم را از هدر استخراج نکنید. در بک‌اند الگوریتم را تحمیل کنید (`HS256` یا `RS256`).
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;انقضای توکن (`TTL` یا `RTTL`) را تا حد ممکن کوتاه کن.
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;اطلاعات حساس را در پی‌لود JWT ذخیره نکنید چون [به راحتی](https://jwt.io/#debugger-io) قابل رمزگشایی است.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;از ذخیره بیش از حد داده ها خودداری کنید. JWT معمولاً در هدر به اشتراک گذاشته می شود و محدودیت اندازه دارند.
 
 ### OAuth
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;همیشه `redirect_uri` را در سمت سرور اعتبارسنجی کنید تا تنها به URLهای مجاز اجازه داده شود.
@@ -29,6 +30,8 @@
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;رکوئست‌ها را محدود کنید (Throttling) تا از حملات DDos یا بروت‌فورس جلوگیری شود.
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;در سمت سرور از HTTPS استفاده کنید تا از حملات مرد میانی جلوگیری شود.
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;از هدر `HSTS` استفاده کنید تا از حمله‌ی SSL Strip جلوگیری شود.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;لیست های دایرکتوری را خاموش کنید.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;برای APIهای خصوصی، فقط از IPها/میزبانهای لیست سفید اجازه دسترسی داشته باشید.
 
 ## ورودی
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;از متد HTTP مناسب با توجه به نوع عملیات استفاده کنید: `GET` برای خواندن، `POST` برای ایجاد کردن، `PUT/PATCH` برای جایگزین یا بروزرسانی و `DELETE` برای حذف یک رکورد، و در صورتی‌که متد درخواستی برای منبع درخواست‌شده مناسب نباشد با `405 Method Not Allowed` پاسخ بدهید.
@@ -36,6 +39,7 @@
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;مقدار `content-type` در داده‌ی پست‌شده را اعتبارسنجی کنید (مثلا `application/x-www-form-urlencoded`، `multipart/form-data`، `application/json` و ...).
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;ورودی کاربر را اعتبارسنجی کنید تا از آسیب‌پذیری‌های معمول جلوگیری شود (مثلا `XSS`، `SQL-Injection` و `Remote Code Execution`). 
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;هیچ داده‌ی حساسی مثل (داده‌های اعتبارسنجی، پسوورد‌ها، توکن‌های امنیتی یا کلید‌های API) را داخل URL قرار ندهید و از هدر Authorization استاندارد استفاده کنید.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;فقط از رمزگذاری سمت سرور استفاده کنید.
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;از یک سرویس API Gateway استفاده کنید تا کش‌کردن و سیاست‌های Rate Limit (مثلا `Quota`، `Spike Arrest` یا `Concurrent Rate Limit`) فعال شوند و منابع APIها را به صورت داینامیک دپلوی کنید.
 
 ## پردازش
@@ -47,6 +51,7 @@
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;از یک CDN برای آپلودهای فایل استفاده کنید.
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;اگر با مقادیر بسیار حجیمی از داده سر و کار دارید، از Workerها و Queueها استفاده کنید تا حد الامکان پردازش در بک‌گراند انجام شود و سریع پاسخ را برگردانید تا از HTTP Blocking جلوگیری شود.
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;خاموش کردن حالت DEBUG را فراموش نکنید.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;در صورت وجود از پشته های غیر قابل اجرا استفاده کنید.
 
 ## خروجی
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;هدر `X-Content-Type-Options: nosniff` را ارسال کنید.
diff --git a/README-fr.md b/README-fr.md
index 4f52944..7d93298 100644
--- a/README-fr.md
+++ b/README-fr.md
@@ -65,8 +65,8 @@ Checklist des points de sécurité les plus importants lors de la conception, du
 - [ ] Vérifiez votre conception et votre implémentation avec une couverture des tests unitaires et d'intégration.
 - [ ] Utilisez un processus de revue de code et ignorez l'auto-approbation.
 - [ ] Assurez-vous que tous les composants de vos services sont scannés par un logiciel anti-virus avant la mise en production, ainsi que les bibliothèques tierces et autres dépendances.
-- [ ] Continuously run security tests (static/dynamic analysis) on your code.
-- [ ] Check your dependencies (both software and OS) for known vulnerabilities.
+- [ ] Exécutez en continu des tests de sécurité (analyse statique/dynamique) sur votre code.
+- [ ] Vérifiez vos dépendances (logiciel et système d'exploitation) pour les vulnérabilités connues.
 - [ ] Concevez une solution de rollback pour les déploiements.
 
 
diff --git a/README-hi.md b/README-hi.md
index 03454fa..378a3f0 100644
--- a/README-hi.md
+++ b/README-hi.md
@@ -65,8 +65,8 @@
 - [ ] unit/integration परीक्षण कवरेज के साथ अपने डिजाइन और कार्यान्वयन की जांच करें।
 - [ ] कोड समीक्षा प्रक्रिया का उपयोग करें और स्वयं-स्वीकृति की उपेक्षा करें।
 - [ ] सुनिश्चित करें कि आपकी सेवाओं के सभी components को AV सॉफ्टवेयर द्वारा स्कैन करने से पहले उत्पादक को push. vendor libraries और अन्य dependencies शामिल हैं।
-- [ ] Continuously run security tests (static/dynamic analysis) on your code.
-- [ ] Check your dependencies (both software and OS) for known vulnerabilities.
+- [ ] अपने कोड पर लगातार सुरक्षा परीक्षण (स्थिर/गतिशील विश्लेषण) चलाएं।
+- [ ] ज्ञात कमजोरियों के लिए अपनी निर्भरता (सॉफ्टवेयर और ओएस दोनों) की जाँच करें।
 - [ ] तैनाती के लिए एक रोलबैक समाधान तैयार करें।
 
 
diff --git a/README-id.md b/README-id.md
index 554b13d..11c93cb 100644
--- a/README-id.md
+++ b/README-id.md
@@ -65,8 +65,8 @@ Checklist penanggulangan keamanan yang paling penting ketika merancang, menguji,
 - [ ] Audit rancangan dan pelaksanaan dengan pengujian unit/integrasi.
 - [ ] Gunakan proses ulasan kode dan kesampingkan persetujuan sendiri.
 - [ ] Pastikan seluruh komponen layanan dipindai secara statis menggunakan anti virus sebelum didorong ke lingkungan produksi, termasuk pustaka-pustaka milik vendor dan ketergantungan lainnya.
-- [ ] Continuously run security tests (static/dynamic analysis) on your code.
-- [ ] Check your dependencies (both software and OS) for known vulnerabilities.
+- [ ] Jalankan uji keamanan (analisis statis/dinamis) secara terus-menerus pada kode Anda.
+- [ ] Memeriksa dependensi Anda (perangkat lunak dan OS) untuk mengetahui kerentanannya.
 - [ ] Rancang solusi kembali ke versi sebelumnya pada proses penyebaran.
 
 
diff --git a/README-it.md b/README-it.md
index 20ed837..eaafd8b 100644
--- a/README-it.md
+++ b/README-it.md
@@ -65,8 +65,8 @@ Una checklist per le più importanti contromisure da mettere in pratica quando s
 - [ ] Verificare il design attraverso gli unit/integration tests.
 - [ ] Definire e utilizzare una procedura di code review per il rilascio, evitando l'auto approvazione.
 - [ ] Verificare che tutti i componenti dei servizi siano controllati da software AV prima di essere messi in produzione, incluse le librerie di terze parti.
-- [ ] Continuously run security tests (static/dynamic analysis) on your code.
-- [ ] Check your dependencies (both software and OS) for known vulnerabilities.
+- [ ] Esegui continuamente test di sicurezza (analisi statica/dinamica) sul tuo codice.
+- [ ] Controlla le tue dipendenze (sia software che sistema operativo) per le vulnerabilità note.
 - [ ] Definire una strategia di rollback per il deploy.
 
 
diff --git a/README-ja.md b/README-ja.md
index 875a5bd..49cf40e 100644
--- a/README-ja.md
+++ b/README-ja.md
@@ -65,8 +65,8 @@ APIを設計、テスト、リリースするときの最も重要なセキュ
 - [ ] ユニットテスト/結合テストのカバレッジで、設計と実装を継続的に検査する。
 - [ ] コードレビューのプロセスを採用し、自身による承認を無視する。
 - [ ] プロダクションへプッシュする前に、ベンダのライブラリ、その他の依存関係を含め、サービスの全ての要素をアンチウイルスソフトで静的スキャンする。
-- [ ] Continuously run security tests (static/dynamic analysis) on your code.
-- [ ] Check your dependencies (both software and OS) for known vulnerabilities.
+- [ ] コードに対してセキュリティ・テスト（静的/動的分析）を継続的に実行して。
+- [ ] 既知の脆弱性について、依存関係（ソフトウェアとOSの両方）を確認して。
 - [ ] デプロイのロールバックを用意する。
 
 
diff --git a/README-ko.md b/README-ko.md
index eab59a2..8a6752b 100644
--- a/README-ko.md
+++ b/README-ko.md
@@ -65,8 +65,8 @@ API를 설계하고, 테스트하고, 배포할 때 고려해야 할 중요한 
 - [ ] 단위/통합 테스트 범위로 설계 및 구현을 검토하세요.
 - [ ] 코드 리뷰 절차를 사용하고 자체 승인을 무시하세요.
 - [ ] 제품 출시전에 백신 소프트웨어로 공급 업체의 라이브러리 및 기타 종속적인 것을 포함한 서비스의 모든 구성 요소들을 정적으로 검사했는지 확인하세요.
-- [ ] Continuously run security tests (static/dynamic analysis) on your code.
-- [ ] Check your dependencies (both software and OS) for known vulnerabilities.
+- [ ] 코드에 대한 보안 테스트(정적/동적 분석)를 지속해서 실행합니다.
+- [ ] 알려진 취약점이 있는지 종속성(소프트웨어 및 OS 모두)을 확인하십시오.
 - [ ] 배포에 대한 롤백 솔루션을 설계하세요.
 
 
diff --git a/README-lo.md b/README-lo.md
index c86f2a6..6916cbb 100644
--- a/README-lo.md
+++ b/README-lo.md
@@ -65,8 +65,8 @@ Checklist ທີ່ຕ້ອງໃຫ້ຄວາມສຳຄັນເມື່
 - [ ] ກວດສອບ design ກັບ implementation ໃນຂັ້ນ unit/integration test ຢ່າງຄອບຄຸມ.
 - [ ] ໃຫ້ໃຊ້ code review process ບໍ່ແມ່ນວ່າໂຕເອງພໍໃຈກໍໂອເຄແລ້ວ.
 - [ ] ໝັ້ນໃຈວ່າທຸກຢ່າງ service ປອດໄວລັດແລ້ວກ່ອນຈະນຳຂຶ້ນ production ລວມໄປເຖິງ lib ຂອງພວກ vendor ກັບ dependencies ອື່ນໆ ອີກດ້ວຍ.
-- [ ] Continuously run security tests (static/dynamic analysis) on your code.
-- [ ] Check your dependencies (both software and OS) for known vulnerabilities.
+- [ ] ດໍາເນີນການທົດສອບຄວາມປອດໄພຢ່າງຕໍ່ເນື່ອງ (ການວິເຄາະແບບຄົງທີ່ ແລະແບບເຄື່ອນໄຫວ) ໃນລະຫັດຂອງທ່ານ.
+- [ ] ກວດເບິ່ງຄວາມເພິ່ງພາອາໄສຂອງທ່ານ (ທັງຊອບແວ ແລະ OS) ສໍາລັບຊ່ອງໂຫວ່ທີ່ຮູ້ຈັກ.
 - [ ] ອອກແບບວິທີ rollback ໄວ້ກ່ອນຈະນຳຂຶ້ນໄປ ເພາະເວລາເກີດບັນຈະໄດ້ຍ້ອນກັບມາໃຊ້ version ເກົ່າໄປກ່ອນໄດ້ (ອາດເຈິໄດ້ຫຼາຍໃນຕອນພັດທະນາ feature ໃໝ່ໆ).
 
 
diff --git a/README-mk.md b/README-mk.md
index 47786e1..e439bdc 100644
--- a/README-mk.md
+++ b/README-mk.md
@@ -65,8 +65,8 @@
 - [ ] Ревизија на вашиот дизајн и имплементација со покриеност тестови за единица / интеграција.
 - [ ] Користете процес на прегледување на кодот и не дозволувајте самоодобрување.
 - [ ] Осигурајте се дека сите компоненти на вашите услуги се статички скенирани од AV-софтверот пред да се изврши притисок за производство, вклучувајќи библиотеки на продавачи и други зависности.
-- [ ] Continuously run security tests (static/dynamic analysis) on your code.
-- [ ] Check your dependencies (both software and OS) for known vulnerabilities.
+- [ ] Континуирано извршувајте безбедносни тестови (статичка/динамичка анализа) на вашиот код.
+- [ ] Проверете ги вашите зависности (и софтвер и ОС) за познати пропусти.
 - [ ] Дизајн на rollback за во продукција.
 
 
diff --git a/README-ml.md b/README-ml.md
index 1295505..98f9bc5 100644
--- a/README-ml.md
+++ b/README-ml.md
@@ -63,8 +63,8 @@
 - [ ] unit/integration tests കോവേജ് ഉപയോഗിച്ച് നിങ്ങളുടെ ഡിസൈനും ഇമ്പലമെന്റാഷനും ഔഡിഡ് ചെയ്യുക.
 - [ ] ഒരു കോഡ് റിവ്യൂ പ്രക്രിയ ഉപയോഗിക്കുക, സ്വയം അംഗീകാരം അവഗണിക്കുക.
 - [ ] വെണ്ടർ ലൈബ്രറികളും മറ്റ് ഡിപൻഡൻസികളും ഉൾപ്പെടെ ഉൽപ്പാദനത്തിലേക്ക് നീങ്ങുന്നതിന് മുമ്പ് നിങ്ങളുടെ സേവനങ്ങളുടെ എല്ലാ ഘടകങ്ങളും എവി സോഫ്‌റ്റ്‌വെയർ സ്ഥിരമായി സ്കാൻ ചെയ്തിട്ടുണ്ടെന്ന് ഉറപ്പാക്കുക.
-- [ ] Continuously run security tests (static/dynamic analysis) on your code.
-- [ ] Check your dependencies (both software and OS) for known vulnerabilities.
+- [ ] നിങ്ങളുടെ കോഡിൽ സുരക്ഷാ പരിശോധനകൾ (സ്റ്റാറ്റിക്/ഡൈനാമിക് അനാലിസിസ്) തുടർച്ചയായി പ്രവർത്തിപ്പിക്കുക.
+- [ ] അറിയപ്പെടുന്ന കേടുപാടുകൾക്കായി നിങ്ങളുടെ ഡിപൻഡൻസികൾ (സോഫ്‌റ്റ്‌വെയറും ഒഎസും) പരിശോധിക്കുക.
 - [ ] ഡിപ്ലോയ്‌മെന്റിനായി ഒരു റോൾബാക്ക് പരിഹാരം രൂപകൽപ്പന ചെയ്യുക.
 
 
diff --git a/README-mn.md b/README-mn.md
index 38712fe..ff6e5bb 100644
--- a/README-mn.md
+++ b/README-mn.md
@@ -65,8 +65,8 @@ API гаргах, загварчлах, тестлэхэд аюулгүйн та
 - [ ] unit/integration тест ашиглан системийн загварчлал, хэрэгжилтийг шалгах.
 - [ ] Код шалгалт ашигла, мөн өөрөө өөрийгөө ч шалга.
 - [ ] Бүх тусдаа хэсгүүд бүр vendor сан, бусад нэмэлт сангууд бүгдийг нь AV програмаар статикаар шалга.
-- [ ] Continuously run security tests (static/dynamic analysis) on your code.
-- [ ] Check your dependencies (both software and OS) for known vulnerabilities.
+- [ ] Код дээрээ аюулгүй байдлын тестийг (статик/динамик анализ) тасралтгүй ажиллуул.
+- [ ] Мэдэгдэж буй сул талуудыг өөрийн хамаарлыг (програм хангамж болон үйлдлийн систем) шалгана уу.
 - [ ] Ямар ч үед deploy хийхэд амар шийдэл гаргах.
 
 
diff --git a/README-nl.md b/README-nl.md
index 92add65..c9c183a 100644
--- a/README-nl.md
+++ b/README-nl.md
@@ -65,8 +65,8 @@ Checklist met de belangrijkste tegenmaatregelen bij het ontwerpen, testen en uit
 - [ ] Controleer het ontwerp en de implementatie met unit/integration test dekking.
 - [ ] Gebruik een code review traject en controleer niet zelf je eigen code.
 - [ ] Scan de API voor het naar productie zetten door AV software, niet alleen eigen code maar ook de libraries en andere gebruikte dependencies.
-- [ ] Continuously run security tests (static/dynamic analysis) on your code.
-- [ ] Check your dependencies (both software and OS) for known vulnerabilities.
+- [ ] Voer continu beveiligingstests (statische/dynamische analyse) uit op uw code.
+- [ ] Controleer uw afhankelijkheden (zowel software en besturingssysteem) op bekende kwetsbaarheden.
 - [ ] Ontwikkel een terugrol oplossing.
 
 
diff --git a/README-pl.md b/README-pl.md
index 1c7720e..fed6bc0 100644
--- a/README-pl.md
+++ b/README-pl.md
@@ -64,8 +64,8 @@ Lista kontrolna najważniejszych metod zabezpieczenia podczas projektowania, tes
 - [ ] Przetestuj wszystkie rozwiązania stosując testy jednostkowe.
 - [ ] Oddaj kod do przejrzenia innym, poddaj go `code review`.
 - [ ] Upewnij się, że wszystkie komponenty twojej usługi są skanowane przez oprogramowanie antywirusowe przed wejściem na produkcje. Uwzględnij także zewnętrzne biblioteki.
-- [ ] Continuously run security tests (static/dynamic analysis) on your code.
-- [ ] Check your dependencies (both software and OS) for known vulnerabilities.
+- [ ] Ciągle uruchamiaj testy bezpieczeństwa (analiza statyczna/dynamiczna) w swoim kodzie.
+- [ ] Sprawdź swoje zależności (zarówno oprogramowanie i system operacyjny) pod kątem znanych luk w zabezpieczeniach.
 - [ ] Stwórz możliwość szybkiego wycofania udostępnionego wdrożenia.
 
 
diff --git a/README-pt_BR.md b/README-pt_BR.md
index f6319c5..2173db7 100644
--- a/README-pt_BR.md
+++ b/README-pt_BR.md
@@ -65,8 +65,8 @@ Lista das mais importantes medidas de segurança para o desenvolvimento, teste e
 - [ ] Monitore a especificação e implementação do escopo da sua API através de testes unitários e de integração.
 - [ ] Use um processo de revisão de código, ignorando sistemas de auto-aprovação.
 - [ ] Certifique-se de que todos os componentes de seus serviços sejam validados por _softwares_ AV (anti-vírus, anti-_malware_) antes de enviar para produção, incluindo as dependências de terceiros utilizadas.
-- [ ] Continuously run security tests (static/dynamic analysis) on your code.
-- [ ] Check your dependencies (both software and OS) for known vulnerabilities.
+- [ ] Execute continuamente testes de segurança (análise estática/dinâmica) em seu código.
+- [ ] Verifique suas dependências (software e sistema operacional) para vulnerabilidades conhecidas.
 - [ ] Implemente funcionalidade de reversão de _deploy_ (_rollback_).
 
 
diff --git a/README-ru.md b/README-ru.md
index b42071a..78d3ead 100644
--- a/README-ru.md
+++ b/README-ru.md
@@ -65,8 +65,8 @@
 - [ ] Проверяйте ваш проект во время CI/CD. Покрывайте код unit/интеграционными тестами.
 - [ ] Используйте процесс проверки кода (Code Review) коллегами. Не апрувьте сами себя (no Self-Approval).
 - [ ] Убедитесь, что ваше приложение сканируются с помощью антивирусов перед отправкой в прод, включая библиотеки и другие зависимости.
-- [ ] Continuously run security tests (static/dynamic analysis) on your code.
-- [ ] Check your dependencies (both software and OS) for known vulnerabilities.
+- [ ] Постоянно запускайте тесты безопасности (статический/динамический анализ) вашего кода.
+- [ ] Проверьте свои зависимости (как программное обеспечение и ОС) на наличие известных уязвимостей.
 - [ ] Сделайте возможным быстрый откат на предыдущую версию.
 
 
diff --git a/README-th.md b/README-th.md
index 241ef6d..e6dbbb1 100644
--- a/README-th.md
+++ b/README-th.md
@@ -64,8 +64,8 @@ Checklist ที่ต้องให้ความสำคัญเมื่
 - [ ] ตรวจสอบ design กับ implementation ในขั้น unit/integration test อย่างครอบคลุม
 - [ ] ให้ใช้ code review process ไม่ใช่ว่าตัวเองพอใจก็โอเคแล้ว
 - [ ] มั่นใจว่าทุกอย่างใน service ปลอดไวรัสแล้วก่อนจะนำขึ้น production รวมถึง lib ของพวก vendor กับ dependencies อื่นๆด้วย
-- [ ] Continuously run security tests (static/dynamic analysis) on your code.
-- [ ] Check your dependencies (both software and OS) for known vulnerabilities.
+- [ ] เรียกใช้การทดสอบความปลอดภัยอย่างต่อเนื่อง (การวิเคราะห์แบบสแตติก/ไดนามิก) ในโค้ดของคุณ.
+- [ ] ตรวจสอบการพึ่งพาของคุณ (ทั้งซอฟต์แวร์และระบบปฏิบัติการ) เพื่อหาช่องโหว่ที่ทราบ.
 - [ ] ออกแบบวิธี rollback ไว้ด้วยก่อนจะนำขึ้นไป เพราะเวลาเกิดปัญหาจะได้ย้อนกลับมาใช้ version เก่าไปก่อนได้ (อาจพบได้บ่อยตอนพัฒนา feature ใหม่ๆ)
 
 
diff --git a/README-tr.md b/README-tr.md
index 1d028ac..cebbeb1 100644
--- a/README-tr.md
+++ b/README-tr.md
@@ -65,8 +65,8 @@ API'nizi tasarlarken, test ederken ve yayınlarken en önemli güvenlik önlemle
 - [ ] unit/integration testi kapsamı ölçümleri ile tasarımınızı ve uygulamanızı denetleyin.
 - [ ] Bir kod inceleme süreci kullanın ve kendi onayınızı dikkate almayın.
 - [ ] Kodunuzu canlıya göndemreden önce harici kitaplıkları ve diğer bağımlılıklar da dahil olmak üzere hizmetlerinizin tüm bileşenlerinin AntiVirus yazılımıyla statik olarak tarandığından emin olun.
-- [ ] Continuously run security tests (static/dynamic analysis) on your code.
-- [ ] Check your dependencies (both software and OS) for known vulnerabilities.
+- [ ] Kodunuz üzerinde sürekli olarak güvenlik testleri (statik/dinamik analiz) çalıştırın.
+- [ ] Bilinen güvenlik açıkları için bağımlılıklarınızı (hem yazılım hem de işletim sistemi) kontrol edin.
 - [ ] Dağıtımlar için bir geriye dönme çözümü tasarlayın.
 
 
diff --git a/README-tw.md b/README-tw.md
index 983b0a5..e5abe9d 100644
--- a/README-tw.md
+++ b/README-tw.md
@@ -65,8 +65,8 @@
 - [ ] 使用單元測試和整合測試來審計你的設計和實現.
 - [ ] 引入代碼審查流程, 不要自行批准更改.
 - [ ] 在推送到生產環境之前確保服務的所有組件都用殺毒軟件靜態地掃瞄過, 包括第三方庫和其它依賴.
-- [ ] Continuously run security tests (static/dynamic analysis) on your code.
-- [ ] Check your dependencies (both software and OS) for known vulnerabilities.
+- [ ] 對您的代碼持續運行安全測試（靜態/動態分析）。
+- [ ] 檢查您的依賴項（軟件和操作系統）是否存在已知漏洞。
 - [ ] 為部署設計一個回滾方案.
 
 
diff --git a/README-uk.md b/README-uk.md
index b438614..dd6c2e8 100644
--- a/README-uk.md
+++ b/README-uk.md
@@ -65,8 +65,8 @@
 - [ ] Аудит вашого дизайну і реалізації з охопленням модулів / інтеграційних тестів.
 - [ ] Використовуйте процес перевірки коду і ігноруйте самоокупність.
 - [ ] Переконайтеся, що всі компоненти ваших служб статично скануються за допомогою антивірусів перед відправкою на виробництво, включаючи бібліотеки постачальників та інші залежності.
-- [ ] Continuously run security tests (static/dynamic analysis) on your code.
-- [ ] Check your dependencies (both software and OS) for known vulnerabilities.
+- [ ] Постійно запускайте тести безпеки (статичний/динамічний аналіз) вашого коду.
+- [ ] Перевірте свої залежності (як програмне забезпечення, так і ОС) на відомі вразливості.
 - [ ] Створіть рішення відкату для розгортання.
 
 
diff --git a/README-vi.md b/README-vi.md
index ed73ab0..fdcf437 100644
--- a/README-vi.md
+++ b/README-vi.md
@@ -65,8 +65,8 @@ Những giải pháp an toàn và cách khắc phục khi thiết kế, kiểm t
 - [ ] Kiểm tra thiết kế và thực hiện đầy đủ việc test với unit/integration.
 - [ ] Áp dụng quy trình đánh giá code và bỏ qua việc tự phê duyệt.
 - [ ] Đảm bảo các thành phần của dịch vụ được quét với các anti virus trước khi đưa ra phiên bản production, bao gồm các thư viện và các gói khác.
-- [ ] Continuously run security tests (static/dynamic analysis) on your code.
-- [ ] Check your dependencies (both software and OS) for known vulnerabilities.
+- [ ] Liên tục chạy các bài kiểm tra bảo mật (phân tích tĩnh/động) trên mã của bạn.
+- [ ] Kiểm tra các phần phụ thuộc của bạn (cả phần mềm và hệ điều hành) để tìm các lỗ hổng đã biết.
 - [ ] Thiết kế một giải pháp rollback cho việc triển khai.
 
 
diff --git a/README-zh.md b/README-zh.md
index 965adf2..b5bf6ab 100644
--- a/README-zh.md
+++ b/README-zh.md
@@ -65,8 +65,8 @@
 - [ ] 使用单元测试以及集成测试的覆盖率来保障你的设计和实现。
 - [ ] 引入代码审查流程，禁止私自合并代码。
 - [ ] 在推送到生产环境之前确保服务的所有组件都用杀毒软件静态地扫描过，包括第三方库和其它依赖。
-- [ ] Continuously run security tests (static/dynamic analysis) on your code.
-- [ ] Check your dependencies (both software and OS) for known vulnerabilities.
+- [ ] 对您的代码持续运行安全测试（静态/动态分析）。
+- [ ] 检查您的依赖项（软件和操作系统）是否存在已知漏洞。
 - [ ] 为部署设计一个回滚方案。
 
 

From b8b2ae5cca46f4ff17d1c72609745df08c3a85a4 Mon Sep 17 00:00:00 2001
From: Matt Spiekerman <mrspieke@svsu.edu>
Date: Fri, 11 Nov 2022 16:56:45 -0500
Subject: [PATCH 109/149] Proposing changes based on issue #169

---
 README.md | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/README.md b/README.md
index f8d01fb..6c4cd39 100644
--- a/README.md
+++ b/README.md
@@ -7,7 +7,7 @@ Checklist of the most important security countermeasures when designing, testing
 ---
 
 ## Authentication
-- [ ] Don't use `Basic Auth`. Use standard authentication instead (e.g., [JWT](https://jwt.io/), [OAuth](https://oauth.net/)).
+- [ ] Don't use `Basic Auth`. Use standard authentication instead (e.g., [JWT](https://jwt.io/)).
 - [ ] Don't reinvent the wheel in `Authentication`, `token generation`, `password storage`. Use the standards.
 - [ ] Use `Max Retry` and jail features in Login.
 - [ ] Use encryption on all sensitive data.
@@ -19,12 +19,6 @@ Checklist of the most important security countermeasures when designing, testing
 - [ ] Don't store sensitive data in the JWT payload, it can be decoded [easily](https://jwt.io/#debugger-io).
 - [ ] Avoid storing too much data. JWT is usually shared in headers and they have a size limit.
 
-### OAuth
-- [ ] Always validate `redirect_uri` server-side to allow only whitelisted URLs.
-- [ ] Always try to exchange for code and not tokens (don't allow `response_type=token`).
-- [ ] Use `state` parameter with a random hash to prevent CSRF on the OAuth authentication process.
-- [ ] Define the default scope, and validate scope parameters for each application.
-
 ## Access
 - [ ] Limit requests (Throttling) to avoid DDoS / brute-force attacks.
 - [ ] Use HTTPS on server side with TLS 1.2+ and secure ciphers to avoid MITM (Man in the Middle Attack).
@@ -32,6 +26,14 @@ Checklist of the most important security countermeasures when designing, testing
 - [ ] Turn off directory listings.
 - [ ] For private APIs, allow access only from whitelisted IPs/hosts.
 
+## Authorization
+
+### OAuth
+- [ ] Always validate `redirect_uri` server-side to allow only whitelisted URLs.
+- [ ] Always try to exchange for code and not tokens (don't allow `response_type=token`).
+- [ ] Use `state` parameter with a random hash to prevent CSRF on the OAuth authorization process.
+- [ ] Define the default scope, and validate scope parameters for each application.
+
 ## Input
 - [ ] Use the proper HTTP method according to the operation: `GET (read)`, `POST (create)`, `PUT/PATCH (replace/update)`, and `DELETE (to delete a record)`, and respond with `405 Method Not Allowed` if the requested method isn't appropriate for the requested resource.
 - [ ] Validate `content-type` on request Accept header (Content Negotiation) to allow only your supported format (e.g., `application/xml`, `application/json`, etc.) and respond with `406 Not Acceptable` response if not matched.

From 66013a7a3977d20f2ef27d3b336a1a0c28a71b9b Mon Sep 17 00:00:00 2001
From: Caleb Mazalevskis <maikuolan@gmail.com>
Date: Sat, 12 Nov 2022 22:59:53 +0800
Subject: [PATCH 110/149] Sync.

---
 README-ar.md    | 21 +++++++++++++++------
 README-de.md    | 21 +++++++++++++++------
 README-el.md    | 21 +++++++++++++++------
 README-es.md    | 21 +++++++++++++++------
 README-fa.md    | 21 +++++++++++++++------
 README-fr.md    | 21 +++++++++++++++------
 README-hi.md    | 21 +++++++++++++++------
 README-id.md    | 21 +++++++++++++++------
 README-it.md    | 21 +++++++++++++++------
 README-ja.md    | 21 +++++++++++++++------
 README-ko.md    | 21 +++++++++++++++------
 README-lo.md    | 21 +++++++++++++++------
 README-mk.md    | 21 +++++++++++++++------
 README-ml.md    | 21 +++++++++++++++------
 README-mn.md    | 21 +++++++++++++++------
 README-nl.md    | 21 +++++++++++++++------
 README-pl.md    | 21 +++++++++++++++------
 README-pt_BR.md | 21 +++++++++++++++------
 README-ru.md    | 21 +++++++++++++++------
 README-th.md    | 21 +++++++++++++++------
 README-tr.md    | 21 +++++++++++++++------
 README-tw.md    | 21 +++++++++++++++------
 README-uk.md    | 21 +++++++++++++++------
 README-vi.md    | 21 +++++++++++++++------
 README-zh.md    | 21 +++++++++++++++------
 25 files changed, 375 insertions(+), 150 deletions(-)

diff --git a/README-ar.md b/README-ar.md
index 31b6dba..7fdcba0 100644
--- a/README-ar.md
+++ b/README-ar.md
@@ -21,12 +21,6 @@
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;لا تقم بتخزين أي بيانات حساسة داخل محتوى رمز الـ JWT, لأنه يمكن كشف هذه المحتويات بسهولة [easily](https://jwt.io/#debugger-io).
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;تجنب تخزين الكثير من البيانات. عادةً ما تتم مشاركة JWT في الرؤوس ولديها حد للحجم.
 
-### OAuth
-- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;تحقق دائما من `redirect_uri` في الرمز البرمجي للخادوم لتسمح فقط بقائمة محددة من الروابط.
-- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;دائما حاول أن تقوم بالتبادل والرد برمز برمجي وليس بالرمز (لا تسمح `response_type=token`).
-- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;استخدم متغير `state` في الرابط مع مزيج عشوائي من الحروف لتمنع هجمات الـ CSRF على عملية المصادقة الخاصة بالـ OAuth.
-- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;حدد الصلاحية والنطاق الافتراضي scope، وقم بالتحقق منه مع كل تطبيق.
-
 ## الوصول
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;حدد الطلبات (Throttling) لتتجنب هجوم حجب الخدمة DDoS وهجوم التخمين بالقوة brute-force.
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;استخدم HTTPS على الخادوم لتتجنب هجمات التنصت على الطلبات MITM (Man In The Middle Attack).
@@ -34,6 +28,14 @@
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;قم بإيقاف تشغيل قوائم الدليل.
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;بالنسبة لواجهات برمجة التطبيقات الخاصة، اسمح بالوصول فقط من عناوين IP والمضيفين المدرجين في القائمة البيضاء.
 
+## Authorization
+
+### OAuth
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;تحقق دائما من `redirect_uri` في الرمز البرمجي للخادوم لتسمح فقط بقائمة محددة من الروابط.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;دائما حاول أن تقوم بالتبادل والرد برمز برمجي وليس بالرمز (لا تسمح `response_type=token`).
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;استخدم متغير `state` في الرابط مع مزيج عشوائي من الحروف لتمنع هجمات الـ CSRF على عملية المصادقة الخاصة بالـ OAuth.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;حدد الصلاحية والنطاق الافتراضي scope، وقم بالتحقق منه مع كل تطبيق.
+
 ## الإدخال
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;استخدم الوسيلة المناسبة HTTP method حسب العملية التي تريد القيام بها : `GET (للقرائة)`, `POST (انتاج أو اضافة)`, `PUT/PATCH (لإستبدال او تحديث)`, and `DELETE (لحذف سجل)`, و قم بالرد بـ `405 Method Not Allowed` في حالة إذا كانت الوسيلة method غير مناسبة .
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;قم بالتحقق من `content-type` في رأس الطلب reuest header أو ما يسمى بـ (Content Negotiation) لتسمح فقط بالتنسيقات المدعومة (مثال `application/xml`, `application/json`, إلى آخره) وقم بالرد بـ `406 Not Acceptable` إذا كان التنسيق غير ذلك.
@@ -71,6 +73,13 @@
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;تحقق من تبعياتك (البرنامج ونظام التشغيل) بحثًا عن نقاط الضعف المعروفة.
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;تصميم حل التراجع عن عمليات النشر rollback.
 
+## Monitoring
+- [ ] Use centralized logins for all services and components.
+- [ ] Use agents to monitor all traffic, errors, requests, and responses.
+- [ ] Use alerts for SMS, Slack, Email, Telegram, Kibana, Cloudwatch, etc.
+- [ ] Ensure that you aren't logging any sensitive data like credit cards, passwords, PINs, etc.
+- [ ] Use an IDS or/and IPS system to monitor your API requests and instances.
+
 
 ---
 
diff --git a/README-de.md b/README-de.md
index 1bf58ad..653916c 100644
--- a/README-de.md
+++ b/README-de.md
@@ -19,12 +19,6 @@ Checkliste für die wichtigsten Sicherheitsmaßnahmen beim Designen, Testen und
 - [ ] Speichere keine sensitiven Daten im JWT Payload, denn dieser kann [einfach entkodiert werden](https://jwt.io/#debugger-io).
 - [ ] Vermeiden zu viele Daten zu speichern. JWT wird normalerweise in Headern geteilt und hat eine Größenbeschränkung.
 
-### OAuth
-- [ ] Überprüfe stets die `redirect_uri` serverseitig und erlaube nur URLs aus einer Whitelist.
-- [ ] Frage immer mit einem Access-Code (vom initialen Request) einen Access-Token ab (verbiete `response_type=token`).
-- [ ] Nutze den `state` Parameter immer mit einem zufälligem Hash, um CSRF auf den OAuth Authentifizierungsprozess zu verhindern.
-- [ ] Definiere einen Standard-Scope und validiere alle Scope Parameter für jede Applikation.
-
 ## Zugriff
 - [ ] Limitiere alle Requests (Throttling), um DDoS / Brute-Force Attacken zu verhindern.
 - [ ] Nutze HTTPS serverseitig, um MITM (Man In The Middle Attack) zu verhindern.
@@ -32,6 +26,14 @@ Checkliste für die wichtigsten Sicherheitsmaßnahmen beim Designen, Testen und
 - [ ] Deaktivieren Verzeichniseinträge.
 - [ ] Erlauben für private APIs den Zugriff nur von IPs/Hosts auf der Whitelist.
 
+## Authorization
+
+### OAuth
+- [ ] Überprüfe stets die `redirect_uri` serverseitig und erlaube nur URLs aus einer Whitelist.
+- [ ] Frage immer mit einem Access-Code (vom initialen Request) einen Access-Token ab (verbiete `response_type=token`).
+- [ ] Nutze den `state` Parameter immer mit einem zufälligem Hash, um CSRF auf den OAuth Authentifizierungsprozess zu verhindern.
+- [ ] Definiere einen Standard-Scope und validiere alle Scope Parameter für jede Applikation.
+
 ## Input
 - [ ] Nutze für Requests die passenden HTTP Methoden: `GET (Lesen)`, `POST (Erzeugen)`, `PUT/PATCH (Ersetzen/Aktualisieren)`, and `DELETE (Datensatz löschen)`, und gib `405 Method Not Allowed`, wenn die angeforderte Methode nicht auf die Ressource passt.
 - [ ] Validiere den `content-type` im "Accept" Header der Anfrage und erlaube nur unterstützte Formate (wie `application/xml`, `application/json`, usw). Gib den Response `406 Not Acceptable` zurück, wenn keine der übergebenen Content-Typen unterstützt wird.
@@ -69,6 +71,13 @@ Checkliste für die wichtigsten Sicherheitsmaßnahmen beim Designen, Testen und
 - [ ] Überprüfen Ihre Abhängigkeiten (Software und Betriebssystem) auf bekannte Schwachstellen.
 - [ ] Stelle sicher, dass du im Fehlerfall auch schnell wieder den vorherigen Stand einspielen kannst (Rollback).
 
+## Monitoring
+- [ ] Use centralized logins for all services and components.
+- [ ] Use agents to monitor all traffic, errors, requests, and responses.
+- [ ] Use alerts for SMS, Slack, Email, Telegram, Kibana, Cloudwatch, etc.
+- [ ] Ensure that you aren't logging any sensitive data like credit cards, passwords, PINs, etc.
+- [ ] Use an IDS or/and IPS system to monitor your API requests and instances.
+
 
 ---
 
diff --git a/README-el.md b/README-el.md
index 32d27fe..fb0be32 100644
--- a/README-el.md
+++ b/README-el.md
@@ -19,12 +19,6 @@
 - [ ] Μη καταχωρείτε ευαίσθητα δεδομένα στο JWT payload, μπορεί να αποκρυπτογραφηθεί εύκολα [easily](https://jwt.io/#debugger-io).
 - [ ] Αποφύγετε την αποθήκευση πάρα πολλών δεδομένων. JWT είναι συνήθως κοινόχρηστο σε headers και έχουν όριο μεγέθους.
 
-### OAuth
-- [ ] Πάντα να επαληθεύετε το `redirect_uri` στο server-side και επιτρέπετε μόνο whitelisted URLs.
-- [ ] Πάντα να προσπαθήτε να ανταλλάσετε auth code και όχι tokens (μην επιτρέπετε `response_type=token`).
-- [ ] Χρησιμοποιήστε `state` παράμετρο με τυχαίο περίπλοκο κλειδί (hash) για να αποτρέψετε CSRF κατα τη διάρκεια της OAuth authentication διαδικασίας.
-- [ ] Ορίστε το προεπιλεγμένο πεδίο (default scope), και επικυρώστε τις παραμέτρους πεδίου (scope parameters) για κάθε εφαρμογή.
-
 ## Πρόσβαση (Access)
 - [ ] Περιορίστε τα αιτήματα (requests) (Throttling) για να αποφύγετε επιθέσεις DDoS / brute-force.
 - [ ] Χρησιμοποιήστε HTTPS στο server side για να αποφύγετε επιθέσεις MITM (Man in the Middle Attack).
@@ -32,6 +26,14 @@
 - [ ] Απενεργοποιήστε τις καταχωρίσεις directory.
 - [ ] Για ιδιωτικά API, επιτρέπεται η πρόσβαση μόνο από IP/κεντρικούς στη λίστα επιτρεπόμενων.
 
+## Authorization
+
+### OAuth
+- [ ] Πάντα να επαληθεύετε το `redirect_uri` στο server-side και επιτρέπετε μόνο whitelisted URLs.
+- [ ] Πάντα να προσπαθήτε να ανταλλάσετε auth code και όχι tokens (μην επιτρέπετε `response_type=token`).
+- [ ] Χρησιμοποιήστε `state` παράμετρο με τυχαίο περίπλοκο κλειδί (hash) για να αποτρέψετε CSRF κατα τη διάρκεια της OAuth authentication διαδικασίας.
+- [ ] Ορίστε το προεπιλεγμένο πεδίο (default scope), και επικυρώστε τις παραμέτρους πεδίου (scope parameters) για κάθε εφαρμογή.
+
 ## Είσοδος δεδομένων (Input)
 - [ ] Χρησιμοποιήστε την κατάλληλη HTTP μέθοδο σύμφωνα με τη λειτουργία που χρειάζεστε: `GET (read)`, `POST (create)`, `PUT/PATCH (replace/update)`, και `DELETE (για διαγραφή αρχείου)`, και απαντήστε με `405 Method Not Allowed` εάν η ζητούμενη μέθοδος δεν είναι κατάλληλη για την αιτούμενη εφαρμογή.
 - [ ] Επικυρώστε `content-type` στη ζητούμενη Accept κεφαλίδα (Content Negotiation) για να επιτρέψετε μόνο το format που υποστηρίζετε (π.χ. `application/xml`, `application/json`, κτλ.) και απαντήστε με `406 Not Acceptable` εάν δεν το υποστηρίζετε.
@@ -69,6 +71,13 @@
 - [ ] Ελέγξτε τις εξαρτήσεις σας (τόσο το λογισμικό όσο και το λειτουργικό σύστημα) για γνωστά τρωτά σημεία.
 - [ ] Σχεδιάστε rollback διαδικασίες για deployments.
 
+## Monitoring
+- [ ] Use centralized logins for all services and components.
+- [ ] Use agents to monitor all traffic, errors, requests, and responses.
+- [ ] Use alerts for SMS, Slack, Email, Telegram, Kibana, Cloudwatch, etc.
+- [ ] Ensure that you aren't logging any sensitive data like credit cards, passwords, PINs, etc.
+- [ ] Use an IDS or/and IPS system to monitor your API requests and instances.
+
 
 ---
 
diff --git a/README-es.md b/README-es.md
index 2255cb2..01fb1a8 100644
--- a/README-es.md
+++ b/README-es.md
@@ -19,12 +19,6 @@ Lista de las contramedidas de seguridad más importantes en cuanto al diseño, t
 - [ ] No almacenes información sensible en el contenido del JWT, puede ser descodificado [fácilmente](https://jwt.io/#debugger-io).
 - [ ] Evita almacenar datos muy grandes o crecientes. JWT se transmite en las headers y éstas tienen un tamaño máximo.
 
-### OAuth
-- [ ] Siempre valida `redirect_uri` en el lado del servidor para permitir sólo ciertas URLs.
-- [ ] Trata siempre de intercambiar código y no tokens (no permitas `response_type=token`).
-- [ ] Usa el parámetro `state` con un hash aleatorio para prevenir CSRF en el proceso de autenticación OAuth.
-- [ ] Define el ámbito (`scope`) por defecto, y valida los parámetros de ámbito para cada aplicación.
-
 ## Acceso
 - [ ] Limita las peticiones (`Throttling`) para prevenir ataques DDoS y de fuerza bruta.
 - [ ] Usa HTTPS en el lado del servidor para evitar ataques MITM (Man In The Middle Attack).
@@ -32,6 +26,14 @@ Lista de las contramedidas de seguridad más importantes en cuanto al diseño, t
 - [ ] Desactive las listados de directorios.
 - [ ] Para las API privadas, permita el acceso solo desde hosts/IP incluidos en la lista blanca.
 
+## Authorization
+
+### OAuth
+- [ ] Siempre valida `redirect_uri` en el lado del servidor para permitir sólo ciertas URLs.
+- [ ] Trata siempre de intercambiar código y no tokens (no permitas `response_type=token`).
+- [ ] Usa el parámetro `state` con un hash aleatorio para prevenir CSRF en el proceso de autenticación OAuth.
+- [ ] Define el ámbito (`scope`) por defecto, y valida los parámetros de ámbito para cada aplicación.
+
 ## Entradas
 - [ ] Usa el método HTTP apropiado a cada operación: `GET (lectura)`, `POST (creación)`, `PUT/PATCH (reemplazo/actualización)`, y `DELETE (borrado)`, y responde con `405 Method Not Allowed` si el método en la petición no es apropiado para el recurso.
 - [ ] Valida el `content-type` en la cabecera `Accept` de las peticiones (Content Negotiation), para permitir sólo los formatos soportados (e.g. `application/xml`, `application/json`, etc) y responde con `406 Not Acceptable` si no hay coincidencias.
@@ -69,6 +71,13 @@ Lista de las contramedidas de seguridad más importantes en cuanto al diseño, t
 - [ ] Verifique sus dependencias (tanto software como sistema operativo) en busca de vulnerabilidades conocidas.
 - [ ] Diseña un proceso de `rollback` para tus `deploys`.
 
+## Monitoring
+- [ ] Use centralized logins for all services and components.
+- [ ] Use agents to monitor all traffic, errors, requests, and responses.
+- [ ] Use alerts for SMS, Slack, Email, Telegram, Kibana, Cloudwatch, etc.
+- [ ] Ensure that you aren't logging any sensitive data like credit cards, passwords, PINs, etc.
+- [ ] Use an IDS or/and IPS system to monitor your API requests and instances.
+
 
 ---
 
diff --git a/README-fa.md b/README-fa.md
index 961300d..911b6dd 100644
--- a/README-fa.md
+++ b/README-fa.md
@@ -20,12 +20,6 @@
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;اطلاعات حساس را در پی‌لود JWT ذخیره نکنید چون [به راحتی](https://jwt.io/#debugger-io) قابل رمزگشایی است.
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;از ذخیره بیش از حد داده ها خودداری کنید. JWT معمولاً در هدر به اشتراک گذاشته می شود و محدودیت اندازه دارند.
 
-### OAuth
-- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;همیشه `redirect_uri` را در سمت سرور اعتبارسنجی کنید تا تنها به URLهای مجاز اجازه داده شود.
-- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;همیشه تلاش کنید تا code را به جای token تبادل کنید (اجازه `response_type=token` را ندهید).
-- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;از پارامتر `state` با یک هش تصادفی استفاده کنید تا از CSRF روی پروسه‌ی احراز هویت OAuth جلوگیری کنید.
-- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;مقدار scope پیش‌فرض را تعریف کنید و پارامترهای scope را برای هر اپلیکیشن اعتبارسنجی کنید.
-
 ## دسترسی
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;رکوئست‌ها را محدود کنید (Throttling) تا از حملات DDos یا بروت‌فورس جلوگیری شود.
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;در سمت سرور از HTTPS استفاده کنید تا از حملات مرد میانی جلوگیری شود.
@@ -33,6 +27,14 @@
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;لیست های دایرکتوری را خاموش کنید.
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;برای APIهای خصوصی، فقط از IPها/میزبانهای لیست سفید اجازه دسترسی داشته باشید.
 
+## Authorization
+
+### OAuth
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;همیشه `redirect_uri` را در سمت سرور اعتبارسنجی کنید تا تنها به URLهای مجاز اجازه داده شود.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;همیشه تلاش کنید تا code را به جای token تبادل کنید (اجازه `response_type=token` را ندهید).
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;از پارامتر `state` با یک هش تصادفی استفاده کنید تا از CSRF روی پروسه‌ی احراز هویت OAuth جلوگیری کنید.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;مقدار scope پیش‌فرض را تعریف کنید و پارامترهای scope را برای هر اپلیکیشن اعتبارسنجی کنید.
+
 ## ورودی
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;از متد HTTP مناسب با توجه به نوع عملیات استفاده کنید: `GET` برای خواندن، `POST` برای ایجاد کردن، `PUT/PATCH` برای جایگزین یا بروزرسانی و `DELETE` برای حذف یک رکورد، و در صورتی‌که متد درخواستی برای منبع درخواست‌شده مناسب نباشد با `405 Method Not Allowed` پاسخ بدهید.
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;مقدار `content-type` را در هدر Accept رکوئست (مذاکره محتوا یا Content Negotiation) اعتبارسنجی کنید تا فقط به فرمت‌های مورد پشتیبانی اجازه داده شود (مثلا `application/xml`، `application/json` و ...). و در صورت عدم تطابق با یک پاسخ `406 Not Acceptable` پاسخ دهید.
@@ -70,6 +72,13 @@
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;وابستگی‌هایتان (نرم افزار و سیستم عامل، هردو) را برای آسیب‌پذیری‌های شناخته شده، چک کنید.
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;برای دپلوی‌هایتان، یک راه‌حل با قابلیت عقبگرد (rollback) طراحی کنید.
 
+## Monitoring
+- [ ] Use centralized logins for all services and components.
+- [ ] Use agents to monitor all traffic, errors, requests, and responses.
+- [ ] Use alerts for SMS, Slack, Email, Telegram, Kibana, Cloudwatch, etc.
+- [ ] Ensure that you aren't logging any sensitive data like credit cards, passwords, PINs, etc.
+- [ ] Use an IDS or/and IPS system to monitor your API requests and instances.
+
 
 ---
 
diff --git a/README-fr.md b/README-fr.md
index 7d93298..a44c75f 100644
--- a/README-fr.md
+++ b/README-fr.md
@@ -19,12 +19,6 @@ Checklist des points de sécurité les plus importants lors de la conception, du
 - [ ] Ne pas stocker des informations sensibles du payload JWT, son décryptage est très [simple](https://jwt.io/#debugger-io).
 - [ ] Éviter de stocker trop de données. JWT est généralement partagé dans les en-têtes et ils ont une limite de taille.
 
-### OAuth
-- [ ] Toujours valider la redirection d'uri (`redirect_uri`) côté serveur afin d'accéder uniquement aux URLs autorisées.
-- [ ] Toujours utiliser un échange de code plutôt que des tokens (ne pas autoriser `response_type=token`).
-- [ ] Utiliser le paramètre d'état (`state`) avec un hash aléatoire pour prévenir les CSRF sur le processus d'authentification OAuth.
-- [ ] Définir la portée par défaut et valider le paramètre de portée pour chaque application.
-
 ## Accès
 - [ ] Limiter le nombre de requêtes (limitation de bande passante) pour éviter les dénis de service et les attaques par force brute.
 - [ ] Utiliser le protocole HTTPS côté serveur afin d'éviter les attaques de l'homme du milieu (MITM).
@@ -32,6 +26,14 @@ Checklist des points de sécurité les plus importants lors de la conception, du
 - [ ] Désactiver les listes du répertoires.
 - [ ] Pour les API privées, n'autorisez l'accès qu'à partir d'adresses IP/hôtes sur liste blanche.
 
+## Authorization
+
+### OAuth
+- [ ] Toujours valider la redirection d'uri (`redirect_uri`) côté serveur afin d'accéder uniquement aux URLs autorisées.
+- [ ] Toujours utiliser un échange de code plutôt que des tokens (ne pas autoriser `response_type=token`).
+- [ ] Utiliser le paramètre d'état (`state`) avec un hash aléatoire pour prévenir les CSRF sur le processus d'authentification OAuth.
+- [ ] Définir la portée par défaut et valider le paramètre de portée pour chaque application.
+
 ## Entrées
 - [ ] Utiliser la bonne méthode en fonction de l'opération, `GET (lire)`, `POST (créer)`, `PUT (remplacer/mettre à jour)` et `DELETE (pour supprimer un enregistrement)`.
 - [ ] Valider le `content-type` dans l'en-tête HTTP des requêtes (négociation de contenu) pour n'autoriser que les formats supportés (e.g. `application/xml`, `application/json`, etc…) et renvoyer une réponse `406 Not Acceptable` si ça ne correspond pas.
@@ -69,6 +71,13 @@ Checklist des points de sécurité les plus importants lors de la conception, du
 - [ ] Vérifiez vos dépendances (logiciel et système d'exploitation) pour les vulnérabilités connues.
 - [ ] Concevez une solution de rollback pour les déploiements.
 
+## Monitoring
+- [ ] Use centralized logins for all services and components.
+- [ ] Use agents to monitor all traffic, errors, requests, and responses.
+- [ ] Use alerts for SMS, Slack, Email, Telegram, Kibana, Cloudwatch, etc.
+- [ ] Ensure that you aren't logging any sensitive data like credit cards, passwords, PINs, etc.
+- [ ] Use an IDS or/and IPS system to monitor your API requests and instances.
+
 
 ---
 
diff --git a/README-hi.md b/README-hi.md
index 378a3f0..4b9735e 100644
--- a/README-hi.md
+++ b/README-hi.md
@@ -19,12 +19,6 @@
 - [ ] JWT पेलोड में संवेदनशील डेटा को संचित न करें, इसे [आसानी](https://jwt.io/#debugger-io) से डिकोड किया जा सकता है।
 - [ ] ज्यादा डाटा स्टोर करने से बचें। JWT को आमतौर पर headers में साझा किया जाता है और उनकी एक आकार सीमा होती है।
 
-### OAuth
-- [ ] केवल व्हाइटलिस्ट किए गए URL को अनुमति देने के लिए हमेशा `redirect_uri` सर्वर-पक्ष को मान्य करें।
-- [ ] हमेशा कोड के लिए आदान-प्रदान करने की कोशिश नहीं करें और टोकन न दें (`response_type=token` की अनुमति न दें)
-- [ ] OAuth प्रमाणीकरण प्रक्रिया पर CSRF को रोकने के लिए एक यादृच्छिक हैश के साथ `state` पैरामीटर का उपयोग करें।
-- [ ] डिफ़ॉल्ट स्कोप को परिभाषित करें, और प्रत्येक एप्लिकेशन के लिए स्कोप मापदंडों को मान्य करें।
-
 ## Access
 - [ ] DDOS / ब्रूट-फॉरेस्ट हमलों से बचने के लिए सीमा अनुरोध (थ्रोटलिंग)।
 - [ ] MITM (मैन इन द मिडल अटैक) से बचने के लिए सर्वर साइड पर HTTPS का उपयोग करें।
@@ -32,6 +26,14 @@
 - [ ] निर्देशिका लिस्टिंग बंद करें।
 - [ ] निजी API के लिए, केवल श्वेतसूची वाले IP/होस्ट से ही एक्सेस की अनुमति दें।
 
+## Authorization
+
+### OAuth
+- [ ] केवल व्हाइटलिस्ट किए गए URL को अनुमति देने के लिए हमेशा `redirect_uri` सर्वर-पक्ष को मान्य करें।
+- [ ] हमेशा कोड के लिए आदान-प्रदान करने की कोशिश नहीं करें और टोकन न दें (`response_type=token` की अनुमति न दें)
+- [ ] OAuth प्रमाणीकरण प्रक्रिया पर CSRF को रोकने के लिए एक यादृच्छिक हैश के साथ `state` पैरामीटर का उपयोग करें।
+- [ ] डिफ़ॉल्ट स्कोप को परिभाषित करें, और प्रत्येक एप्लिकेशन के लिए स्कोप मापदंडों को मान्य करें।
+
 ## Input
 - [ ] ऑपरेशन के अनुसार उचित HTTP विधि का प्रयोग करें: अनुरोधित विधि है, अगर `GET (पढ़ें)`, `पोस्ट (बनाएं)`, `पुट / पैच (प्रतिस्थापित / अद्यतन)`, और `हटाएं (रिकॉर्ड को हटाने के लिए)`, और `405 Method Not Allowed` के साथ प्रतिक्रिया न दें अनुरोधित संसाधन के लिए उचित नहीं है
 - [ ] अनुरोध पर `content-type` मान्य करें केवल अपने समर्थित प्रारूप (जैसे `application/xml`, `application/json`, आदि) को अनुमति देने के लिए हेडर (सामग्री वार्ता-Content Negotiation) स्वीकार करें और `406 Not Acceptable` करें यदि स्वीकार्य न हो तो।
@@ -69,6 +71,13 @@
 - [ ] ज्ञात कमजोरियों के लिए अपनी निर्भरता (सॉफ्टवेयर और ओएस दोनों) की जाँच करें।
 - [ ] तैनाती के लिए एक रोलबैक समाधान तैयार करें।
 
+## Monitoring
+- [ ] Use centralized logins for all services and components.
+- [ ] Use agents to monitor all traffic, errors, requests, and responses.
+- [ ] Use alerts for SMS, Slack, Email, Telegram, Kibana, Cloudwatch, etc.
+- [ ] Ensure that you aren't logging any sensitive data like credit cards, passwords, PINs, etc.
+- [ ] Use an IDS or/and IPS system to monitor your API requests and instances.
+
 
 ---
 
diff --git a/README-id.md b/README-id.md
index 11c93cb..8c51130 100644
--- a/README-id.md
+++ b/README-id.md
@@ -19,12 +19,6 @@ Checklist penanggulangan keamanan yang paling penting ketika merancang, menguji,
 - [ ] Jangan simpan data sensitif pada muatan JWT karena muatan JWT dapat diterjemahkan [dengan mudah](https://jwt.io/#debugger-io).
 - [ ] Hindari menyimpan terlalu banyak data. JWT biasanya dibagikan di header dan mereka memiliki batas ukuran.
 
-### OAuth
-- [ ] Selalu validasi `redirect_uri` di sisi peladen sehingga hanya URL-URL yang ada di dalam daftar putih yang boleh digunakan.
-- [ ] Selalu coba untuk mempertukarkan kode bukan token (jangan ijinkan `response_type=token`).
-- [ ] Gunakan parameter `state` dengan campuran nilai acak (_random hash_) untuk mencegah CSRF pada proses autentikasi.
-- [ ] Tetapkan cakupan baku dan validasi parameter cakupan untuk setiap aplikasi.
-
 ## Akses
 - [ ] Batasi permintaan (_throttling_) di sisi peladen untuk menghindari serangan yang dapat melumpukan sistem (Contoh: DDoS, serangan paksa).
 - [ ] Gunakan HTTPS di sisi peladen untuk menghindari serangan pencegatan / MItM (Man In The Middle Attack).
@@ -32,6 +26,14 @@ Checklist penanggulangan keamanan yang paling penting ketika merancang, menguji,
 - [ ] Matikan daftar direktori.
 - [ ] Untuk API pribadi, izinkan akses hanya dari IP/host yang masuk daftar putih.
 
+## Authorization
+
+### OAuth
+- [ ] Selalu validasi `redirect_uri` di sisi peladen sehingga hanya URL-URL yang ada di dalam daftar putih yang boleh digunakan.
+- [ ] Selalu coba untuk mempertukarkan kode bukan token (jangan ijinkan `response_type=token`).
+- [ ] Gunakan parameter `state` dengan campuran nilai acak (_random hash_) untuk mencegah CSRF pada proses autentikasi.
+- [ ] Tetapkan cakupan baku dan validasi parameter cakupan untuk setiap aplikasi.
+
 ## Masuk
 - [ ] Gunakan metode HTTP yang sesuai dengan operasi yang digunakan, `GET untuk membaca catatan`, `POST untuk membuat catatan baru`, `PUT/PATCH untuk mengganti secara keseluruhan/mengubah sebagian catatan`, `DELETE untuk menghapus catatan` dan tanggapan `405 Method Not Allowed` jika metode permintaan tidak dikenali pada sumber daya.
 - [ ] Validasi `content-type` pada tajuk _Accept_ pada permintaan (Negosiasi konten) sehingga hanya mengijinkan format yang dikenali (Contoh: `application/xml`, `application/json`, dan lain sebagainya). Berikan tanggapan `406 Not Acceptable` jika nilai tajuk _Accept_ tidak dikenali.
@@ -69,6 +71,13 @@ Checklist penanggulangan keamanan yang paling penting ketika merancang, menguji,
 - [ ] Memeriksa dependensi Anda (perangkat lunak dan OS) untuk mengetahui kerentanannya.
 - [ ] Rancang solusi kembali ke versi sebelumnya pada proses penyebaran.
 
+## Monitoring
+- [ ] Use centralized logins for all services and components.
+- [ ] Use agents to monitor all traffic, errors, requests, and responses.
+- [ ] Use alerts for SMS, Slack, Email, Telegram, Kibana, Cloudwatch, etc.
+- [ ] Ensure that you aren't logging any sensitive data like credit cards, passwords, PINs, etc.
+- [ ] Use an IDS or/and IPS system to monitor your API requests and instances.
+
 
 ---
 
diff --git a/README-it.md b/README-it.md
index eaafd8b..738af65 100644
--- a/README-it.md
+++ b/README-it.md
@@ -19,12 +19,6 @@ Una checklist per le più importanti contromisure da mettere in pratica quando s
 - [ ] Non memorizzare dati sensibili nel payload JWT, può essere decodificato [facilmente](https://jwt.io/#debugger-io).
 - [ ] Evita di archiviare troppi dati. JWT è solitamente condiviso nelle header e hanno un limite di dimensioni.
 
-### OAuth
-- [ ] Validare sempre il valore di `redirect_uri` lato server permettendo solo url verificati nella whitelist.
-- [ ] Tentare sempre lo scambio attraverso il codice e non tramite token (non permettere `response_type=token`).
-- [ ] Utilizzare il parametro `state` con un hash random per prevenire il CSRF durante il processo di autenticazione OAuth.
-- [ ] Definire lo scope di default e validare i parametri dello scope per ogni singola applicazione.
-
 ## Accesso
 - [ ] Limitare le richieste (Throttling) per evitare attacchi DDoS o brute-force.
 - [ ] Utilizzare il protocollo HTTPS per evitare attacchi MITM (Man In The Middle Attack).
@@ -32,6 +26,14 @@ Una checklist per le più importanti contromisure da mettere in pratica quando s
 - [ ] Disattiva gli elenchi di directory.
 - [ ] Per le API private, consenti l'accesso solo da IP/host nella whitelist (lista bianca).
 
+## Authorization
+
+### OAuth
+- [ ] Validare sempre il valore di `redirect_uri` lato server permettendo solo url verificati nella whitelist.
+- [ ] Tentare sempre lo scambio attraverso il codice e non tramite token (non permettere `response_type=token`).
+- [ ] Utilizzare il parametro `state` con un hash random per prevenire il CSRF durante il processo di autenticazione OAuth.
+- [ ] Definire lo scope di default e validare i parametri dello scope per ogni singola applicazione.
+
 ## Input
 - [ ] Utilizzare il metodo HTTP appropriato in base all'azione: `GET (lettura)`, `POST (scrittura)`, `PUT/PATCH (sostituzione/modifica)`, e `DELETE (cancellazione)`, e rispondere con uno status `405 Method Not Allowed` se il metodo della richiesta non è appropriato.
 - [ ] Validare il `content-type` rispetto all' Accept header (Content Negotiation) per consentire solo i formati supportati (es. `application/xml`, `application/json`, ecc.) e rispondere con un `406 Not Acceptable` se la risposta non coincide.
@@ -69,6 +71,13 @@ Una checklist per le più importanti contromisure da mettere in pratica quando s
 - [ ] Controlla le tue dipendenze (sia software che sistema operativo) per le vulnerabilità note.
 - [ ] Definire una strategia di rollback per il deploy.
 
+## Monitoring
+- [ ] Use centralized logins for all services and components.
+- [ ] Use agents to monitor all traffic, errors, requests, and responses.
+- [ ] Use alerts for SMS, Slack, Email, Telegram, Kibana, Cloudwatch, etc.
+- [ ] Ensure that you aren't logging any sensitive data like credit cards, passwords, PINs, etc.
+- [ ] Use an IDS or/and IPS system to monitor your API requests and instances.
+
 
 ---
 
diff --git a/README-ja.md b/README-ja.md
index 49cf40e..79304a4 100644
--- a/README-ja.md
+++ b/README-ja.md
@@ -19,12 +19,6 @@ APIを設計、テスト、リリースするときの最も重要なセキュ
 - [ ] JWTのペイロードに機密情報を格納してはいけない。それは[簡単に](https://jwt.io/#debugger-io)復号できる。
 - [ ] あまり多くのデータを保存するに避けるください。JWTは通常header「ヘッダー」に共有され、サイズ制限があります。
 
-### OAuth
-- [ ] サーバサイドで常に`redirect_uri`を検証し、ホワイトリストに含まれるURLのみを許可する。
-- [ ] 常にtokenではなくcodeを交換するようにする（`response_type=token`を許可しない）。
-- [ ] `state`パラメータをランダムなハッシュと共に利用し、OAuth認証プロセスでのCSRFを防ぐ。
-- [ ] デフォルトのscopeを定義し、アプリケーション毎にscopeパラメータを検証する。
-
 ## アクセス
 - [ ] DDoSやブルートフォース攻撃を回避するため、リクエストを制限（スロットリング）する。
 - [ ] MITM（Man in the Middle Attack）を防ぐため、サーバサイドではHTTPSを使用する。
@@ -32,6 +26,14 @@ APIを設計、テスト、リリースするときの最も重要なセキュ
 - [ ] ディレクトリ・リストをオフにしてください。
 - [ ] プライベートAPIの場合、ホワイト・リストに登録されたIP/ホストからのアクセスのみを許可します。
 
+## Authorization
+
+### OAuth
+- [ ] サーバサイドで常に`redirect_uri`を検証し、ホワイトリストに含まれるURLのみを許可する。
+- [ ] 常にtokenではなくcodeを交換するようにする（`response_type=token`を許可しない）。
+- [ ] `state`パラメータをランダムなハッシュと共に利用し、OAuth認証プロセスでのCSRFを防ぐ。
+- [ ] デフォルトのscopeを定義し、アプリケーション毎にscopeパラメータを検証する。
+
 ## 入力
 - [ ] 操作に応じて適切なHTTPメソッドを利用する。`GET（読み込み）`, `POST（作成）`, `PUT/PATCH（置き換え/更新）`, `DELETE（単一レコードの削除）`。リクエストメソッドがリソースに対して適切ではない場合、`405 Method Not Allowed`を返す。
 - [ ] リクエストのAcceptヘッダ（コンテンツネゴシエーション）の`content-type`を検証する。サポートしているフォーマット（例: `application/xml`, `application/json`等）は許可し、そうでない場合は`406 Not Acceptable`を返す。
@@ -69,6 +71,13 @@ APIを設計、テスト、リリースするときの最も重要なセキュ
 - [ ] 既知の脆弱性について、依存関係（ソフトウェアとOSの両方）を確認して。
 - [ ] デプロイのロールバックを用意する。
 
+## Monitoring
+- [ ] Use centralized logins for all services and components.
+- [ ] Use agents to monitor all traffic, errors, requests, and responses.
+- [ ] Use alerts for SMS, Slack, Email, Telegram, Kibana, Cloudwatch, etc.
+- [ ] Ensure that you aren't logging any sensitive data like credit cards, passwords, PINs, etc.
+- [ ] Use an IDS or/and IPS system to monitor your API requests and instances.
+
 
 ---
 
diff --git a/README-ko.md b/README-ko.md
index 8a6752b..f33c748 100644
--- a/README-ko.md
+++ b/README-ko.md
@@ -19,12 +19,6 @@ API를 설계하고, 테스트하고, 배포할 때 고려해야 할 중요한 
 - [ ] JWT 페이로드는 [디코딩이 쉽기](https://jwt.io/#debugger-io) 때문에 민감한 데이터는 저장하지 마세요.
 - [ ] 너무 많은 데이터를 저장하지 마십시오. JWT는 일반적으로 header서 공유되며 크기 제한이 있습니다.
 
-### OAuth
-- [ ] 허용된 URL만 받기 위해서는 서버 단에서 `redirect_uri`의 유효성을 항상 검증하세요.
-- [ ] 항상 토큰 대신 코드를 주고받으세요. (`response_type=token`을 허용하지 마세요)
-- [ ] OAuth 인증 프로세스에서 CSRF를 방지하기 위해 랜덤 해쉬값을 가진 `state` 파라미터를 사용하세요.
-- [ ] 디폴트 스코프를 정의하고 각 애플리케이션마다 스코프 파라미터의 유효성을 검증하세요.
-
 ## 접근 (Access)
 - [ ] DDoS나 무작위 대입 공격을 피하려면 요청 수를 제한하세요. (Throttling)
 - [ ] MITM (중간자 공격)을 피하려면 서버 단에서 HTTPS를 사용하세요.
@@ -32,6 +26,14 @@ API를 설계하고, 테스트하고, 배포할 때 고려해야 할 중요한 
 - [ ] 디렉토리 목록을 끕니다.
 - [ ] 프라이빗 API의 경우, 화이트리스트에 있는 IP/호스트에서만 액세스를 허용합니다.
 
+## Authorization
+
+### OAuth
+- [ ] 허용된 URL만 받기 위해서는 서버 단에서 `redirect_uri`의 유효성을 항상 검증하세요.
+- [ ] 항상 토큰 대신 코드를 주고받으세요. (`response_type=token`을 허용하지 마세요)
+- [ ] OAuth 인증 프로세스에서 CSRF를 방지하기 위해 랜덤 해쉬값을 가진 `state` 파라미터를 사용하세요.
+- [ ] 디폴트 스코프를 정의하고 각 애플리케이션마다 스코프 파라미터의 유효성을 검증하세요.
+
 ## 입력 및 요청 (Input)
 - [ ] 각 요청의 연산에 맞는 적절한 HTTP 메서드를 사용하세요. `GET (읽기)`, `POST (생성)`, `PUT (대체/갱신)`, `DELETE (삭제)`. 그리고 요청 메소드가 리소스에 적합하지 않은 경우 `405 Method Not Allowed`로 응답하세요.
 - [ ] 여러분이 지원하는 포맷 (예를 들어 `application/xml`이나 `application/json` 등)만을 허용하려면 요청의 Accept 헤더에서 `content-type`의 유효성을 검사하고 일치하지 않으면 `406 Not Acceptable`로 응답하세요.
@@ -69,6 +71,13 @@ API를 설계하고, 테스트하고, 배포할 때 고려해야 할 중요한 
 - [ ] 알려진 취약점이 있는지 종속성(소프트웨어 및 OS 모두)을 확인하십시오.
 - [ ] 배포에 대한 롤백 솔루션을 설계하세요.
 
+## Monitoring
+- [ ] Use centralized logins for all services and components.
+- [ ] Use agents to monitor all traffic, errors, requests, and responses.
+- [ ] Use alerts for SMS, Slack, Email, Telegram, Kibana, Cloudwatch, etc.
+- [ ] Ensure that you aren't logging any sensitive data like credit cards, passwords, PINs, etc.
+- [ ] Use an IDS or/and IPS system to monitor your API requests and instances.
+
 
 ---
 
diff --git a/README-lo.md b/README-lo.md
index 6916cbb..e4704b7 100644
--- a/README-lo.md
+++ b/README-lo.md
@@ -19,12 +19,6 @@ Checklist ທີ່ຕ້ອງໃຫ້ຄວາມສຳຄັນເມື່
 - [ ] ບໍ່ຄວນເກັບຂໍ້ມູນທີ່ສຳຄັນໃນ payload ຂອງ JWT ເພາະອາດຈະຖືກແກະໄດ້ [ງ່າຍ](https://jwt.io/#debugger-io).
 - [ ] ຫຼີກເວັ້ນການເກັບຮັກສາຂໍ້ມູນຫຼາຍເກີນໄປ. JWT ມັກຈະຖືກແບ່ງປັນໃນ headers ແລະພວກເຂົາມີຂອບເຂດຈໍາກັດ.
 
-### OAuth
-- [ ] ມີການ validate `redirect_uri` ໃນຝັ່ງ server ໂດຍຍອມຮັບ uri ສະເພາະທີ່ມີຢູ່ໃນລີສທີ່ເຮົາເຊື່ອຖືເທົ່ານັ້ນ (whitelist).
-- [ ] ບັງຄັບໃຫ້ມີການໃຊ້ response_type ເປັນ code ສະເໝີ (ພະຍາຍາມລ່ຽງບໍ່ໃຊ້ `response_type=token`).
-- [ ] ໂຕແປ `state` ໃຫ້ໃຊ້ random hash ເພື່ອປ້ອງກັນ CSRF (Cross Site Request Forgery) ໃນຕອນ OAuth authentication.
-- [ ] ກຳນົດ scope ແລະ ມີການ validate scope ໂຕແປສຳລັບແຕ່ລະແອັບ.
-
 ## Access
 - [ ] ຈຳກັດຈຳນວນສູງສຸດຂອງ request ເພື່ອປ້ອງກັນ DDoS / Bruteforce.
 - [ ] ໃຊ້ https ເພື່ອປ້ອງກັນ MITM (Man In The Middle Attack).
@@ -32,6 +26,14 @@ Checklist ທີ່ຕ້ອງໃຫ້ຄວາມສຳຄັນເມື່
 - [ ] ປິດລາຍຊື່ໄດເລກະທໍລີ.
 - [ ] ສໍາລັບ APIs ສ່ວນຕົວ, ອະນຸຍາດໃຫ້ເຂົ້າເຖິງພຽງແຕ່ຈາກ IPs/hosts ບັນຊີຂາວເທົ່ານັ້ນ.
 
+## Authorization
+
+### OAuth
+- [ ] ມີການ validate `redirect_uri` ໃນຝັ່ງ server ໂດຍຍອມຮັບ uri ສະເພາະທີ່ມີຢູ່ໃນລີສທີ່ເຮົາເຊື່ອຖືເທົ່ານັ້ນ (whitelist).
+- [ ] ບັງຄັບໃຫ້ມີການໃຊ້ response_type ເປັນ code ສະເໝີ (ພະຍາຍາມລ່ຽງບໍ່ໃຊ້ `response_type=token`).
+- [ ] ໂຕແປ `state` ໃຫ້ໃຊ້ random hash ເພື່ອປ້ອງກັນ CSRF (Cross Site Request Forgery) ໃນຕອນ OAuth authentication.
+- [ ] ກຳນົດ scope ແລະ ມີການ validate scope ໂຕແປສຳລັບແຕ່ລະແອັບ.
+
 ## Input
 - [ ] ໃຊ້ຄຳສັ່ງ HTTP ຕາມ operation ທີ່ເຮັດ ເຊັ່ນ `GET (read)`, `POST (create)`, `PUT/PATCH (replace/update)` and `DELETE (to delete a record)` ແລະ ສົ່ງກັບດ້ວຍ `405 Method Not Allowed` ຖ້າບໍ່ມີການຮອງຮັບ request ດ້ວຍ method ນັ້ນໃນລະບົບ.
 - [ ] Validate `content-type` ໃນ header ຂາ request (Content Negotiation) ໂດຍຍອມໃຫ້ສົ່ງມາສະເພາະ format ທີ່ກຳນົດ (ຕົວຢ່າງ, `application/xml`, `application/json` ... ໆລໆ) ແລະ ຕອບກັບດ້ວຍ `406 Not Acceptable` ຖ້າ format ທີ່ສົ່ງມາບໍ່ຖືກ.
@@ -69,6 +71,13 @@ Checklist ທີ່ຕ້ອງໃຫ້ຄວາມສຳຄັນເມື່
 - [ ] ກວດເບິ່ງຄວາມເພິ່ງພາອາໄສຂອງທ່ານ (ທັງຊອບແວ ແລະ OS) ສໍາລັບຊ່ອງໂຫວ່ທີ່ຮູ້ຈັກ.
 - [ ] ອອກແບບວິທີ rollback ໄວ້ກ່ອນຈະນຳຂຶ້ນໄປ ເພາະເວລາເກີດບັນຈະໄດ້ຍ້ອນກັບມາໃຊ້ version ເກົ່າໄປກ່ອນໄດ້ (ອາດເຈິໄດ້ຫຼາຍໃນຕອນພັດທະນາ feature ໃໝ່ໆ).
 
+## Monitoring
+- [ ] Use centralized logins for all services and components.
+- [ ] Use agents to monitor all traffic, errors, requests, and responses.
+- [ ] Use alerts for SMS, Slack, Email, Telegram, Kibana, Cloudwatch, etc.
+- [ ] Ensure that you aren't logging any sensitive data like credit cards, passwords, PINs, etc.
+- [ ] Use an IDS or/and IPS system to monitor your API requests and instances.
+
 
 ---
 
diff --git a/README-mk.md b/README-mk.md
index e439bdc..11c55e5 100644
--- a/README-mk.md
+++ b/README-mk.md
@@ -19,12 +19,6 @@
 - [ ] Не чувајте чувствителни податоци во JWR payload, може да се декодира [лесно](https://jwt.io/#debugger-io).
 - [ ] Избегнувајте да складирате премногу податоци. JWT обично се дели во header и тие имаат ограничување на големината.
 
-### OAuth
-- [ ] Секогаш проверувајте ја `redirect_uri` од страна на серверот за да дозволите само бела листа на адреси.
-- [ ] Секогаш обидувајте се да разменувате за код, а не токени (не дозволувајте `response_type = token`).
-- [ ] Користете `state` параметар со случаен хаш за да се спречи CSRF на процесот на автентикација на OAuth.
-- [ ] Дефинирајте го основниот опсег и проверете ги параметрите на опсегот за секоја апликација.
-
 ## Пристап
 - [ ] Ограничете ги барањата (забавување) за да избегнете напади DDoS / brute-force.
 - [ ] Користете HTTPS на страната на серверот за да избегнете MITM (Man In The Middle Attack).
@@ -32,6 +26,14 @@
 - [ ] Исклучете ги списоците на директориуми.
 - [ ] За приватни API, дозволете пристап само од IP-а/домаќини на белата листа.
 
+## Authorization
+
+### OAuth
+- [ ] Секогаш проверувајте ја `redirect_uri` од страна на серверот за да дозволите само бела листа на адреси.
+- [ ] Секогаш обидувајте се да разменувате за код, а не токени (не дозволувајте `response_type = token`).
+- [ ] Користете `state` параметар со случаен хаш за да се спречи CSRF на процесот на автентикација на OAuth.
+- [ ] Дефинирајте го основниот опсег и проверете ги параметрите на опсегот за секоја апликација.
+
 ## Влез
 - [ ] Користете ја соодветната HTTP-метод според операцијата: "GET (read)", "POST (создади)", "PUT / PATCH (замени / ажурирај)" и "DELETE (за бришење на запис) 405 Метод не е дозволено` ако бараниот метод не е соодветен за бараниот ресурс.
 - [ ] Потврдете `content-type` на барање Accept header (Content Negotiation) за да го дозволите само вашиот поддржан формат (на пр.`application/xml`, `application/json`, итн) И да одговори со 406 Not Acceptable` одговор ако не се совпаѓа.
@@ -69,6 +71,13 @@
 - [ ] Проверете ги вашите зависности (и софтвер и ОС) за познати пропусти.
 - [ ] Дизајн на rollback за во продукција.
 
+## Monitoring
+- [ ] Use centralized logins for all services and components.
+- [ ] Use agents to monitor all traffic, errors, requests, and responses.
+- [ ] Use alerts for SMS, Slack, Email, Telegram, Kibana, Cloudwatch, etc.
+- [ ] Ensure that you aren't logging any sensitive data like credit cards, passwords, PINs, etc.
+- [ ] Use an IDS or/and IPS system to monitor your API requests and instances.
+
 
 ---
 
diff --git a/README-ml.md b/README-ml.md
index 98f9bc5..dd27f6f 100644
--- a/README-ml.md
+++ b/README-ml.md
@@ -19,12 +19,6 @@
 - [ ] സെൻസിറ്റീവ് ഡാറ്റ JWT പേലോഡിൽ സൂക്ഷിക്കരുത്, അത് [എളുപ്പത്തിൽ](https://jwt.io/#debugger-io) ഡീകോഡ് ചെയ്യാം .
 - [ ] വളരെയധികം ഡാറ്റ സൂക്ഷിക്കുന്നത് ഒഴിവാക്കുക. JWT സാധാരണയായി headerകളിൽ പങ്കിടുന്നു, അവയ്‌ക്ക് വലുപ്പ പരിധിയുണ്ട്.
 
-### OAuth
-- [ ] വൈറ്റ്‌ലിസ്റ്റ് ചെയ്‌ത URL-കൾ മാത്രം അനുവദിക്കുന്നതിന് സെർവർ സൈഡിൽ എല്ലായ്‌പ്പോഴും `redirect_uri` സാധൂകരിക്കുക.
-- [ ] എപ്പോഴും ടോക്കണുകൾ കൈമാറാതെ പകരം കോഡുകൾ കൈമാറാൻ ശ്രമിക്കുക (`response_type=token` അനുവദിക്കരുത്).
-- [ ] `state` പരാമീറ്ററിനോടൊപ്പം ഒരു റാൻഡം ഹാഷ് ഉപയോഗിച്ച് OAuth ഓതെന്റിക്കേഷൻ പ്രോസസ്സിലെ `CSRF` തടയാനാവും.
-- [ ] ഓരോ ആപ്ലിക്കേഷനും ഡിഫോൾട്ട് സ്കോപ്പ് നിർവചിക്കുകയും സ്കോപ്പ് പാരാമീറ്ററുകൾ സാധൂകരിക്കുകയും ചെയ്യുക.
-
 ## ആക്സസ്
 - [ ] DDoS / ബ്രൂട്ട്-ഫോഴ്സ് ആക്രമണങ്ങൾ ഒഴിവാക്കാൻ റിക്വറ്റുകൾ (ത്രോട്ടിലിംഗ്) പരിമിതപ്പെടുത്തുക.
 - [ ] MITM (മാൻ ഇൻ ദ മിഡിൽ അറ്റാക്ക്) ഒഴിവാക്കാൻ സെർവർ സൈഡിൽ HTTPS ഉപയോഗിക്കുക.
@@ -32,6 +26,14 @@
 - [ ] ഡയറക്ടറി ലിസ്റ്റിംഗുകൾ ഓഫാക്കുക.
 - [ ] സ്വകാര്യ API-കൾക്കായി, വൈറ്റ്‌ലിസ്റ്റ് ചെയ്‌ത IP-കൾ/ഹോസ്റ്റുകളിൽ നിന്ന് മാത്രം ആക്‌സസ് അനുവദിക്കുക.
 
+## Authorization
+
+### OAuth
+- [ ] വൈറ്റ്‌ലിസ്റ്റ് ചെയ്‌ത URL-കൾ മാത്രം അനുവദിക്കുന്നതിന് സെർവർ സൈഡിൽ എല്ലായ്‌പ്പോഴും `redirect_uri` സാധൂകരിക്കുക.
+- [ ] എപ്പോഴും ടോക്കണുകൾ കൈമാറാതെ പകരം കോഡുകൾ കൈമാറാൻ ശ്രമിക്കുക (`response_type=token` അനുവദിക്കരുത്).
+- [ ] `state` പരാമീറ്ററിനോടൊപ്പം ഒരു റാൻഡം ഹാഷ് ഉപയോഗിച്ച് OAuth ഓതെന്റിക്കേഷൻ പ്രോസസ്സിലെ `CSRF` തടയാനാവും.
+- [ ] ഓരോ ആപ്ലിക്കേഷനും ഡിഫോൾട്ട് സ്കോപ്പ് നിർവചിക്കുകയും സ്കോപ്പ് പാരാമീറ്ററുകൾ സാധൂകരിക്കുകയും ചെയ്യുക.
+
 ## ഇൻപുട്ട്
 - [ ] പ്രവർത്തനത്തിനനുസരിച്ച് ശരിയായ HTTP രീതി ഉപയോഗിക്കുക: `GET (read)`, `POST (create)`, `PUT/PATCH (replace/update)`, and `DELETE (to delete a record)`, അഭ്യർത്ഥിച്ച ഉറവിടത്തിന് അഭ്യർത്ഥിച്ച രീതി അനുയോജ്യമല്ലെങ്കിൽ `405 Method Not Allowed` എന്ന് പ്രതികരിക്കുക.
 - [ ] Accept ഹെഡ്‍ർ (കണ്ടെന്റ് നെഗോഷിയേഷൻ) അവശ്യപെടുന്നതിനനുസരിച്ചു `content-type` വാലിഡേറ്റ് ചെയ്യുകയും സപ്പോർട്ട് ചെയ്യുന്ന ഫോർമാറ്റുകൾ മാത്രം അനുവദിക്കുകയും (ഉദാ. `application/xml`, `application/json`, മുതലായവ) പൊരുത്തപ്പെടുന്നില്ലെങ്കിൽ `406 Not Acceptable` എന്ന റെസ്പോൻഡ്‌സ് ഉപയോഗിച്ച് പ്രതികരിക്കുകയും ചെയ്യുക.
@@ -67,6 +69,13 @@
 - [ ] അറിയപ്പെടുന്ന കേടുപാടുകൾക്കായി നിങ്ങളുടെ ഡിപൻഡൻസികൾ (സോഫ്‌റ്റ്‌വെയറും ഒഎസും) പരിശോധിക്കുക.
 - [ ] ഡിപ്ലോയ്‌മെന്റിനായി ഒരു റോൾബാക്ക് പരിഹാരം രൂപകൽപ്പന ചെയ്യുക.
 
+## Monitoring
+- [ ] Use centralized logins for all services and components.
+- [ ] Use agents to monitor all traffic, errors, requests, and responses.
+- [ ] Use alerts for SMS, Slack, Email, Telegram, Kibana, Cloudwatch, etc.
+- [ ] Ensure that you aren't logging any sensitive data like credit cards, passwords, PINs, etc.
+- [ ] Use an IDS or/and IPS system to monitor your API requests and instances.
+
 
 ---
 
diff --git a/README-mn.md b/README-mn.md
index ff6e5bb..ef173a5 100644
--- a/README-mn.md
+++ b/README-mn.md
@@ -19,12 +19,6 @@ API гаргах, загварчлах, тестлэхэд аюулгүйн та
 - [ ] Чухал өгөгдлийг JWT payload -д бүү хадгал, decode хийхэд [амархан](https://jwt.io/#debugger-io).
 - [ ] Хэт их мэдээлэл хадгалахаас зайлсхий. JWT нь ихэвчлэн headers хэсэгт хуваагддаг бөгөөд тэдгээр нь хэмжээ хязгаартай байдаг.
 
-### OAuth
-- [ ] `redirect_uri` -ыг үргэлж сервер талд шалган зөвшөөрөгдсөн URL эсэхийг шалга.
-- [ ] Аль болох токен биш код солилц (`response_type=token` -ыг зөвшөөрч болохгүй).
-- [ ] OAuth authentication -ын үед `state` параметрийг санамсаргүй үүссэн hash ашиглан CSRF ээс сэргийлнэ.
-- [ ] Хувьсагчид анхны утга заавал оноож өг, утгыг байнга шалга.
-
 ## Access
 - [ ] Хүсэлтийн тоог хязгаарлаж (Throttling) DDoS / brute-force дайралтаас хамгаална.
 - [ ] HTTPS ашиглаж сервер талдаа MITM (Man In The Middle Attack) дайралтаас хамгаална.
@@ -32,6 +26,14 @@ API гаргах, загварчлах, тестлэхэд аюулгүйн та
 - [ ] Лавлах жагсаалтыг унтраа.
 - [ ] Хувийн API-уудын хувьд зөвхөн зөвшөөрөгдсөн жагсаалтад орсон IP/хостоос хандахыг зөвшөөрнө үү.
 
+## Authorization
+
+### OAuth
+- [ ] `redirect_uri` -ыг үргэлж сервер талд шалган зөвшөөрөгдсөн URL эсэхийг шалга.
+- [ ] Аль болох токен биш код солилц (`response_type=token` -ыг зөвшөөрч болохгүй).
+- [ ] OAuth authentication -ын үед `state` параметрийг санамсаргүй үүссэн hash ашиглан CSRF ээс сэргийлнэ.
+- [ ] Хувьсагчид анхны утга заавал оноож өг, утгыг байнга шалга.
+
 ## Input
 - [ ] Яг зөв HTTP хүсэлтийг ашигла: `GET (унших)`, `POST (үүсгэх)`, `PUT/PATCH (орлуулах/солих)`, мөн `DELETE (устгах)`, бас `405 Method Not Allowed` -ыг хүсэлтийн төрөл тодорхойгүй үед ашигла.
 - [ ] `content-type` -ыг хүсэлтийн header (Content Negotiation) дээр шалгаж зөвхөн дэмжигдсэн төрлийг зөвшөөр (Жнь. `application/xml`, `application/json`, гэх мэт) бас төрөл нь таарахгүй бол `406 Not Acceptable` хариу буцаа.
@@ -69,6 +71,13 @@ API гаргах, загварчлах, тестлэхэд аюулгүйн та
 - [ ] Мэдэгдэж буй сул талуудыг өөрийн хамаарлыг (програм хангамж болон үйлдлийн систем) шалгана уу.
 - [ ] Ямар ч үед deploy хийхэд амар шийдэл гаргах.
 
+## Monitoring
+- [ ] Use centralized logins for all services and components.
+- [ ] Use agents to monitor all traffic, errors, requests, and responses.
+- [ ] Use alerts for SMS, Slack, Email, Telegram, Kibana, Cloudwatch, etc.
+- [ ] Ensure that you aren't logging any sensitive data like credit cards, passwords, PINs, etc.
+- [ ] Use an IDS or/and IPS system to monitor your API requests and instances.
+
 
 ---
 
diff --git a/README-nl.md b/README-nl.md
index c9c183a..6c50198 100644
--- a/README-nl.md
+++ b/README-nl.md
@@ -19,12 +19,6 @@ Checklist met de belangrijkste tegenmaatregelen bij het ontwerpen, testen en uit
 - [ ] Sla geen gevoelige data op in de JWT payload, deze is [makkelijk](https://jwt.io/#debugger-io) te decoderen.
 - [ ] Vermijd het opslaan van te veel gegevens. JWT wordt meestal gedeeld in headers en ze hebben een maximale grootte.
 
-### OAuth
-- [ ] Valideer **ALTIJD** de `redirect_uri` op de server om alleen toegestane URL te accepteren.
-- [ ] Probeer altijd een exchange voor code, niet voor tokens (sta `response_type=token` niet toe).
-- [ ] Gebruik de `state` parameter met een random hash om CSRF op een OAuth authentication process te voorkomen.
-- [ ] Definieer een standaard scope, en valideer deze scope parameter voor elke applicatie.
-
 ## Toegang
 - [ ] Limiteer het aantal requests om DDoS en/of Bruteforce aanvallen te ontkrachten.
 - [ ] Gebruik HTTPS aan de server zijde om MITM (Man In The Middle Attacks) tegen te gaan.
@@ -32,6 +26,14 @@ Checklist met de belangrijkste tegenmaatregelen bij het ontwerpen, testen en uit
 - [ ] Schakel directoryvermeldingen uit.
 - [ ] Sta voor privé-API's alleen toegang toe vanaf op de witte lijst geplaatste IP's/hosts.
 
+## Authorization
+
+### OAuth
+- [ ] Valideer **ALTIJD** de `redirect_uri` op de server om alleen toegestane URL te accepteren.
+- [ ] Probeer altijd een exchange voor code, niet voor tokens (sta `response_type=token` niet toe).
+- [ ] Gebruik de `state` parameter met een random hash om CSRF op een OAuth authentication process te voorkomen.
+- [ ] Definieer een standaard scope, en valideer deze scope parameter voor elke applicatie.
+
 ## Invoer
 - [ ] Gebruik de correcte HTTP methode voor de operatie, `GET (lezen)`, `POST (schrijven)`, `PUT (vervangen/updaten)` and `DELETE (verwijderen)`.
 - [ ] Valideer de `content-type` header bij een request Accept header (Content Negotiation) om alleen de ondersteunde formaten toe te staan (b.v. `application/xml`, `application/json` ... enz) en stuur een `406 Not Acceptable` response als de `content-type` niet ondersteund is.
@@ -69,6 +71,13 @@ Checklist met de belangrijkste tegenmaatregelen bij het ontwerpen, testen en uit
 - [ ] Controleer uw afhankelijkheden (zowel software en besturingssysteem) op bekende kwetsbaarheden.
 - [ ] Ontwikkel een terugrol oplossing.
 
+## Monitoring
+- [ ] Use centralized logins for all services and components.
+- [ ] Use agents to monitor all traffic, errors, requests, and responses.
+- [ ] Use alerts for SMS, Slack, Email, Telegram, Kibana, Cloudwatch, etc.
+- [ ] Ensure that you aren't logging any sensitive data like credit cards, passwords, PINs, etc.
+- [ ] Use an IDS or/and IPS system to monitor your API requests and instances.
+
 
 ---
 
diff --git a/README-pl.md b/README-pl.md
index fed6bc0..3667abd 100644
--- a/README-pl.md
+++ b/README-pl.md
@@ -19,12 +19,6 @@ Lista kontrolna najważniejszych metod zabezpieczenia podczas projektowania, tes
 - [ ] Nie przechowuj wrażliwych danych w payloadzie `JWT`, mogą być one [łatwo zdekodowane](https://jwt.io/#debugger-io).
 - [ ] Unikaj przechowywania zbyt dużej ilości danych. JWT jest zwykle udostępniany w nagłówkach i ma limit rozmiaru.
 
-### OAuth
-- [ ] Zawsze waliduj `redirect_uri` po stronie serwera aby zezwolić tylko URL-om z dozwolonej listy (`whitelist`).
-- [ ] Zawsze próbuj wymienić kodem nie tokenami (nie zezwalaj na `response_type=token`).
-- [ ] Użyj parametru `state` z losowym hashem aby zabezpieczyć proces OAuth przed atakiem CSRF.
-- [ ] Zdefiniuj oraz waliduj zakres parametrów dla każdej aplikacji.
-
 ## Dostęp
 - [ ] Ustaw limit zapytań (Throttling) aby uniknąć ataku DDoS / brute-force.
 - [ ] Użyj HTTPS aby uniknąć MITM (Man In The Middle Attack) - Ataku polegającego na pośrednictwie w wymianie informacji pomiędzy dwoma punktami np. klientem i serwerem.
@@ -32,6 +26,14 @@ Lista kontrolna najważniejszych metod zabezpieczenia podczas projektowania, tes
 - [ ] Wyłącz wykazy katalogów.
 - [ ] W przypadku prywatnych API, zezwalaj na dostęp tylko z adresów IP/hostów umieszczonych na białej liście.
 
+## Authorization
+
+### OAuth
+- [ ] Zawsze waliduj `redirect_uri` po stronie serwera aby zezwolić tylko URL-om z dozwolonej listy (`whitelist`).
+- [ ] Zawsze próbuj wymienić kodem nie tokenami (nie zezwalaj na `response_type=token`).
+- [ ] Użyj parametru `state` z losowym hashem aby zabezpieczyć proces OAuth przed atakiem CSRF.
+- [ ] Zdefiniuj oraz waliduj zakres parametrów dla każdej aplikacji.
+
 ## Wejście
 - [ ] Użyj odpowiedniej metody protokołu HTTP dla danej operacji: `GET (odczyt)`, `POST (tworzenie)`, `PUT/PATCH (zmiana)`, and `DELETE (usuwanie)`, i odpowiadaj `405 Method Not Allowed` jeżeli metoda zapytania jest niepoprawna.
 - [ ] Waliduj `content-type` podczas zapytań i zezwalaj jedynie na wymagane typy danych (np. `application/xml`, `application/json`) oraz odpowiadaj `406 Not Acceptable` jeżeli nie pasują.
@@ -68,6 +70,13 @@ Lista kontrolna najważniejszych metod zabezpieczenia podczas projektowania, tes
 - [ ] Sprawdź swoje zależności (zarówno oprogramowanie i system operacyjny) pod kątem znanych luk w zabezpieczeniach.
 - [ ] Stwórz możliwość szybkiego wycofania udostępnionego wdrożenia.
 
+## Monitoring
+- [ ] Use centralized logins for all services and components.
+- [ ] Use agents to monitor all traffic, errors, requests, and responses.
+- [ ] Use alerts for SMS, Slack, Email, Telegram, Kibana, Cloudwatch, etc.
+- [ ] Ensure that you aren't logging any sensitive data like credit cards, passwords, PINs, etc.
+- [ ] Use an IDS or/and IPS system to monitor your API requests and instances.
+
 
 ---
 
diff --git a/README-pt_BR.md b/README-pt_BR.md
index 2173db7..087f06a 100644
--- a/README-pt_BR.md
+++ b/README-pt_BR.md
@@ -19,12 +19,6 @@ Lista das mais importantes medidas de segurança para o desenvolvimento, teste e
 - [ ] Não armazene informações confidenciais no JWT, pois elas podem ser [facilmente decodificadas](https://jwt.io/#debugger-io).
 - [ ] Evite armazenar muitos dados. JWT geralmente é compartilhado em headers e eles têm um limite de tamanho.
 
-### OAuth
-- [ ] Sempre valide o `redirect_uri` no seu servidor através de uma lista de URLs conhecidas (previamente cadastradas).
-- [ ] Tente sempre retornar códigos de negociação, não o _token_ de acesso (não permita `response_type=token`).
-- [ ] Utilize o parâmetro `state` com um _hash_ aleatório para previnir CSRF no processo de autenticação OAuth.
-- [ ] Defina escopo de dados, e valide o parâmetro `scope` para cada aplicação.
-
 ## Acesso (_Access_)
 - [ ] Limite a quantidade de requisições (_Throttling_) para evitar ataques DDoS e de força bruta.
 - [ ] Use HTTPS no seu servidor para evitar ataques MITM (_Man In The Middle Attack_).
@@ -32,6 +26,14 @@ Lista das mais importantes medidas de segurança para o desenvolvimento, teste e
 - [ ] Desative as listagens de diretórios.
 - [ ] Para APIs privadas, permita o acesso apenas de IPs/hosts da lista branca (whitelist).
 
+## Authorization
+
+### OAuth
+- [ ] Sempre valide o `redirect_uri` no seu servidor através de uma lista de URLs conhecidas (previamente cadastradas).
+- [ ] Tente sempre retornar códigos de negociação, não o _token_ de acesso (não permita `response_type=token`).
+- [ ] Utilize o parâmetro `state` com um _hash_ aleatório para previnir CSRF no processo de autenticação OAuth.
+- [ ] Defina escopo de dados, e valide o parâmetro `scope` para cada aplicação.
+
 ## Requisição (_Input_)
 - [ ] Utilize o método HTTP apropriado para cada operação, `GET (obter)`, `POST (criar)`, `PUT/PATCH (trocar/atualizar)` e `DELETE (apagar)`.
 - [ ] Valide o tipo de conteúdo informado no cabeçalho `Accept` da requisição (_Content Negotiation_) para permitir apenas os formatos suportados pela sua API (ex. `application/xml`, `application/json` ... etc), respondendo com o status `406 Not Acceptable` se ele não for suportado.
@@ -69,6 +71,13 @@ Lista das mais importantes medidas de segurança para o desenvolvimento, teste e
 - [ ] Verifique suas dependências (software e sistema operacional) para vulnerabilidades conhecidas.
 - [ ] Implemente funcionalidade de reversão de _deploy_ (_rollback_).
 
+## Monitoring
+- [ ] Use centralized logins for all services and components.
+- [ ] Use agents to monitor all traffic, errors, requests, and responses.
+- [ ] Use alerts for SMS, Slack, Email, Telegram, Kibana, Cloudwatch, etc.
+- [ ] Ensure that you aren't logging any sensitive data like credit cards, passwords, PINs, etc.
+- [ ] Use an IDS or/and IPS system to monitor your API requests and instances.
+
 
 ---
 
diff --git a/README-ru.md b/README-ru.md
index 78d3ead..dc47e7e 100644
--- a/README-ru.md
+++ b/README-ru.md
@@ -19,12 +19,6 @@
 - [ ] Не храните конфиденциальные данные в JWT, его можно [легко декодировать.](https://jwt.io/#debugger-io).
 - [ ] Избегайте хранения слишком большого количества данных. JWT обычно используется в header, и они имеют ограничение по размеру.
 
-### OAuth
-- [ ] Всегда проверяйте `redirect_uri` на стороне сервера, чтобы разрешать только URL-адреса из белых списков (whitelist).
-- [ ] Всегда старайтесь использовать одноразовый code, а не токены (не использовать `response_type=token`).
-- [ ] Используйте параметр `state` со случайным хешем, чтобы предотвратить CSRF в процессе аутентификации OAuth.
-- [ ] Определите scope по умолчанию, а также проверяйте параметры для каждого приложения.
-
 ## Доступ
 - [ ] Установите ограничение на кол-во запросов в минуту (Throttling, RPM-Limit), чтобы избежать DDoS / Brute Force атак.
 - [ ] Используйте HTTPS на стороне сервера, чтобы избежать [MITM](https://ru.wikipedia.org/wiki/Атака_посредника) (Man In The Middle Attack / атака "человек посередине").
@@ -32,6 +26,14 @@
 - [ ] Отключите списки каталогов.
 - [ ] Для частных API, разрешите доступ только с IP-адресов/хостов из белого списка.
 
+## Authorization
+
+### OAuth
+- [ ] Всегда проверяйте `redirect_uri` на стороне сервера, чтобы разрешать только URL-адреса из белых списков (whitelist).
+- [ ] Всегда старайтесь использовать одноразовый code, а не токены (не использовать `response_type=token`).
+- [ ] Используйте параметр `state` со случайным хешем, чтобы предотвратить CSRF в процессе аутентификации OAuth.
+- [ ] Определите scope по умолчанию, а также проверяйте параметры для каждого приложения.
+
 ## Запрос
 - [ ] Используйте соответствующий HTTP-метод в соответствии с операцией: `GET (чтение)`, `POST (создание)`, `PUT / PATCH (замена / обновление)` и `DELETE (удаление)`, а также ответьте `405 Method Not Allowed`, если запрошенный метод не подходит для запрашиваемого ресурса.
 - [ ] Проверяй тип данных в заголовке `Accept`, чтобы разрешить только поддерживаемые форматы (например, `application/xml`, `application/json` и т.д.) И отвечайте `406 Not Acceptable`, если тип не поддерживается.
@@ -69,6 +71,13 @@
 - [ ] Проверьте свои зависимости (как программное обеспечение и ОС) на наличие известных уязвимостей.
 - [ ] Сделайте возможным быстрый откат на предыдущую версию.
 
+## Monitoring
+- [ ] Use centralized logins for all services and components.
+- [ ] Use agents to monitor all traffic, errors, requests, and responses.
+- [ ] Use alerts for SMS, Slack, Email, Telegram, Kibana, Cloudwatch, etc.
+- [ ] Ensure that you aren't logging any sensitive data like credit cards, passwords, PINs, etc.
+- [ ] Use an IDS or/and IPS system to monitor your API requests and instances.
+
 
 ---
 
diff --git a/README-th.md b/README-th.md
index e6dbbb1..78c8819 100644
--- a/README-th.md
+++ b/README-th.md
@@ -19,12 +19,6 @@ Checklist ที่ต้องให้ความสำคัญเมื่
 - [ ] ไม่ควรเก็บข้อมูลสำคัญใน payload ของ JWT เพราะอาจถูกแกะได้ [ง่าย](https://jwt.io/#debugger-io).
 - [ ] หลีกเลี่ยงการจัดเก็บข้อมูลมากเกินไป. JWT มักใช้ร่วมกันใน header และมีขนาดจำกัด.
 
-### OAuth
-- [ ] มีการ validate `redirect_uri` ในฝั่ง server โดยยอมรับuriเฉพาะที่มีอยู่ในลิสต์ที่เราเชื่อถือเท่านั้น (whitelist)
-- [ ] บังคับให้มีการใช้ response_type เป็น code เสมอ (พยายามเลี่ยง `response_type=token`)
-- [ ] ตัวแปร `state` ให้ใช้ random hash เพื่อป้องกัน CSRF (Cross Site Request Forgery) ในช่วง OAuth authentication.
-- [ ] กำหนด scope และมีการ validate scope ตัวแปรสำหรับแต่ละแอป
-
 ## Access
 - [ ] จำกัดจำนวนสูงสุดของ request เพื่อป้องกัน DDoS / Bruteforce.
 - [ ] ใช้ https เพื่อป้องกัน MITM (Man In The Middle Attack).
@@ -32,6 +26,14 @@ Checklist ที่ต้องให้ความสำคัญเมื่
 - [ ] ปิดรายการไดเรกทอรี.
 - [ ] สำหรับ API ส่วนตัว อนุญาตการเข้าถึงจาก IP/โฮสต์ที่อนุญาตพิเศษเท่านั้น.
 
+## Authorization
+
+### OAuth
+- [ ] มีการ validate `redirect_uri` ในฝั่ง server โดยยอมรับuriเฉพาะที่มีอยู่ในลิสต์ที่เราเชื่อถือเท่านั้น (whitelist).
+- [ ] บังคับให้มีการใช้ response_type เป็น code เสมอ (พยายามเลี่ยง `response_type=token`).
+- [ ] ตัวแปร `state` ให้ใช้ random hash เพื่อป้องกัน CSRF (Cross Site Request Forgery) ในช่วง OAuth authentication.
+- [ ] กำหนด scope และมีการ validate scope ตัวแปรสำหรับแต่ละแอป.
+
 ## Input
 - [ ] ใช้คำสั่ง HTTP ตาม operation ที่ทำ เช่น `GET (read)`, `POST (create)`, `PUT/PATCH (replace/update)` and `DELETE (to delete a record)` และตอบกลับด้วย `405 Method Not Allowed` ถ้าไม่มีการรองรับ request ด้วย method นั้นในระบบ.
 - [ ] Validate `content-type` ใน header ขา request (Content Negotiation) โดยยอมให้ส่งมาเฉพาะ format ที่กำหนด (e.g. `application/xml`, `application/json`... และอื่นๆ) และตอบกลับด้วย `406 Not Acceptable` ถ้า format ที่ส่งมาไม่ถูก.
@@ -68,6 +70,13 @@ Checklist ที่ต้องให้ความสำคัญเมื่
 - [ ] ตรวจสอบการพึ่งพาของคุณ (ทั้งซอฟต์แวร์และระบบปฏิบัติการ) เพื่อหาช่องโหว่ที่ทราบ.
 - [ ] ออกแบบวิธี rollback ไว้ด้วยก่อนจะนำขึ้นไป เพราะเวลาเกิดปัญหาจะได้ย้อนกลับมาใช้ version เก่าไปก่อนได้ (อาจพบได้บ่อยตอนพัฒนา feature ใหม่ๆ)
 
+## Monitoring
+- [ ] Use centralized logins for all services and components.
+- [ ] Use agents to monitor all traffic, errors, requests, and responses.
+- [ ] Use alerts for SMS, Slack, Email, Telegram, Kibana, Cloudwatch, etc.
+- [ ] Ensure that you aren't logging any sensitive data like credit cards, passwords, PINs, etc.
+- [ ] Use an IDS or/and IPS system to monitor your API requests and instances.
+
 
 ---
 
diff --git a/README-tr.md b/README-tr.md
index cebbeb1..658fd2d 100644
--- a/README-tr.md
+++ b/README-tr.md
@@ -19,12 +19,6 @@ API'nizi tasarlarken, test ederken ve yayınlarken en önemli güvenlik önlemle
 - [ ] Hassas verilerinizi JWT payload içine koymayın, [Kolayca](https://jwt.io/#debugger-io) çözülebilir.
 - [ ] Çok fazla veri depolamaktan kaçının. JWT genellikle header'larda paylaşılır ve bunların bir boyut sınırı vardır.
 
-### OAuth
-- [ ] Yalnızca beyaz listeye eklenen URL'lere izin vermek için sunucu tarafındaki `redirect_uri` bilgisini her zaman doğrulayın.
-- [ ] Her zaman code değiştirmeyi deneyin token değiştirmeyi değil (`response_type=token` kullanımına izin vermeyin).
-- [ ] OAuth kimlik doğrulama işlemi sırasında CSRF'yi önlemek için `state` parametresini rasgele hashleyerek kullanın.
-- [ ] Varsayılan kapsamı tanımlayın ve her uygulama için kapsam parametrelerini doğrulayın.
-
 ## Erişim
 - [ ] DDoS ya da kaba kuvvet saldırılarından korunmak için istekleri sınırlamalısınız.
 - [ ] MITM (Man In The Middle Attack) saldırılarında korunmak için sunucu tarafında HTTPS kullanın.
@@ -32,6 +26,14 @@ API'nizi tasarlarken, test ederken ve yayınlarken en önemli güvenlik önlemle
 - [ ] Dizin listelerini kapatın.
 - [ ] Özel API'ler için, yalnızca beyaz listedeki IP'lerden/host'lardan erişime izin verin.
 
+## Authorization
+
+### OAuth
+- [ ] Yalnızca beyaz listeye eklenen URL'lere izin vermek için sunucu tarafındaki `redirect_uri` bilgisini her zaman doğrulayın.
+- [ ] Her zaman code değiştirmeyi deneyin token değiştirmeyi değil (`response_type=token` kullanımına izin vermeyin).
+- [ ] OAuth kimlik doğrulama işlemi sırasında CSRF'yi önlemek için `state` parametresini rasgele hashleyerek kullanın.
+- [ ] Varsayılan kapsamı tanımlayın ve her uygulama için kapsam parametrelerini doğrulayın.
+
 ## Girdi
 - [ ] İşleme göre uygun HTTP yöntemini kullanın: `GET (okumak)`, `POST (oluşturmak)`, `PUT/PATCH (değiştirmek/güncellemk)`, ve `DELETE (bir kaydı silmek için)`, eğer istenen yöntem istenen kaynak için uygun değilse `405 Method Not Allowed` mesajı ile cevap verin.
 - [ ] Accept header gelen `content-type` beklediğiniz ve izin verdiğiniz formatta olup olmadığını kontrol edin. (ör. `application/xml`, `application/json`, v.b.) Format uyuşmuyorsa `406 Not Acceptable` mesajı ile cevap verin.
@@ -69,6 +71,13 @@ API'nizi tasarlarken, test ederken ve yayınlarken en önemli güvenlik önlemle
 - [ ] Bilinen güvenlik açıkları için bağımlılıklarınızı (hem yazılım hem de işletim sistemi) kontrol edin.
 - [ ] Dağıtımlar için bir geriye dönme çözümü tasarlayın.
 
+## Monitoring
+- [ ] Use centralized logins for all services and components.
+- [ ] Use agents to monitor all traffic, errors, requests, and responses.
+- [ ] Use alerts for SMS, Slack, Email, Telegram, Kibana, Cloudwatch, etc.
+- [ ] Ensure that you aren't logging any sensitive data like credit cards, passwords, PINs, etc.
+- [ ] Use an IDS or/and IPS system to monitor your API requests and instances.
+
 
 ---
 
diff --git a/README-tw.md b/README-tw.md
index e5abe9d..0cc7524 100644
--- a/README-tw.md
+++ b/README-tw.md
@@ -19,12 +19,6 @@
 - [ ] 不要在 JWT 的請求體中存放敏感數據, 它是[可破解的](https://jwt.io/#debugger-io).
 - [ ] 避免存儲過多的數據。 JWT 通常在標頭中共享，並且它們有大小限制。
 
-### OAuth 授權或認證協議
-- [ ] 始終在後台驗證 `redirect_uri`, 只允許白名單的 URL.
-- [ ] 每次交換令牌的時候不要加 token (不允許 `response_type=token`).
-- [ ] 使用 `state` 參數並填充隨機的哈希數來防止跨站請求偽造(CSRF).
-- [ ] 對不同的應用分別定義默認的作用域和各自有效的作用域參數.
-
 ## 訪問
 - [ ] 限制流量來防止 DDoS 攻擊和暴力攻擊.
 - [ ] 在服務端使用 HTTPS 協議來防止 MITM 攻擊.
@@ -32,6 +26,14 @@
 - [ ] 關閉目錄列表。
 - [ ] 對於私有 API，僅允許從列入白名單的 IP/主機進行訪問。
 
+## Authorization
+
+### OAuth 授權或認證協議
+- [ ] 始終在後台驗證 `redirect_uri`, 只允許白名單的 URL.
+- [ ] 每次交換令牌的時候不要加 token (不允許 `response_type=token`).
+- [ ] 使用 `state` 參數並填充隨機的哈希數來防止跨站請求偽造(CSRF).
+- [ ] 對不同的應用分別定義默認的作用域和各自有效的作用域參數.
+
 ## 輸入
 - [ ] 使用與操作相符的 HTTP 操作函數, `GET (讀取)`, `POST (創建)`, `PUT (替換/更新)` 以及 `DELETE (刪除記錄)`, 如果請求的方法不適用於請求的資源則返回 `405 Method Not Allowed`.
 - [ ] 在請求頭中的 `content-type` 欄位使用內容驗證來只允許支持的格式 (如 `application/xml`, `application/json` 等等) 並在不滿足條件的時候返回 `406 Not Acceptable`.
@@ -69,6 +71,13 @@
 - [ ] 檢查您的依賴項（軟件和操作系統）是否存在已知漏洞。
 - [ ] 為部署設計一個回滾方案.
 
+## Monitoring
+- [ ] Use centralized logins for all services and components.
+- [ ] Use agents to monitor all traffic, errors, requests, and responses.
+- [ ] Use alerts for SMS, Slack, Email, Telegram, Kibana, Cloudwatch, etc.
+- [ ] Ensure that you aren't logging any sensitive data like credit cards, passwords, PINs, etc.
+- [ ] Use an IDS or/and IPS system to monitor your API requests and instances.
+
 
 ---
 
diff --git a/README-uk.md b/README-uk.md
index dd6c2e8..e38d27c 100644
--- a/README-uk.md
+++ b/README-uk.md
@@ -19,12 +19,6 @@
 - [ ] Не зберігайте конфіденційні дані в корисне навантаження JWT, її можна [легко декодувати.](Https://jwt.io/#debugger-io).
 - [ ] Уникайте зберігання занадто великої кількості даних. JWT зазвичай спільно використовується в header, і вони мають обмеження на розмір.
 
-### OAuth
-- [ ] Завжди перевіряйте `redirect_uri` на стороні сервера, щоб дозволяти тільки URL-адреси з білими списками.
-- [ ] Завжди намагайтеся обмінювати код, а не токени (не дозволяти `response_type = token`).
-- [ ] Використовуйте параметр `стану` з випадковим хешем, щоб запобігти CSRF в процесі аутентифікації OAuth.
-- [ ] Визначте область за замовчуванням і перевірте параметри області для кожної програми.
-
 ## Доступ
 - [ ] Обмежте запити (Throttling), щоб уникнути DDoS атак / грубої сили (Brute Force).
 - [ ] Використовуйте HTTPS на стороні сервера, щоб уникнути MITM (Man In The Middle Attack / Атака посередника).
@@ -32,6 +26,14 @@
 - [ ] Вимкніть списки каталогів.
 - [ ] Для приватних API, дозвольте доступ лише з IP-адрес/хостів із білого списку.
 
+## Authorization
+
+### OAuth
+- [ ] Завжди перевіряйте `redirect_uri` на стороні сервера, щоб дозволяти тільки URL-адреси з білими списками.
+- [ ] Завжди намагайтеся обмінювати код, а не токени (не дозволяти `response_type = token`).
+- [ ] Використовуйте параметр `стану` з випадковим хешем, щоб запобігти CSRF в процесі аутентифікації OAuth.
+- [ ] Визначте область за замовчуванням і перевірте параметри області для кожної програми.
+
 ## Введення
 - [ ] Використовуйте відповідний HTTP-метод відповідно до операції: `GET (читання),` POST (створення) `,` PUT / PATCH (заміна / оновлення) `і` DELETE (для видалення запису) `, а також дайте відповідь` 405 Method Not Allowed`, якщо запитаний метод не підходить для запитуваного ресурсу.
 - [ ] Підтвердіть `тип вмісту` за запитом "Прийняти заголовок" (Консолідація контенту), щоб дозволити тільки підтримуваний формат (наприклад: `application/xml`, `application/json` і т.д.) І відповідайте з неприпустимим відповіддю 406, якщо він не узгоджений.
@@ -69,6 +71,13 @@
 - [ ] Перевірте свої залежності (як програмне забезпечення, так і ОС) на відомі вразливості.
 - [ ] Створіть рішення відкату для розгортання.
 
+## Monitoring
+- [ ] Use centralized logins for all services and components.
+- [ ] Use agents to monitor all traffic, errors, requests, and responses.
+- [ ] Use alerts for SMS, Slack, Email, Telegram, Kibana, Cloudwatch, etc.
+- [ ] Ensure that you aren't logging any sensitive data like credit cards, passwords, PINs, etc.
+- [ ] Use an IDS or/and IPS system to monitor your API requests and instances.
+
 
 ---
 
diff --git a/README-vi.md b/README-vi.md
index fdcf437..c0d2cef 100644
--- a/README-vi.md
+++ b/README-vi.md
@@ -19,12 +19,6 @@ Những giải pháp an toàn và cách khắc phục khi thiết kế, kiểm t
 - [ ] Không lưu các thông tin nhạy cảm trong JWT, nó có thể [dễ dàng](https://jwt.io/#debugger-io) được giải mã.
 - [ ] Tránh lưu trữ quá nhiều dữ liệu. JWT thường được chia sẻ trong header và chúng có giới hạn về kích thước.
 
-### OAuth Ủy quyền hoặc chứng thực giao thức
-- [ ] Luôn xác nhận `redirect_uri` phía server để chỉ cho phép redirect đến các URL tin cậy.
-- [ ] Ưu tiên sử dụng `response_type=code` thay vì `response_type=token`).
-- [ ] Sử dụng tham số `state` cùng một giá trị hash ngẫu nhiên để chống lại tấn công CSRF trong quá trình xác thực OAuth.
-- [ ] Định nghĩa phạm vi mặc định, và xác nhận các tham số phạm vi cho mỗi ứng dụng.
-
 ## Quyền
 - [ ] Giới hạn request (Throttling) để phòng tránh các tấn công DDoS / brute-force.
 - [ ] Sử dụng giao thức HTTPS ở phía server để tránh MITM (Man In The Middle Attack).
@@ -32,6 +26,14 @@ Những giải pháp an toàn và cách khắc phục khi thiết kế, kiểm t
 - [ ] Tắt danh sách thư mục.
 - [ ] Đối với các API riêng tư, chỉ cho phép truy cập từ các IP / máy chủ có trong danh sách cho phép / danh sách trắng / whitelist.
 
+## Authorization
+
+### OAuth Ủy quyền hoặc chứng thực giao thức
+- [ ] Luôn xác nhận `redirect_uri` phía server để chỉ cho phép redirect đến các URL tin cậy.
+- [ ] Ưu tiên sử dụng `response_type=code` thay vì `response_type=token`).
+- [ ] Sử dụng tham số `state` cùng một giá trị hash ngẫu nhiên để chống lại tấn công CSRF trong quá trình xác thực OAuth.
+- [ ] Định nghĩa phạm vi mặc định, và xác nhận các tham số phạm vi cho mỗi ứng dụng.
+
 ## Input
 - [ ] Sử dụng các HTTP method phù hợp với từng hành động: `GET (đọc)`, `POST (tạo mới)`, `PUT/PATCH (cập nhật/sửa)`, `DELETE (để xóa bản ghi)`, và phản hồi `405 Method Not Allowed` nếu HTTP method không phù hợp với tài nguyên được request.
 - [ ] Xác nhận dữ liệu `content-type` ở mỗi tiêu đề (Content Negotiation) chỉ cho phép những định dạng được hỗ trợ (chẳng hạn như. `application/xml`, `application/json`, vv) và phản hồi `406 Not Acceptable` nếu không khớp.
@@ -69,6 +71,13 @@ Những giải pháp an toàn và cách khắc phục khi thiết kế, kiểm t
 - [ ] Kiểm tra các phần phụ thuộc của bạn (cả phần mềm và hệ điều hành) để tìm các lỗ hổng đã biết.
 - [ ] Thiết kế một giải pháp rollback cho việc triển khai.
 
+## Monitoring
+- [ ] Use centralized logins for all services and components.
+- [ ] Use agents to monitor all traffic, errors, requests, and responses.
+- [ ] Use alerts for SMS, Slack, Email, Telegram, Kibana, Cloudwatch, etc.
+- [ ] Ensure that you aren't logging any sensitive data like credit cards, passwords, PINs, etc.
+- [ ] Use an IDS or/and IPS system to monitor your API requests and instances.
+
 
 ---
 
diff --git a/README-zh.md b/README-zh.md
index b5bf6ab..661f895 100644
--- a/README-zh.md
+++ b/README-zh.md
@@ -19,12 +19,6 @@
 - [ ] 不要在 JWT 的请求体中存放敏感数据，因为它是[可解码的](https://jwt.io/#debugger-io)。
 - [ ] 避免存储过多的数据。 JWT 通常在标头中共享，并且它们有大小限制。
 
-### OAuth 授权或认证协议
-- [ ] 始终在后台验证 `redirect_uri`，只允许白名单的 URL。
-- [ ] 始终在授权时使用有效期较短的授权码（code）而不是令牌（access_token）（不允许 `response_type=token`）。
-- [ ] 使用随机哈希数的 `state` 参数来防止跨站请求伪造（CSRF）。
-- [ ] 对不同的应用分别定义默认的作用域和各自有效的作用域参数。
-
 ## 访问
 - [ ] 限制流量来防止 DDoS 攻击和暴力攻击。
 - [ ] 在服务端使用 HTTPS 协议来防止 MITM （中间人攻击）。
@@ -32,6 +26,14 @@
 - [ ] 关闭目录列表。
 - [ ] 对于私有 API，仅允许从列入白名单的 IP/主机进行访问。
 
+## Authorization
+
+### OAuth 授权或认证协议
+- [ ] 始终在后台验证 `redirect_uri`，只允许白名单的 URL。
+- [ ] 始终在授权时使用有效期较短的授权码（code）而不是令牌（access_token）（不允许 `response_type=token`）。
+- [ ] 使用随机哈希数的 `state` 参数来防止跨站请求伪造（CSRF）。
+- [ ] 对不同的应用分别定义默认的作用域和各自有效的作用域参数。
+
 ## 输入
 - [ ] 使用与操作相符的 HTTP 操作函数，`GET（读取)`，`POST（创建）`，`PUT（替换/更新）` 以及 `DELETE（删除记录）`，如果请求的方法不适用于请求的资源则返回 `405 Method Not Allowed`。
 - [ ] 在请求头中的 `content-type` 字段使用内容验证来只允许支持的格式（如 `application/xml`，`application/json` 等等）并在不满足条件的时候返回 `406 Not Acceptable`。
@@ -69,6 +71,13 @@
 - [ ] 检查您的依赖项（软件和操作系统）是否存在已知漏洞。
 - [ ] 为部署设计一个回滚方案。
 
+## Monitoring
+- [ ] Use centralized logins for all services and components.
+- [ ] Use agents to monitor all traffic, errors, requests, and responses.
+- [ ] Use alerts for SMS, Slack, Email, Telegram, Kibana, Cloudwatch, etc.
+- [ ] Ensure that you aren't logging any sensitive data like credit cards, passwords, PINs, etc.
+- [ ] Use an IDS or/and IPS system to monitor your API requests and instances.
+
 
 ---
 

From 4c41a9ce594c68bd055173ce92eac6d423281ced Mon Sep 17 00:00:00 2001
From: Caleb Mazalevskis <maikuolan@gmail.com>
Date: Sat, 12 Nov 2022 23:08:36 +0800
Subject: [PATCH 111/149] Sync.

---
 README-hi.md | 4 ++--
 README-ml.md | 2 ++
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/README-hi.md b/README-hi.md
index 4b9735e..ec953b3 100644
--- a/README-hi.md
+++ b/README-hi.md
@@ -82,10 +82,10 @@
 ---
 
 ## यह भी देखें:
-[yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) RESTful HTTP+JSON APIs के निर्माण के लिए उपयोगी संसाधनों का संग्रह।
+- [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) RESTful HTTP+JSON APIs के निर्माण के लिए उपयोगी संसाधनों का संग्रह।
 
 
 ---
 
-## योगदान
+# योगदान
 इस रिपोजिटरी contribute, कुछ बदलाव करने और pull request सबमिट करने में योगदान करने के लिए स्वतंत्र महसूस करें। किसी भी प्रश्न के लिए हमें `team@shieldfy.io` पर एक ईमेल है।
diff --git a/README-ml.md b/README-ml.md
index dd27f6f..24c9f79 100644
--- a/README-ml.md
+++ b/README-ml.md
@@ -40,6 +40,8 @@
 - [ ] പോസ്റ്റ് ചെയ്‌ത ടാറ്റായുടെ `content-type` നിങ്ങൾ അനുവദിക്കുന്നതതിനനുസരിച് വാലിഡേറ്റ് ചെയ്യുക. (ഉദാ: `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json`, മുതലായവ).
 - [ ] പൊതുവായ വൾനറബിലിറ്റികൾ ഒഴിവാക്കാൻ യൂസർ ഇൻപുട്ട് സാധൂകരിക്കുക (ഉദാ: `XSS`, `SQL-ഇൻജെക്ഷൻ`, `റിമോട്ട് കോഡ് എക്സിക്യൂഷൻ`, മുതലായവ).
 - [ ] സെർവർ സൈഡ് എൻക്രിപ്ഷൻ മാത്രം ഉപയോഗിക്കുക.
+- [ ] സെർവർ സൈഡ് എൻക്രിപ്ഷൻ മാത്രം ഉപയോഗിക്കുക.
+- [ ] കാഷിംഗ്, നിരക്ക് പരിധി നയങ്ങൾ (ഉദാ. `Quota`, `Spike Arrest`, `Concurrent Rate Limit`) എന്നിവ പ്രവർത്തനക്ഷമമാക്കുന്നതിനും API-കളുടെ ഉറവിടങ്ങൾ ചലനാത്മകമായി വിന്യസിക്കുന്നതിനും ഒരു API ഗേറ്റ്‌വേ സേവനം ഉപയോഗിക്കുക.
 
 ## പ്രോസസ്സിംഗ്
 - [ ] തകർന്ന ഓതെന്റിക്കേഷൻ പ്രക്രിയ ഒഴിവാക്കാൻ എല്ലാ എൻഡ് പോയിന്റുകളും ഓതെന്റിക്കേഷൻന് പിന്നിൽ പരിരക്ഷിച്ചിട്ടുണ്ടോയെന്ന് പരിശോധിക്കുക.

From 3a61da2b45231a5191551a46cea6d738a3d6e884 Mon Sep 17 00:00:00 2001
From: abkarim <akskarim17@gmail.com>
Date: Sun, 20 Nov 2022 05:29:59 +0600
Subject: [PATCH 112/149] Added bn

---
 README-bn.md | 100 +++++++++++++++++++++++++++++++++++++++++++++++++++
 README.md    |   2 +-
 2 files changed, 101 insertions(+), 1 deletion(-)
 create mode 100644 README-bn.md

diff --git a/README-bn.md b/README-bn.md
new file mode 100644
index 0000000..68c3d28
--- /dev/null
+++ b/README-bn.md
@@ -0,0 +1,100 @@
+[繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) |[Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [Ελληνικά](./README-el.md) | [فارسی](./README-fa.md) | [മലയാളം](./README-ml.md)
+
+# API নিরাপত্তা তালিকা
+
+তালিকা করুন সবচেয়ে গুরুত্বপূর্ন নিরাপত্তা পাল্টা ব্যবস্থা যখন পরিকল্পনা, পরীক্ষামূলক, এবং নিষ্কৃতি করছেন আপনার API।
+
+---
+
+## Authentication
+
+- [ ] `Basic Auth` ব্যাবহার করবেন না । এর পরিবর্তে standard প্রমাণীকরণ ব্যবহার করুন (যেমন [JWT](https://jwt.io/)).
+- [ ] `Authentication`, `token generation`, `password storage` এ নতুন করে চাকা উদ্ভাবন করবেন না । standards গুলোই ব্যবহার করুন ।
+- [ ] `Max Retry` এবং জেলে দেওয়া(block) বৈশিষ্ট্য সম্পূর্ণ করুন
+- [ ] সংবেদনশীল তথ্য গোপন(encryption) করে ব্যবহার করন
+
+### JWT (JSON Web Token)
+
+- [ ] একটি এলোমেলো জটিল পিন (`JWT Secret`) ব্যবহার করুন brute forcing প্রক্রিয়া কে অনেক কঠিন করতে।
+- [ ] header থেকে অ্যালগরিদম নির্যাস(extract) করবেন না।অ্যালগরিদম টি কে ব্যাকএন্ড(backend) এ পাঠিয়ে দিন (`HS256` অথবা `RS256`) ।
+- [ ] টোকেন (`TTL`, `RTTL`) মেয়াদকাল যত কম করা যায় তা করেন ।
+- [ ] সংবেদনশীল তথ্য JWT payload এ সংরক্ষণ করবেন না। এটি খুব সহজে ডিকোড করা যায় [easily](https://jwt.io/#debugger-io)।
+- [ ] অনেক বেশি তথ্য সংরক্ষণ করবেন না। JWT এটি সাধারণত হেডার এ ভাগ করে এবং এটার একটা আয়তন সীমা আছে।
+
+## Access
+
+- [ ] Requests এ সীমা দিয়ে দিন (Throttling) DDoS / brute-force আক্রমণ এড়ানোর জন্য।
+- [ ] সার্ভার এ HTTPS এর সাথে TLS 1.2+ এবং নিরাপদ ciphers ব্যবহার করুন MITM (Man in the Middle Attack) এড়ানোর জন্য।
+- [ ] `HSTS` header ব্যবহার করুন SSL এর সাছে SSL Strip আক্রমণ এড়ানোর জন্য।
+- [ ] Directory তালিকা দেখানো বন্ধ করুন।
+- [ ] ব্যক্তিগত APIs এর জন্য, শুধুমাত্র সাদা তালিকাভুক্ত IPs/hosts থেকে access গ্রহণ করুন।
+
+## Authorization
+
+### OAuth
+
+- [ ] `redirect_uri` সব সময় সার্ভার এ যাচাই করে শুধুমাত্র সাদা তালিকাভুক্ত URLs কে গ্রহণ করবেন।
+- [ ] সর্বদা কোড বিনিময় করার চেষ্টা করুন, টোকেন নয় (`response_type=token` গ্রহণ করবেন না)।
+- [ ] OAuth অনুমোদন প্রক্রিয়া কালে CSRF আক্রমণ থেকে বাচার জন্য `state` প্যারামিটারটি সবসময় এলোমেলো hash এর সাথে বেব্যহার করবেন।
+- [ ] ডিফল্ট scope সংজ্ঞায়িত করুন, এবং প্রতিটি আবেদনের জন্য প্যারামিটারটি যাচাই করুন.
+
+## Input
+
+- [ ] যথাযথ HTTP পদ্ধতি ব্যবহার করুন কাজ অনুযায়ী: `GET (পড়া)`, `POST (সৃষ্টি করা)`, `PUT/PATCH (প্রতিস্থাপন/হালনাগাদ)`, and `DELETE (মুছে ফেলা)`, এবং `405 Method Not Allowed` জবাব দেওয়া যদি resource এর সাথে উপযুক্ত না হয়।
+- [ ] আলাপ - আলোচনা করার সময় `content-type` টি যাচাই করুন এবং আপনার সমর্থিত বিন্যাস (যেমন, `application/xml`, `application/json`, ইত্যাদি) না হলে `406 Not Acceptable` জবাব দেওয়া।
+- [ ] পাঠানো তথ্য `content-type` টি যাচাই করুন এবং আপনার সমর্থিত বিন্যাস এর সাথে (যেমন, `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json`, ইত্যাদি)।
+- [ ] সাধারণ এবং সচরাচর দুর্বলতা এড়াতে ব্যবহারকারীর ইনপুট যাচাই করা (যেমন., `XSS`, `SQL-Injection`, `Remote Code Execution`, ইত্যাদি)।
+- [ ] সংবেদনশীল তথ্য (`credentials`, `Passwords`, `security tokens`, or `API keys`) URL এ ব্যবহার করবেন না, কিন্তু standard Authorization header ব্যবহার করবেন।
+- [ ] শুধুমাত্র সার্ভার এ গোপন(encryption) প্রক্রিয়া ব্যবহার করবেন।
+- [ ] একটি API প্রবেশপথ সেবা ব্যবহার করবেন caching সক্রিয় করতে, হার সীমা নীতি (যেমন, `Quota`, `Spike Arrest`, or `Concurrent Rate Limit`) এবং গতিশীলভাবে APIs সংস্থান স্থাপন করুন।
+
+## Processing
+
+- [ ] ভাঙ্গা authentication প্রক্রিয়া এড়াতে সবগুলো endpoints প্রমাণীকরণ(authentication) সহ কাজ করছে কিনা তা যাচাই করুন।
+- [ ] ব্যবহারকারীর নিজের ID ব্যবহার করা উচিত নয়। `/user/654321/orders` না ব্যবহার করে এটা `/me/orders` ব্যবহার করুন।
+- [ ] auto-increment ID ব্যবহার না করে, `UUID` ব্যবহার করুন।
+- [ ] যদি আপনি XML তথ্য parsing করছেন, তাহলে নিশ্চিত হয়ে নিন যেন entity parsing চালু না থাকে `XXE` (XML external entity attack) আক্রমণ এড়ানোর জন্য।
+- [ ] যদি আপনি XML, YAML অথবা অন্য কোন ভাষা anchors এবং refs দিয়ে parsing করছেন, তাহলে নিশ্চিত হয়ে নিন যেন entity expansion চালু না থাকে `Billion Laughs/XML bomb` via exponential entity expansion আক্রমণ এড়ানোর জন্য।
+- [ ] CDN ব্যাবহার করুন ফাইল আপলোড এর জন্য।
+- [ ] যদি আপনি অনেক গুলো তথ্য নিয়ে কাজ করেন তাহলে, Workers এবং Queues পটভূমিতে যত সম্ভব  ব্যবহার করুন এবং তাড়াতাড়ি প্রতিক্রিয়া জানান HTTP Blocking না করার জন্য।
+- [ ] DEBUG মোড বন্ধ করতে ভুলবেন না।
+- [ ] non-executable stacks ব্যবহার করবেন যখন সম্ভব।
+
+## Output
+
+- [ ] `X-Content-Type-Options: nosniff` header পাঠান।
+- [ ] `X-Frame-Options: deny` header পাঠান।
+- [ ] `Content-Security-Policy: default-src 'none'` পাঠান।
+- [ ] Fingerprinting headers গুলো সরিয়ে দিন  - `X-Powered-By`, `Server`, `X-AspNet-Version`, ইত্যাদি।
+- [ ] আপনার প্রতিক্রিয়ায় `content-type` থাকতে বাধ্য করুন. যদি আপনি `application/json` পাঠান, তাহলে আপনার `content-type` প্রতিক্রিয়া হবে `application/json`।
+- [ ] সংবেদনশীল তথ্য পাঠাবেন না যেমন `credentials`, `passwords`, or `security tokens`।
+- [ ] অপারেশন অনুযায়ী যথাযথ status code পাঠাবেন (যেমন, `200 OK`, `400 Bad Request`, `401 Unauthorized`, `405 Method Not Allowed`, ইত্যাদি)।
+
+## CI & CD
+
+- [ ] আপনার পরিকল্পনা এবং বাস্তবায়ন যাচাই করুন unit/integration tests coverage এর সাথে।
+- [ ] কোড পুনঃমূল্যায়ন প্রক্রিয়া ব্যবহার করুন এবং নিজের অনুমোদন উপেক্ষা করুন। 
+- [ ] নিশ্চিত করেন যেন আপনার সেবার সবগুলো উপাদান স্থিতিশীলভাবে AV সফটওয়্যার দ্বারা স্ক্যান করা থাকে production এ যাওয়ার আগেই, বিক্রেতা লাইব্রেরি এবং অন্যান্য নির্ভরতা সহ।
+- [ ] ক্রমাগত নিরাপত্তা পরীক্ষা চালান (স্থির/গতিশীল বিশ্লেষণ) আপনার কোডে।
+- [ ] আপনার নির্ভরতা চেক করুন (দুইটাই software এবং OS) পরিচিত দুর্বলতার জন্য।
+- [ ] স্থাপনার জন্য একটি রোলব্যাক সমাধান পরিকল্পনা করুন।
+
+## Monitoring
+
+- [ ] সমস্ত সেবা এবং উপাদানগুলির জন্য কেন্দ্রীভূত লগইনগুলো ব্যবহার করুন৷
+- [ ] ট্র্যাফিক, ত্রুটি, অনুরোধ এবং প্রতিক্রিয়াগুলো নিরীক্ষণ করতে এজেন্ট ব্যবহার করুন।
+- [ ] SMS, Slack, Email, Telegram, Kibana, Cloudwatch, ইত্যাদির জন্য সতর্কতা ব্যবহার করুন।
+- [ ] আপনি কোন সংবেদনশীল তথ্য লগ করছেন না তা নিশ্চিত করুন যেমন credit cards, passwords, PINs, ইত্যাদি।
+- [ ] IDS অথবা IPS পদ্ধতি ব্যবহার করুন  API requests এবং instances মূল্যায়ন করতে।
+
+---
+
+## আরও দেখুন:
+
+- [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) -  RESTful HTTP+JSON APIs নির্মাণ করার একটি দরকারী সংগ্রহ।
+
+---
+
+# Contribution
+
+নিঃসঙ্কোচে repository টি fork করে অবদান রাখুন, কিছু পরিবর্তন করে এবং পুল অনুরোধ জমা দিয়ে নির্দ্বিধায় অবদান রাখুন। কোন প্রশ্নের জন্য আমাদের একটি ইমেল পাঠান `team@shieldfy.io`.
\ No newline at end of file
diff --git a/README.md b/README.md
index 6c4cd39..1f80819 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,4 @@
-[繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [Ελληνικά](./README-el.md) | [فارسی](./README-fa.md) | [മലയാളം](./README-ml.md)
+[繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) |[Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [Ελληνικά](./README-el.md) | [فارسی](./README-fa.md) | [മലയാളം](./README-ml.md)
 
 # API Security Checklist
 Checklist of the most important security countermeasures when designing, testing, and releasing your API.

From c917891704c95c50ced749cb6706eeaffd06df3f Mon Sep 17 00:00:00 2001
From: Caleb Mazalevskis <maikuolan@gmail.com>
Date: Sun, 20 Nov 2022 13:28:00 +0800
Subject: [PATCH 113/149] Sync.

---
 README-ar.md    |  4 ++--
 README-bn.md    | 35 +++++++++++++----------------------
 README-de.md    | 16 ++++++++--------
 README-el.md    |  4 ++--
 README-es.md    | 16 ++++++++--------
 README-fa.md    |  4 ++--
 README-fr.md    | 16 ++++++++--------
 README-hi.md    |  4 ++--
 README-id.md    | 16 ++++++++--------
 README-it.md    | 16 ++++++++--------
 README-ja.md    |  4 ++--
 README-ko.md    |  4 ++--
 README-lo.md    |  4 ++--
 README-mk.md    |  4 ++--
 README-ml.md    |  4 ++--
 README-mn.md    |  4 ++--
 README-nl.md    |  4 ++--
 README-pl.md    |  4 ++--
 README-pt_BR.md | 16 ++++++++--------
 README-ru.md    |  4 ++--
 README-th.md    |  4 ++--
 README-tr.md    |  4 ++--
 README-tw.md    |  4 ++--
 README-uk.md    |  4 ++--
 README-vi.md    |  4 ++--
 README-zh.md    |  4 ++--
 README.md       |  4 ++--
 27 files changed, 101 insertions(+), 110 deletions(-)

diff --git a/README-ar.md b/README-ar.md
index 7fdcba0..426bfb5 100644
--- a/README-ar.md
+++ b/README-ar.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [فارسی](./README-fa.md) | [മലയാളം](./README-ml.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [বাংলা](./README-bn.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 <div dir="rtl">
 
@@ -78,7 +78,7 @@
 - [ ] Use agents to monitor all traffic, errors, requests, and responses.
 - [ ] Use alerts for SMS, Slack, Email, Telegram, Kibana, Cloudwatch, etc.
 - [ ] Ensure that you aren't logging any sensitive data like credit cards, passwords, PINs, etc.
-- [ ] Use an IDS or/and IPS system to monitor your API requests and instances.
+- [ ] Use an IDS and/or IPS system to monitor your API requests and instances.
 
 
 ---
diff --git a/README-bn.md b/README-bn.md
index 68c3d28..bc7c930 100644
--- a/README-bn.md
+++ b/README-bn.md
@@ -1,45 +1,40 @@
-[繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) |[Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [Ελληνικά](./README-el.md) | [فارسی](./README-fa.md) | [മലയാളം](./README-ml.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # API নিরাপত্তা তালিকা
-
 তালিকা করুন সবচেয়ে গুরুত্বপূর্ন নিরাপত্তা পাল্টা ব্যবস্থা যখন পরিকল্পনা, পরীক্ষামূলক, এবং নিষ্কৃতি করছেন আপনার API।
 
----
 
-## Authentication
+---
 
+## প্রমাণীকরণ
 - [ ] `Basic Auth` ব্যাবহার করবেন না । এর পরিবর্তে standard প্রমাণীকরণ ব্যবহার করুন (যেমন [JWT](https://jwt.io/)).
 - [ ] `Authentication`, `token generation`, `password storage` এ নতুন করে চাকা উদ্ভাবন করবেন না । standards গুলোই ব্যবহার করুন ।
 - [ ] `Max Retry` এবং জেলে দেওয়া(block) বৈশিষ্ট্য সম্পূর্ণ করুন
 - [ ] সংবেদনশীল তথ্য গোপন(encryption) করে ব্যবহার করন
 
 ### JWT (JSON Web Token)
-
 - [ ] একটি এলোমেলো জটিল পিন (`JWT Secret`) ব্যবহার করুন brute forcing প্রক্রিয়া কে অনেক কঠিন করতে।
 - [ ] header থেকে অ্যালগরিদম নির্যাস(extract) করবেন না।অ্যালগরিদম টি কে ব্যাকএন্ড(backend) এ পাঠিয়ে দিন (`HS256` অথবা `RS256`) ।
 - [ ] টোকেন (`TTL`, `RTTL`) মেয়াদকাল যত কম করা যায় তা করেন ।
 - [ ] সংবেদনশীল তথ্য JWT payload এ সংরক্ষণ করবেন না। এটি খুব সহজে ডিকোড করা যায় [easily](https://jwt.io/#debugger-io)।
 - [ ] অনেক বেশি তথ্য সংরক্ষণ করবেন না। JWT এটি সাধারণত হেডার এ ভাগ করে এবং এটার একটা আয়তন সীমা আছে।
 
-## Access
-
+## অ্যাক্সেস
 - [ ] Requests এ সীমা দিয়ে দিন (Throttling) DDoS / brute-force আক্রমণ এড়ানোর জন্য।
 - [ ] সার্ভার এ HTTPS এর সাথে TLS 1.2+ এবং নিরাপদ ciphers ব্যবহার করুন MITM (Man in the Middle Attack) এড়ানোর জন্য।
 - [ ] `HSTS` header ব্যবহার করুন SSL এর সাছে SSL Strip আক্রমণ এড়ানোর জন্য।
 - [ ] Directory তালিকা দেখানো বন্ধ করুন।
 - [ ] ব্যক্তিগত APIs এর জন্য, শুধুমাত্র সাদা তালিকাভুক্ত IPs/hosts থেকে access গ্রহণ করুন।
 
-## Authorization
+## অনুমোদন
 
 ### OAuth
-
 - [ ] `redirect_uri` সব সময় সার্ভার এ যাচাই করে শুধুমাত্র সাদা তালিকাভুক্ত URLs কে গ্রহণ করবেন।
 - [ ] সর্বদা কোড বিনিময় করার চেষ্টা করুন, টোকেন নয় (`response_type=token` গ্রহণ করবেন না)।
 - [ ] OAuth অনুমোদন প্রক্রিয়া কালে CSRF আক্রমণ থেকে বাচার জন্য `state` প্যারামিটারটি সবসময় এলোমেলো hash এর সাথে বেব্যহার করবেন।
 - [ ] ডিফল্ট scope সংজ্ঞায়িত করুন, এবং প্রতিটি আবেদনের জন্য প্যারামিটারটি যাচাই করুন.
 
-## Input
-
+## ইনপুট
 - [ ] যথাযথ HTTP পদ্ধতি ব্যবহার করুন কাজ অনুযায়ী: `GET (পড়া)`, `POST (সৃষ্টি করা)`, `PUT/PATCH (প্রতিস্থাপন/হালনাগাদ)`, and `DELETE (মুছে ফেলা)`, এবং `405 Method Not Allowed` জবাব দেওয়া যদি resource এর সাথে উপযুক্ত না হয়।
 - [ ] আলাপ - আলোচনা করার সময় `content-type` টি যাচাই করুন এবং আপনার সমর্থিত বিন্যাস (যেমন, `application/xml`, `application/json`, ইত্যাদি) না হলে `406 Not Acceptable` জবাব দেওয়া।
 - [ ] পাঠানো তথ্য `content-type` টি যাচাই করুন এবং আপনার সমর্থিত বিন্যাস এর সাথে (যেমন, `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json`, ইত্যাদি)।
@@ -48,8 +43,7 @@
 - [ ] শুধুমাত্র সার্ভার এ গোপন(encryption) প্রক্রিয়া ব্যবহার করবেন।
 - [ ] একটি API প্রবেশপথ সেবা ব্যবহার করবেন caching সক্রিয় করতে, হার সীমা নীতি (যেমন, `Quota`, `Spike Arrest`, or `Concurrent Rate Limit`) এবং গতিশীলভাবে APIs সংস্থান স্থাপন করুন।
 
-## Processing
-
+## প্রক্রিয়াকরণ
 - [ ] ভাঙ্গা authentication প্রক্রিয়া এড়াতে সবগুলো endpoints প্রমাণীকরণ(authentication) সহ কাজ করছে কিনা তা যাচাই করুন।
 - [ ] ব্যবহারকারীর নিজের ID ব্যবহার করা উচিত নয়। `/user/654321/orders` না ব্যবহার করে এটা `/me/orders` ব্যবহার করুন।
 - [ ] auto-increment ID ব্যবহার না করে, `UUID` ব্যবহার করুন।
@@ -60,8 +54,7 @@
 - [ ] DEBUG মোড বন্ধ করতে ভুলবেন না।
 - [ ] non-executable stacks ব্যবহার করবেন যখন সম্ভব।
 
-## Output
-
+## আউটপুট
 - [ ] `X-Content-Type-Options: nosniff` header পাঠান।
 - [ ] `X-Frame-Options: deny` header পাঠান।
 - [ ] `Content-Security-Policy: default-src 'none'` পাঠান।
@@ -71,7 +64,6 @@
 - [ ] অপারেশন অনুযায়ী যথাযথ status code পাঠাবেন (যেমন, `200 OK`, `400 Bad Request`, `401 Unauthorized`, `405 Method Not Allowed`, ইত্যাদি)।
 
 ## CI & CD
-
 - [ ] আপনার পরিকল্পনা এবং বাস্তবায়ন যাচাই করুন unit/integration tests coverage এর সাথে।
 - [ ] কোড পুনঃমূল্যায়ন প্রক্রিয়া ব্যবহার করুন এবং নিজের অনুমোদন উপেক্ষা করুন। 
 - [ ] নিশ্চিত করেন যেন আপনার সেবার সবগুলো উপাদান স্থিতিশীলভাবে AV সফটওয়্যার দ্বারা স্ক্যান করা থাকে production এ যাওয়ার আগেই, বিক্রেতা লাইব্রেরি এবং অন্যান্য নির্ভরতা সহ।
@@ -79,22 +71,21 @@
 - [ ] আপনার নির্ভরতা চেক করুন (দুইটাই software এবং OS) পরিচিত দুর্বলতার জন্য।
 - [ ] স্থাপনার জন্য একটি রোলব্যাক সমাধান পরিকল্পনা করুন।
 
-## Monitoring
-
+## মনিটরিং
 - [ ] সমস্ত সেবা এবং উপাদানগুলির জন্য কেন্দ্রীভূত লগইনগুলো ব্যবহার করুন৷
 - [ ] ট্র্যাফিক, ত্রুটি, অনুরোধ এবং প্রতিক্রিয়াগুলো নিরীক্ষণ করতে এজেন্ট ব্যবহার করুন।
 - [ ] SMS, Slack, Email, Telegram, Kibana, Cloudwatch, ইত্যাদির জন্য সতর্কতা ব্যবহার করুন।
 - [ ] আপনি কোন সংবেদনশীল তথ্য লগ করছেন না তা নিশ্চিত করুন যেমন credit cards, passwords, PINs, ইত্যাদি।
 - [ ] IDS অথবা IPS পদ্ধতি ব্যবহার করুন  API requests এবং instances মূল্যায়ন করতে।
 
+
 ---
 
 ## আরও দেখুন:
-
 - [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) -  RESTful HTTP+JSON APIs নির্মাণ করার একটি দরকারী সংগ্রহ।
 
----
 
-# Contribution
+---
 
-নিঃসঙ্কোচে repository টি fork করে অবদান রাখুন, কিছু পরিবর্তন করে এবং পুল অনুরোধ জমা দিয়ে নির্দ্বিধায় অবদান রাখুন। কোন প্রশ্নের জন্য আমাদের একটি ইমেল পাঠান `team@shieldfy.io`.
\ No newline at end of file
+# অবদান
+নিঃসঙ্কোচে repository টি fork করে অবদান রাখুন, কিছু পরিবর্তন করে এবং পুল অনুরোধ জমা দিয়ে নির্দ্বিধায় অবদান রাখুন। কোন প্রশ্নের জন্য আমাদের একটি ইমেল পাঠান `team@shieldfy.io`.
diff --git a/README-de.md b/README-de.md
index 653916c..e426efc 100644
--- a/README-de.md
+++ b/README-de.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [فارسی](./README-fa.md) | [മലയാളം](./README-ml.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # API Security Checkliste
 Checkliste für die wichtigsten Sicherheitsmaßnahmen beim Designen, Testen und Veröffentlichen deiner API.
@@ -26,7 +26,7 @@ Checkliste für die wichtigsten Sicherheitsmaßnahmen beim Designen, Testen und
 - [ ] Deaktivieren Verzeichniseinträge.
 - [ ] Erlauben für private APIs den Zugriff nur von IPs/Hosts auf der Whitelist.
 
-## Authorization
+## Autorisierung
 
 ### OAuth
 - [ ] Überprüfe stets die `redirect_uri` serverseitig und erlaube nur URLs aus einer Whitelist.
@@ -71,12 +71,12 @@ Checkliste für die wichtigsten Sicherheitsmaßnahmen beim Designen, Testen und
 - [ ] Überprüfen Ihre Abhängigkeiten (Software und Betriebssystem) auf bekannte Schwachstellen.
 - [ ] Stelle sicher, dass du im Fehlerfall auch schnell wieder den vorherigen Stand einspielen kannst (Rollback).
 
-## Monitoring
-- [ ] Use centralized logins for all services and components.
-- [ ] Use agents to monitor all traffic, errors, requests, and responses.
-- [ ] Use alerts for SMS, Slack, Email, Telegram, Kibana, Cloudwatch, etc.
-- [ ] Ensure that you aren't logging any sensitive data like credit cards, passwords, PINs, etc.
-- [ ] Use an IDS or/and IPS system to monitor your API requests and instances.
+## Überwachung
+- [ ] Verwenden Sie zentralisierte Logins für alle Dienste und Komponenten.
+- [ ] Verwenden Sie Agenten, um den gesamten Datenverkehr, Fehler, Anfragen und Antworten zu überwachen.
+- [ ] Verwenden Sie Benachrichtigungen für SMS, Slack, E-Mail, Telegramm, Kibana, Cloudwatch, usw.
+- [ ] Stellen Sie sicher, dass Sie keine sensiblen Daten wie Kreditkarten, Passwörter, PINs, usw protokollierst.
+- [ ] Verwenden Sie ein IDS-System und/oder ein IPS-System um die Anforderungen und Instanzen Ihrer API zu überwachen.
 
 
 ---
diff --git a/README-el.md b/README-el.md
index fb0be32..7839bbe 100644
--- a/README-el.md
+++ b/README-el.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [فارسی](./README-fa.md) | [മലയാളം](./README-ml.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Deutsch](./README-de.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # API λίστα ελέγχου ασφαλείας
 Λίστα με τα πιο σημαντικά μέτρα ασφαλείας στον σχεδιασμό, έλεγχο, και την έκδοση του API σας.
@@ -76,7 +76,7 @@
 - [ ] Use agents to monitor all traffic, errors, requests, and responses.
 - [ ] Use alerts for SMS, Slack, Email, Telegram, Kibana, Cloudwatch, etc.
 - [ ] Ensure that you aren't logging any sensitive data like credit cards, passwords, PINs, etc.
-- [ ] Use an IDS or/and IPS system to monitor your API requests and instances.
+- [ ] Use an IDS and/or IPS system to monitor your API requests and instances.
 
 
 ---
diff --git a/README-es.md b/README-es.md
index 01fb1a8..7b43dcd 100644
--- a/README-es.md
+++ b/README-es.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [فارسی](./README-fa.md) | [മലയാളം](./README-ml.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # Lista de seguridad en APIs
 Lista de las contramedidas de seguridad más importantes en cuanto al diseño, testing y publicación de tu API.
@@ -26,7 +26,7 @@ Lista de las contramedidas de seguridad más importantes en cuanto al diseño, t
 - [ ] Desactive las listados de directorios.
 - [ ] Para las API privadas, permita el acceso solo desde hosts/IP incluidos en la lista blanca.
 
-## Authorization
+## Autorización
 
 ### OAuth
 - [ ] Siempre valida `redirect_uri` en el lado del servidor para permitir sólo ciertas URLs.
@@ -71,12 +71,12 @@ Lista de las contramedidas de seguridad más importantes en cuanto al diseño, t
 - [ ] Verifique sus dependencias (tanto software como sistema operativo) en busca de vulnerabilidades conocidas.
 - [ ] Diseña un proceso de `rollback` para tus `deploys`.
 
-## Monitoring
-- [ ] Use centralized logins for all services and components.
-- [ ] Use agents to monitor all traffic, errors, requests, and responses.
-- [ ] Use alerts for SMS, Slack, Email, Telegram, Kibana, Cloudwatch, etc.
-- [ ] Ensure that you aren't logging any sensitive data like credit cards, passwords, PINs, etc.
-- [ ] Use an IDS or/and IPS system to monitor your API requests and instances.
+## Monitorear
+- [ ] Usa logins centralizados para todos los servicios y componentes.
+- [ ] Usa agentes para monitorear todo el tráfico, errores, solicitudes, y respuestas.
+- [ ] Usa alertas para SMS, Slack, Email, Telegram, Kibana, Cloudwatch, etc.
+- [ ] Asegúrese de no registrar datos confidenciales, como tarjetas de crédito, contraseñas, PIN, etc.
+- [ ] Use un sistema IDS y/o IPS para monitorear las solicitudes e instancias de su API.
 
 
 ---
diff --git a/README-fa.md b/README-fa.md
index 911b6dd..410df2c 100644
--- a/README-fa.md
+++ b/README-fa.md
@@ -1,4 +1,4 @@
-[繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [Ελληνικά](./README-el.md) | [മലയാളം](./README-ml.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 <div dir="rtl">
 
@@ -77,7 +77,7 @@
 - [ ] Use agents to monitor all traffic, errors, requests, and responses.
 - [ ] Use alerts for SMS, Slack, Email, Telegram, Kibana, Cloudwatch, etc.
 - [ ] Ensure that you aren't logging any sensitive data like credit cards, passwords, PINs, etc.
-- [ ] Use an IDS or/and IPS system to monitor your API requests and instances.
+- [ ] Use an IDS and/or IPS system to monitor your API requests and instances.
 
 
 ---
diff --git a/README-fr.md b/README-fr.md
index a44c75f..b4686ad 100644
--- a/README-fr.md
+++ b/README-fr.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [فارسی](./README-fa.md) | [മലയാളം](./README-ml.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # API Security Checklist
 Checklist des points de sécurité les plus importants lors de la conception, du test et de la mise en production de votre API.
@@ -26,7 +26,7 @@ Checklist des points de sécurité les plus importants lors de la conception, du
 - [ ] Désactiver les listes du répertoires.
 - [ ] Pour les API privées, n'autorisez l'accès qu'à partir d'adresses IP/hôtes sur liste blanche.
 
-## Authorization
+## Autorisation
 
 ### OAuth
 - [ ] Toujours valider la redirection d'uri (`redirect_uri`) côté serveur afin d'accéder uniquement aux URLs autorisées.
@@ -71,12 +71,12 @@ Checklist des points de sécurité les plus importants lors de la conception, du
 - [ ] Vérifiez vos dépendances (logiciel et système d'exploitation) pour les vulnérabilités connues.
 - [ ] Concevez une solution de rollback pour les déploiements.
 
-## Monitoring
-- [ ] Use centralized logins for all services and components.
-- [ ] Use agents to monitor all traffic, errors, requests, and responses.
-- [ ] Use alerts for SMS, Slack, Email, Telegram, Kibana, Cloudwatch, etc.
-- [ ] Ensure that you aren't logging any sensitive data like credit cards, passwords, PINs, etc.
-- [ ] Use an IDS or/and IPS system to monitor your API requests and instances.
+## Surveillance
+- [ ] Utilisez des connexions centralisées pour tous les services et composants.
+- [ ] Utilisez des agents pour surveiller tout le trafic, les erreurs, les requêtes, et les réponses.
+- [ ] Utilisez des alertes pour SMS, Slack, Email, Telegram, Kibana, Cloudwatch, etc.
+- [ ] Assurez-vous que vous n'enregistrez aucune donnée sensible comme les cartes de crédit, les mots de passe, les codes PIN, etc.
+- [ ] Utilisez un système IDS et/ou IPS pour surveiller vos requêtes et instances d'API.
 
 
 ---
diff --git a/README-hi.md b/README-hi.md
index ec953b3..61f8f2b 100644
--- a/README-hi.md
+++ b/README-hi.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [فارسی](./README-fa.md) | [മലയാളം](./README-ml.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # API सुरक्षा जांच-सूची
 अपने API को डिजाइन करने, परीक्षण करने और जारी करने के दौरान सबसे महत्वपूर्ण सुरक्षा प्रतिवाद की जांच सूची|
@@ -76,7 +76,7 @@
 - [ ] Use agents to monitor all traffic, errors, requests, and responses.
 - [ ] Use alerts for SMS, Slack, Email, Telegram, Kibana, Cloudwatch, etc.
 - [ ] Ensure that you aren't logging any sensitive data like credit cards, passwords, PINs, etc.
-- [ ] Use an IDS or/and IPS system to monitor your API requests and instances.
+- [ ] Use an IDS and/or IPS system to monitor your API requests and instances.
 
 
 ---
diff --git a/README-id.md b/README-id.md
index 8c51130..ac46d94 100644
--- a/README-id.md
+++ b/README-id.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [فارسی](./README-fa.md) | [മലയാളം](./README-ml.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # Checklist Keamanan API
 Checklist penanggulangan keamanan yang paling penting ketika merancang, menguji, dan melepaskan API ke khalayak
@@ -26,7 +26,7 @@ Checklist penanggulangan keamanan yang paling penting ketika merancang, menguji,
 - [ ] Matikan daftar direktori.
 - [ ] Untuk API pribadi, izinkan akses hanya dari IP/host yang masuk daftar putih.
 
-## Authorization
+## Otorisasi
 
 ### OAuth
 - [ ] Selalu validasi `redirect_uri` di sisi peladen sehingga hanya URL-URL yang ada di dalam daftar putih yang boleh digunakan.
@@ -71,12 +71,12 @@ Checklist penanggulangan keamanan yang paling penting ketika merancang, menguji,
 - [ ] Memeriksa dependensi Anda (perangkat lunak dan OS) untuk mengetahui kerentanannya.
 - [ ] Rancang solusi kembali ke versi sebelumnya pada proses penyebaran.
 
-## Monitoring
-- [ ] Use centralized logins for all services and components.
-- [ ] Use agents to monitor all traffic, errors, requests, and responses.
-- [ ] Use alerts for SMS, Slack, Email, Telegram, Kibana, Cloudwatch, etc.
-- [ ] Ensure that you aren't logging any sensitive data like credit cards, passwords, PINs, etc.
-- [ ] Use an IDS or/and IPS system to monitor your API requests and instances.
+## Pemantauan
+- [ ] Gunakan login terpusat untuk semua layanan dan komponen.
+- [ ] Gunakan agen untuk memantau semua lalu lintas, kesalahan, permintaan, dan respons.
+- [ ] Gunakan peringatan untuk SMS, Slack, Email, Telegram, Kibana, Cloudwatch, dll.
+- [ ] Pastikan Anda tidak mencatat data apapun yang sensitif, seperti kartu kredit, kata sandi, PIN, dll.
+- [ ] Gunakan sistem IDS dan/atau IPS untuk memantau permintaan dan instans API Anda.
 
 
 ---
diff --git a/README-it.md b/README-it.md
index 738af65..bed2d8b 100644
--- a/README-it.md
+++ b/README-it.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [فارسی](./README-fa.md) | [മലയാളം](./README-ml.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # Checklist per la sicurezza delle API
 Una checklist per le più importanti contromisure da mettere in pratica quando strutturiamo, testiamo e rilasciamo le nostre API.
@@ -26,7 +26,7 @@ Una checklist per le più importanti contromisure da mettere in pratica quando s
 - [ ] Disattiva gli elenchi di directory.
 - [ ] Per le API private, consenti l'accesso solo da IP/host nella whitelist (lista bianca).
 
-## Authorization
+## Autorizzazione
 
 ### OAuth
 - [ ] Validare sempre il valore di `redirect_uri` lato server permettendo solo url verificati nella whitelist.
@@ -71,12 +71,12 @@ Una checklist per le più importanti contromisure da mettere in pratica quando s
 - [ ] Controlla le tue dipendenze (sia software che sistema operativo) per le vulnerabilità note.
 - [ ] Definire una strategia di rollback per il deploy.
 
-## Monitoring
-- [ ] Use centralized logins for all services and components.
-- [ ] Use agents to monitor all traffic, errors, requests, and responses.
-- [ ] Use alerts for SMS, Slack, Email, Telegram, Kibana, Cloudwatch, etc.
-- [ ] Ensure that you aren't logging any sensitive data like credit cards, passwords, PINs, etc.
-- [ ] Use an IDS or/and IPS system to monitor your API requests and instances.
+## Monitoraggio
+- [ ] Utilizza accessi centralizzati per tutti i servizi e i componenti.
+- [ ] Utilizza gli agenti per monitorare tutto il traffico, gli errori, le richieste, e le risposte.
+- [ ] Utilizza gli avvisi per SMS, Slack, Email, Telegram, Kibana, Cloudwatch, ecc.
+- [ ] Assicurati di non registrare dati sensibili come carte di credito, password, PIN, ecc.
+- [ ] Utilizza un sistema IDS e/o IPS per monitorare le richieste e le istanze della tua API.
 
 
 ---
diff --git a/README-ja.md b/README-ja.md
index 79304a4..80e69cd 100644
--- a/README-ja.md
+++ b/README-ja.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [فارسی](./README-fa.md) | [മലയാളം](./README-ml.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [한국어](./README-ko.md) | [ລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # APIセキュリティチェックリスト
 APIを設計、テスト、リリースするときの最も重要なセキュリティ対策のチェックリスト
@@ -76,7 +76,7 @@ APIを設計、テスト、リリースするときの最も重要なセキュ
 - [ ] Use agents to monitor all traffic, errors, requests, and responses.
 - [ ] Use alerts for SMS, Slack, Email, Telegram, Kibana, Cloudwatch, etc.
 - [ ] Ensure that you aren't logging any sensitive data like credit cards, passwords, PINs, etc.
-- [ ] Use an IDS or/and IPS system to monitor your API requests and instances.
+- [ ] Use an IDS and/or IPS system to monitor your API requests and instances.
 
 
 ---
diff --git a/README-ko.md b/README-ko.md
index f33c748..0309ece 100644
--- a/README-ko.md
+++ b/README-ko.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [فارسی](./README-fa.md) | [മലയാളം](./README-ml.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [ລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # API 보안 점검표
 API를 설계하고, 테스트하고, 배포할 때 고려해야 할 중요한 보안 대책에 대한 점검 목록입니다.
@@ -76,7 +76,7 @@ API를 설계하고, 테스트하고, 배포할 때 고려해야 할 중요한 
 - [ ] Use agents to monitor all traffic, errors, requests, and responses.
 - [ ] Use alerts for SMS, Slack, Email, Telegram, Kibana, Cloudwatch, etc.
 - [ ] Ensure that you aren't logging any sensitive data like credit cards, passwords, PINs, etc.
-- [ ] Use an IDS or/and IPS system to monitor your API requests and instances.
+- [ ] Use an IDS and/or IPS system to monitor your API requests and instances.
 
 
 ---
diff --git a/README-lo.md b/README-lo.md
index e4704b7..9e175ea 100644
--- a/README-lo.md
+++ b/README-lo.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [فارسی](./README-fa.md) | [മലയാളം](./README-ml.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # API Security Checklist
 Checklist ທີ່ຕ້ອງໃຫ້ຄວາມສຳຄັນເມື່ອມີການສ້າງ API ໃນຊ່ວງການອອກແບບ ທົດສອບລະບົບ ແລະ ການປ່ອຍໃຫ້ຄົນນອກໃຊ້
@@ -76,7 +76,7 @@ Checklist ທີ່ຕ້ອງໃຫ້ຄວາມສຳຄັນເມື່
 - [ ] Use agents to monitor all traffic, errors, requests, and responses.
 - [ ] Use alerts for SMS, Slack, Email, Telegram, Kibana, Cloudwatch, etc.
 - [ ] Ensure that you aren't logging any sensitive data like credit cards, passwords, PINs, etc.
-- [ ] Use an IDS or/and IPS system to monitor your API requests and instances.
+- [ ] Use an IDS and/or IPS system to monitor your API requests and instances.
 
 
 ---
diff --git a/README-mk.md b/README-mk.md
index 11c55e5..21424cf 100644
--- a/README-mk.md
+++ b/README-mk.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [ລາວ](./README-lo.md) | [فارسی](./README-fa.md) | [മലയാളം](./README-ml.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ລາວ](./README-lo.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # API Безбедносна контролна листа
 Безбедносна контролна листа од најважните безбедносни контрамерки при дизајнирање, тестирање и пуштање во употреба на вашето API.
@@ -76,7 +76,7 @@
 - [ ] Use agents to monitor all traffic, errors, requests, and responses.
 - [ ] Use alerts for SMS, Slack, Email, Telegram, Kibana, Cloudwatch, etc.
 - [ ] Ensure that you aren't logging any sensitive data like credit cards, passwords, PINs, etc.
-- [ ] Use an IDS or/and IPS system to monitor your API requests and instances.
+- [ ] Use an IDS and/or IPS system to monitor your API requests and instances.
 
 
 ---
diff --git a/README-ml.md b/README-ml.md
index 24c9f79..198eeba 100644
--- a/README-ml.md
+++ b/README-ml.md
@@ -1,4 +1,4 @@
-[繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [Ελληνικά](./README-el.md) | [فارسی](./README-fa.md) | [മലയാളം](./README-ml.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # API സുരക്ഷാ ചെക്ക്‌ലിസ്റ്റ്
 നിങ്ങളുടെ API ഡിസൈൻ ചെയ്യുമ്പോഴും ടെസ്റ്റ് ചെയ്യുമ്പോഴും റിലീസ് ചെയ്യുമ്പോഴും പാലിക്കേണ്ട ഏറ്റവും പ്രധാനപ്പെട്ട സുരക്ഷാ പ്രതിരോധ നടപടികളുടെ ചെക്ക്‌ലിസ്റ്റ്.
@@ -76,7 +76,7 @@
 - [ ] Use agents to monitor all traffic, errors, requests, and responses.
 - [ ] Use alerts for SMS, Slack, Email, Telegram, Kibana, Cloudwatch, etc.
 - [ ] Ensure that you aren't logging any sensitive data like credit cards, passwords, PINs, etc.
-- [ ] Use an IDS or/and IPS system to monitor your API requests and instances.
+- [ ] Use an IDS and/or IPS system to monitor your API requests and instances.
 
 
 ---
diff --git a/README-mn.md b/README-mn.md
index ef173a5..8961edd 100644
--- a/README-mn.md
+++ b/README-mn.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [فارسی](./README-fa.md) | [മലയാളം](./README-ml.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # API Аюулгүйн жагсаалт
 API гаргах, загварчлах, тестлэхэд аюулгүйн талаас авах сөрөг арга хэмжээний жагсаалт.
@@ -76,7 +76,7 @@ API гаргах, загварчлах, тестлэхэд аюулгүйн та
 - [ ] Use agents to monitor all traffic, errors, requests, and responses.
 - [ ] Use alerts for SMS, Slack, Email, Telegram, Kibana, Cloudwatch, etc.
 - [ ] Ensure that you aren't logging any sensitive data like credit cards, passwords, PINs, etc.
-- [ ] Use an IDS or/and IPS system to monitor your API requests and instances.
+- [ ] Use an IDS and/or IPS system to monitor your API requests and instances.
 
 
 ---
diff --git a/README-nl.md b/README-nl.md
index 6c50198..819e2b3 100644
--- a/README-nl.md
+++ b/README-nl.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [فارسی](./README-fa.md) | [മലയാളം](./README-ml.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # API Security Checklist
 Checklist met de belangrijkste tegenmaatregelen bij het ontwerpen, testen en uitbrengen van een API.
@@ -76,7 +76,7 @@ Checklist met de belangrijkste tegenmaatregelen bij het ontwerpen, testen en uit
 - [ ] Use agents to monitor all traffic, errors, requests, and responses.
 - [ ] Use alerts for SMS, Slack, Email, Telegram, Kibana, Cloudwatch, etc.
 - [ ] Ensure that you aren't logging any sensitive data like credit cards, passwords, PINs, etc.
-- [ ] Use an IDS or/and IPS system to monitor your API requests and instances.
+- [ ] Use an IDS and/or IPS system to monitor your API requests and instances.
 
 
 ---
diff --git a/README-pl.md b/README-pl.md
index 3667abd..9a0d6d7 100644
--- a/README-pl.md
+++ b/README-pl.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [فارسی](./README-fa.md) | [മലയാളം](./README-ml.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # Lista kontrolna bezpieczeństwa API
 Lista kontrolna najważniejszych metod zabezpieczenia podczas projektowania, testowania oraz wypuszczania własnego API.
@@ -75,7 +75,7 @@ Lista kontrolna najważniejszych metod zabezpieczenia podczas projektowania, tes
 - [ ] Use agents to monitor all traffic, errors, requests, and responses.
 - [ ] Use alerts for SMS, Slack, Email, Telegram, Kibana, Cloudwatch, etc.
 - [ ] Ensure that you aren't logging any sensitive data like credit cards, passwords, PINs, etc.
-- [ ] Use an IDS or/and IPS system to monitor your API requests and instances.
+- [ ] Use an IDS and/or IPS system to monitor your API requests and instances.
 
 
 ---
diff --git a/README-pt_BR.md b/README-pt_BR.md
index 087f06a..ae30d17 100644
--- a/README-pt_BR.md
+++ b/README-pt_BR.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [فارسی](./README-fa.md) | [മലയാളം](./README-ml.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # API Security Checklist
 Lista das mais importantes medidas de segurança para o desenvolvimento, teste e publicação da sua API.
@@ -26,7 +26,7 @@ Lista das mais importantes medidas de segurança para o desenvolvimento, teste e
 - [ ] Desative as listagens de diretórios.
 - [ ] Para APIs privadas, permita o acesso apenas de IPs/hosts da lista branca (whitelist).
 
-## Authorization
+## Autorização (_Authorization_)
 
 ### OAuth
 - [ ] Sempre valide o `redirect_uri` no seu servidor através de uma lista de URLs conhecidas (previamente cadastradas).
@@ -71,12 +71,12 @@ Lista das mais importantes medidas de segurança para o desenvolvimento, teste e
 - [ ] Verifique suas dependências (software e sistema operacional) para vulnerabilidades conhecidas.
 - [ ] Implemente funcionalidade de reversão de _deploy_ (_rollback_).
 
-## Monitoring
-- [ ] Use centralized logins for all services and components.
-- [ ] Use agents to monitor all traffic, errors, requests, and responses.
-- [ ] Use alerts for SMS, Slack, Email, Telegram, Kibana, Cloudwatch, etc.
-- [ ] Ensure that you aren't logging any sensitive data like credit cards, passwords, PINs, etc.
-- [ ] Use an IDS or/and IPS system to monitor your API requests and instances.
+## Monitoramento (_Monitoring_)
+- [ ] Use logins centralizados para todos os serviços e componentes.
+- [ ] Use agentes para monitorar todo o tráfego, erros, solicitações, e respostas.
+- [ ] Use alertas para SMS, Slack, Email, Telegram, Kibana, Cloudwatch, etc.
+- [ ] Verifique se você não está registrando dados confidenciais, como cartões de crédito, senhas, PINs, etc.
+- [ ] Use um sistema IDS e/ou IPS para monitorar as solicitações e instâncias de sua API.
 
 
 ---
diff --git a/README-ru.md b/README-ru.md
index dc47e7e..e5e6c97 100644
--- a/README-ru.md
+++ b/README-ru.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [فارسی](./README-fa.md) | [മലയാളം](./README-ml.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # Контрольный список безопасности API
 Чеклист наиболее важных контрмер по безопасности при разработке, тестировании и выпуске вашего API.
@@ -76,7 +76,7 @@
 - [ ] Use agents to monitor all traffic, errors, requests, and responses.
 - [ ] Use alerts for SMS, Slack, Email, Telegram, Kibana, Cloudwatch, etc.
 - [ ] Ensure that you aren't logging any sensitive data like credit cards, passwords, PINs, etc.
-- [ ] Use an IDS or/and IPS system to monitor your API requests and instances.
+- [ ] Use an IDS and/or IPS system to monitor your API requests and instances.
 
 
 ---
diff --git a/README-th.md b/README-th.md
index 78c8819..e163ab3 100644
--- a/README-th.md
+++ b/README-th.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [فارسی](./README-fa.md) | [മലയാളം](./README-ml.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # API Security Checklist
 Checklist ที่ต้องให้ความสำคัญเมื่อมีการสร้าง API ในช่วงการออกแบบ ทดสอบระบบ และการปล่อยให้คนนอกใช้
@@ -75,7 +75,7 @@ Checklist ที่ต้องให้ความสำคัญเมื่
 - [ ] Use agents to monitor all traffic, errors, requests, and responses.
 - [ ] Use alerts for SMS, Slack, Email, Telegram, Kibana, Cloudwatch, etc.
 - [ ] Ensure that you aren't logging any sensitive data like credit cards, passwords, PINs, etc.
-- [ ] Use an IDS or/and IPS system to monitor your API requests and instances.
+- [ ] Use an IDS and/or IPS system to monitor your API requests and instances.
 
 
 ---
diff --git a/README-tr.md b/README-tr.md
index 658fd2d..4010d22 100644
--- a/README-tr.md
+++ b/README-tr.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [فارسی](./README-fa.md) | [മലയാളം](./README-ml.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # API Güvenlik Kontrol Listesi
 
@@ -76,7 +76,7 @@ API'nizi tasarlarken, test ederken ve yayınlarken en önemli güvenlik önlemle
 - [ ] Use agents to monitor all traffic, errors, requests, and responses.
 - [ ] Use alerts for SMS, Slack, Email, Telegram, Kibana, Cloudwatch, etc.
 - [ ] Ensure that you aren't logging any sensitive data like credit cards, passwords, PINs, etc.
-- [ ] Use an IDS or/and IPS system to monitor your API requests and instances.
+- [ ] Use an IDS and/or IPS system to monitor your API requests and instances.
 
 
 ---
diff --git a/README-tw.md b/README-tw.md
index 0cc7524..495ab92 100644
--- a/README-tw.md
+++ b/README-tw.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [فارسی](./README-fa.md) | [മലയാളം](./README-ml.md)
+[English](./README.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # 開發安全的 API 所需要核對的清單
 以下是當你在設計, 測試以及發佈你的 API 的時候所需要核對的重要安全措施.
@@ -76,7 +76,7 @@
 - [ ] Use agents to monitor all traffic, errors, requests, and responses.
 - [ ] Use alerts for SMS, Slack, Email, Telegram, Kibana, Cloudwatch, etc.
 - [ ] Ensure that you aren't logging any sensitive data like credit cards, passwords, PINs, etc.
-- [ ] Use an IDS or/and IPS system to monitor your API requests and instances.
+- [ ] Use an IDS and/or IPS system to monitor your API requests and instances.
 
 
 ---
diff --git a/README-uk.md b/README-uk.md
index e38d27c..c3f61a3 100644
--- a/README-uk.md
+++ b/README-uk.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [فارسی](./README-fa.md) | [മലയാളം](./README-ml.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md)
 
 # Контрольний список безпеки API
 Контрольний список найбільш важливих контрзаходів безпеки при розробці, тестуванні та випуску вашого API.
@@ -76,7 +76,7 @@
 - [ ] Use agents to monitor all traffic, errors, requests, and responses.
 - [ ] Use alerts for SMS, Slack, Email, Telegram, Kibana, Cloudwatch, etc.
 - [ ] Ensure that you aren't logging any sensitive data like credit cards, passwords, PINs, etc.
-- [ ] Use an IDS or/and IPS system to monitor your API requests and instances.
+- [ ] Use an IDS and/or IPS system to monitor your API requests and instances.
 
 
 ---
diff --git a/README-vi.md b/README-vi.md
index c0d2cef..e0d3b1c 100644
--- a/README-vi.md
+++ b/README-vi.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [فارسی](./README-fa.md) | [മലയാളം](./README-ml.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md)
 
 # Danh sách các giải pháp an toàn cho API
 Những giải pháp an toàn và cách khắc phục khi thiết kế, kiểm tra và phát hành API cho ứng dụng của bạn.
@@ -76,7 +76,7 @@ Những giải pháp an toàn và cách khắc phục khi thiết kế, kiểm t
 - [ ] Use agents to monitor all traffic, errors, requests, and responses.
 - [ ] Use alerts for SMS, Slack, Email, Telegram, Kibana, Cloudwatch, etc.
 - [ ] Ensure that you aren't logging any sensitive data like credit cards, passwords, PINs, etc.
-- [ ] Use an IDS or/and IPS system to monitor your API requests and instances.
+- [ ] Use an IDS and/or IPS system to monitor your API requests and instances.
 
 
 ---
diff --git a/README-zh.md b/README-zh.md
index 661f895..3b07e18 100644
--- a/README-zh.md
+++ b/README-zh.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [Português（Brasil）](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [فارسی](./README-fa.md) | [മലയാളം](./README-ml.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # 开发安全的 API 所需要核对的清单
 以下是当你在设计，测试以及发布你的 API 的时候所需要核对的重要安全措施。
@@ -76,7 +76,7 @@
 - [ ] Use agents to monitor all traffic, errors, requests, and responses.
 - [ ] Use alerts for SMS, Slack, Email, Telegram, Kibana, Cloudwatch, etc.
 - [ ] Ensure that you aren't logging any sensitive data like credit cards, passwords, PINs, etc.
-- [ ] Use an IDS or/and IPS system to monitor your API requests and instances.
+- [ ] Use an IDS and/or IPS system to monitor your API requests and instances.
 
 
 ---
diff --git a/README.md b/README.md
index 1f80819..37eefdc 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,4 @@
-[繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Português (Brasil)](./README-pt_BR.md) | [Français](./README-fr.md) | [한국어](./README-ko.md) | [Nederlands](./README-nl.md) | [Indonesia](./README-id.md) | [ไทย](./README-th.md) | [Русский](./README-ru.md) | [Українська](./README-uk.md) | [Español](./README-es.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [Deutsch](./README-de.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md) | [Монгол](./README-mn.md) | [हिंदी](./README-hi.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) |[Polski](./README-pl.md) | [Македонски](./README-mk.md) | [ລາວ](./README-lo.md) | [Ελληνικά](./README-el.md) | [فارسی](./README-fa.md) | [മലയാളം](./README-ml.md)
+[繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # API Security Checklist
 Checklist of the most important security countermeasures when designing, testing, and releasing your API.
@@ -76,7 +76,7 @@ Checklist of the most important security countermeasures when designing, testing
 - [ ] Use agents to monitor all traffic, errors, requests, and responses.
 - [ ] Use alerts for SMS, Slack, Email, Telegram, Kibana, Cloudwatch, etc.
 - [ ] Ensure that you aren't logging any sensitive data like credit cards, passwords, PINs, etc.
-- [ ] Use an IDS or/and IPS system to monitor your API requests and instances.
+- [ ] Use an IDS and/or IPS system to monitor your API requests and instances.
 
 
 ---

From 3afd4fce37048cfc2b4747788f8d2d9d2f6d6fab Mon Sep 17 00:00:00 2001
From: Caleb Mazalevskis <maikuolan@gmail.com>
Date: Sun, 20 Nov 2022 17:41:12 +0800
Subject: [PATCH 114/149] Sync.

---
 README-ja.md | 14 +++++++-------
 README-ko.md |  4 ++--
 README-ru.md | 14 +++++++-------
 README-tr.md | 14 +++++++-------
 README-uk.md | 14 +++++++-------
 README-vi.md | 16 ++++++++--------
 6 files changed, 38 insertions(+), 38 deletions(-)

diff --git a/README-ja.md b/README-ja.md
index 80e69cd..ad17bd6 100644
--- a/README-ja.md
+++ b/README-ja.md
@@ -26,7 +26,7 @@ APIを設計、テスト、リリースするときの最も重要なセキュ
 - [ ] ディレクトリ・リストをオフにしてください。
 - [ ] プライベートAPIの場合、ホワイト・リストに登録されたIP/ホストからのアクセスのみを許可します。
 
-## Authorization
+## 認可
 
 ### OAuth
 - [ ] サーバサイドで常に`redirect_uri`を検証し、ホワイトリストに含まれるURLのみを許可する。
@@ -71,12 +71,12 @@ APIを設計、テスト、リリースするときの最も重要なセキュ
 - [ ] 既知の脆弱性について、依存関係（ソフトウェアとOSの両方）を確認して。
 - [ ] デプロイのロールバックを用意する。
 
-## Monitoring
-- [ ] Use centralized logins for all services and components.
-- [ ] Use agents to monitor all traffic, errors, requests, and responses.
-- [ ] Use alerts for SMS, Slack, Email, Telegram, Kibana, Cloudwatch, etc.
-- [ ] Ensure that you aren't logging any sensitive data like credit cards, passwords, PINs, etc.
-- [ ] Use an IDS and/or IPS system to monitor your API requests and instances.
+## モニタリング
+- [ ] すべてのサービスとコンポーネントに集中ログインを使用します。
+- [ ] すべてのトラフィック、エラー、リクエスト、およびレスポンスを監視ために、エージェントを使用します。
+- [ ] SMS、Slack、Email、Telegram、Kibana、Cloudwatch、などのアラートを使用します。
+- [ ] クレジット・カード、パスワード、ＰＩＮ、などの機密データをログに記録していないことを確認します。
+- [ ] ＡＰＩリクエストとインスタンスを監視ためにＩＤＳやＩＰＳシステムを使用します。
 
 
 ---
diff --git a/README-ko.md b/README-ko.md
index 0309ece..0bea30a 100644
--- a/README-ko.md
+++ b/README-ko.md
@@ -26,7 +26,7 @@ API를 설계하고, 테스트하고, 배포할 때 고려해야 할 중요한 
 - [ ] 디렉토리 목록을 끕니다.
 - [ ] 프라이빗 API의 경우, 화이트리스트에 있는 IP/호스트에서만 액세스를 허용합니다.
 
-## Authorization
+## 권한 부여 (Authorization)
 
 ### OAuth
 - [ ] 허용된 URL만 받기 위해서는 서버 단에서 `redirect_uri`의 유효성을 항상 검증하세요.
@@ -71,7 +71,7 @@ API를 설계하고, 테스트하고, 배포할 때 고려해야 할 중요한 
 - [ ] 알려진 취약점이 있는지 종속성(소프트웨어 및 OS 모두)을 확인하십시오.
 - [ ] 배포에 대한 롤백 솔루션을 설계하세요.
 
-## Monitoring
+## 모니터링 (Monitoring)
 - [ ] Use centralized logins for all services and components.
 - [ ] Use agents to monitor all traffic, errors, requests, and responses.
 - [ ] Use alerts for SMS, Slack, Email, Telegram, Kibana, Cloudwatch, etc.
diff --git a/README-ru.md b/README-ru.md
index e5e6c97..2ee283c 100644
--- a/README-ru.md
+++ b/README-ru.md
@@ -26,7 +26,7 @@
 - [ ] Отключите списки каталогов.
 - [ ] Для частных API, разрешите доступ только с IP-адресов/хостов из белого списка.
 
-## Authorization
+## Авторизация
 
 ### OAuth
 - [ ] Всегда проверяйте `redirect_uri` на стороне сервера, чтобы разрешать только URL-адреса из белых списков (whitelist).
@@ -71,12 +71,12 @@
 - [ ] Проверьте свои зависимости (как программное обеспечение и ОС) на наличие известных уязвимостей.
 - [ ] Сделайте возможным быстрый откат на предыдущую версию.
 
-## Monitoring
-- [ ] Use centralized logins for all services and components.
-- [ ] Use agents to monitor all traffic, errors, requests, and responses.
-- [ ] Use alerts for SMS, Slack, Email, Telegram, Kibana, Cloudwatch, etc.
-- [ ] Ensure that you aren't logging any sensitive data like credit cards, passwords, PINs, etc.
-- [ ] Use an IDS and/or IPS system to monitor your API requests and instances.
+## Мониторинг
+- [ ] Используйте централизованные входы для всех служб и компонентов.
+- [ ] Используйте агенты для мониторинга всего трафика, ошибок, запросов, и ответов.
+- [ ] Используйте оповещения для SMS, Slack, электронной почты, Telegram, Kibana, Cloudwatch, и т.д.
+- [ ] Убедитесь, что вы не регистрируете какие-либо конфиденциальные данные, такие как кредитные карты, пароли, PIN-коды, и т.д.
+- [ ] Используйте систему IDS и/или IPS для мониторинга запросов и экземпляров API.
 
 
 ---
diff --git a/README-tr.md b/README-tr.md
index 4010d22..2333ee0 100644
--- a/README-tr.md
+++ b/README-tr.md
@@ -26,7 +26,7 @@ API'nizi tasarlarken, test ederken ve yayınlarken en önemli güvenlik önlemle
 - [ ] Dizin listelerini kapatın.
 - [ ] Özel API'ler için, yalnızca beyaz listedeki IP'lerden/host'lardan erişime izin verin.
 
-## Authorization
+## Yetki
 
 ### OAuth
 - [ ] Yalnızca beyaz listeye eklenen URL'lere izin vermek için sunucu tarafındaki `redirect_uri` bilgisini her zaman doğrulayın.
@@ -71,12 +71,12 @@ API'nizi tasarlarken, test ederken ve yayınlarken en önemli güvenlik önlemle
 - [ ] Bilinen güvenlik açıkları için bağımlılıklarınızı (hem yazılım hem de işletim sistemi) kontrol edin.
 - [ ] Dağıtımlar için bir geriye dönme çözümü tasarlayın.
 
-## Monitoring
-- [ ] Use centralized logins for all services and components.
-- [ ] Use agents to monitor all traffic, errors, requests, and responses.
-- [ ] Use alerts for SMS, Slack, Email, Telegram, Kibana, Cloudwatch, etc.
-- [ ] Ensure that you aren't logging any sensitive data like credit cards, passwords, PINs, etc.
-- [ ] Use an IDS and/or IPS system to monitor your API requests and instances.
+## İzleme
+- [ ] Tüm hizmetler ve bileşenler için merkezi login kullanın.
+- [ ] Tüm trafiği, hataları, istekleri ve yanıtları izlemek için aracıları kullanın.
+- [ ] SMS, Slack, E-posta, Telegram, Kibana, Cloudwatch, vb. için uyarıları kullanın.
+- [ ] Kredi kartları, parolalar, PIN'ler, vb. hassas verileri günlüğe kaydetmediğinizden emin olun.
+- [ ] API isteklerinizi ve örneklerinizi izlemek için bir IDS ve/veya IPS sistemi kullanın.
 
 
 ---
diff --git a/README-uk.md b/README-uk.md
index c3f61a3..01fc2c5 100644
--- a/README-uk.md
+++ b/README-uk.md
@@ -26,7 +26,7 @@
 - [ ] Вимкніть списки каталогів.
 - [ ] Для приватних API, дозвольте доступ лише з IP-адрес/хостів із білого списку.
 
-## Authorization
+## Авторизація
 
 ### OAuth
 - [ ] Завжди перевіряйте `redirect_uri` на стороні сервера, щоб дозволяти тільки URL-адреси з білими списками.
@@ -71,12 +71,12 @@
 - [ ] Перевірте свої залежності (як програмне забезпечення, так і ОС) на відомі вразливості.
 - [ ] Створіть рішення відкату для розгортання.
 
-## Monitoring
-- [ ] Use centralized logins for all services and components.
-- [ ] Use agents to monitor all traffic, errors, requests, and responses.
-- [ ] Use alerts for SMS, Slack, Email, Telegram, Kibana, Cloudwatch, etc.
-- [ ] Ensure that you aren't logging any sensitive data like credit cards, passwords, PINs, etc.
-- [ ] Use an IDS and/or IPS system to monitor your API requests and instances.
+## Моніторинг
+- [ ] Використовуйте централізований вхід для всіх служб і компонентів.
+- [ ] Використовуйте агентів для моніторингу всього трафіку, помилок, запитів і відповідей.
+- [ ] Використовуйте сповіщення для SMS, Slack, Email, Telegram, Kibana, Cloudwatch, тощо.
+- [ ] Переконайтеся, що ви не реєструєте жодних конфіденційних даних, таких як кредитні картки, паролі, PIN-коди, тощо.
+- [ ] Використовуйте систему IDS та/або IPS для моніторингу запитів і екземплярів API.
 
 
 ---
diff --git a/README-vi.md b/README-vi.md
index e0d3b1c..991a8a8 100644
--- a/README-vi.md
+++ b/README-vi.md
@@ -26,7 +26,7 @@ Những giải pháp an toàn và cách khắc phục khi thiết kế, kiểm t
 - [ ] Tắt danh sách thư mục.
 - [ ] Đối với các API riêng tư, chỉ cho phép truy cập từ các IP / máy chủ có trong danh sách cho phép / danh sách trắng / whitelist.
 
-## Authorization
+## Ủy quyền (Authorization)
 
 ### OAuth Ủy quyền hoặc chứng thực giao thức
 - [ ] Luôn xác nhận `redirect_uri` phía server để chỉ cho phép redirect đến các URL tin cậy.
@@ -63,7 +63,7 @@ Những giải pháp an toàn và cách khắc phục khi thiết kế, kiểm t
 - [ ] Không trả về client các thông tin nhạy cảm như `credentials`, `Passwords`, `security tokens`.
 - [ ] Trả về status code tương ứng với hành động đã hoàn thành. (chẳng hạn. `200 OK`, `400 Bad Request`, `401 Unauthorized`, `405 Method Not Allowed`...).
 
-## CI & CD ( Tích hợp và triển khai liên tục)
+## CI & CD (Tích hợp và triển khai liên tục)
 - [ ] Kiểm tra thiết kế và thực hiện đầy đủ việc test với unit/integration.
 - [ ] Áp dụng quy trình đánh giá code và bỏ qua việc tự phê duyệt.
 - [ ] Đảm bảo các thành phần của dịch vụ được quét với các anti virus trước khi đưa ra phiên bản production, bao gồm các thư viện và các gói khác.
@@ -71,12 +71,12 @@ Những giải pháp an toàn và cách khắc phục khi thiết kế, kiểm t
 - [ ] Kiểm tra các phần phụ thuộc của bạn (cả phần mềm và hệ điều hành) để tìm các lỗ hổng đã biết.
 - [ ] Thiết kế một giải pháp rollback cho việc triển khai.
 
-## Monitoring
-- [ ] Use centralized logins for all services and components.
-- [ ] Use agents to monitor all traffic, errors, requests, and responses.
-- [ ] Use alerts for SMS, Slack, Email, Telegram, Kibana, Cloudwatch, etc.
-- [ ] Ensure that you aren't logging any sensitive data like credit cards, passwords, PINs, etc.
-- [ ] Use an IDS and/or IPS system to monitor your API requests and instances.
+## Giám sát (Monitoring)
+- [ ] Sử dụng đăng nhập tập trung cho tất cả các dịch vụ và thành phần.
+- [ ] Sử dụng các tác nhân để giám sát tất cả lưu lượng truy cập, lỗi, yêu cầu, và phản hồi.
+- [ ] Sử dụng cảnh báo cho SMS, Slack, Email, Telegram, Kibana, Cloudwatch, vv.
+- [ ] Đảm bảo rằng bạn không ghi nhật ký bất kỳ dữ liệu nhạy cảm nào thẻ tín dụng, mật khẩu, mã PIN, vv.
+- [ ] Sử dụng hệ thống IDS và/hoặc IPS để giám sát các yêu cầu và phản hồi của API của bạn.
 
 
 ---

From 39186f6a7b69f8bd1dea620767be8dbd10369943 Mon Sep 17 00:00:00 2001
From: ZukyFresh <32201224+ZukyFresh@users.noreply.github.com>
Date: Sat, 7 Jan 2023 02:53:17 +0100
Subject: [PATCH 115/149] Created README-cs.md

Brief translation to Czech (cs) language. Many names of certain things are still in english because we dont translate them. Translation could be incorrect in some ways, but should be understendable for every czech speaking reader.
---
 README-cs.md | 91 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 91 insertions(+)
 create mode 100644 README-cs.md

diff --git a/README-cs.md b/README-cs.md
new file mode 100644
index 0000000..5f3f3ca
--- /dev/null
+++ b/README-cs.md
@@ -0,0 +1,91 @@
+[繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md) | [Čeština](./README-cs.md)
+
+# Seznam API zabezpečení
+Kontrolní seznam nejdůležitějších bezpečnostních opatření při návrhu, testování a uvolňování rozhraní API.
+
+
+---
+
+## Autentizace
+- [ ] Nepoužívejte `Basic Auth`. Místo toho použijte standardní ověřování (např. [JWT](https://jwt.io/)).
+- [ ] Nevymýšlejte znovu způsoby `ověření`, `generace tokenů`, `ukládání hesel`. Držte se standardů.
+- [ ] Používejte u loginů funkce `Maximum Pokusů` a dočasné zablokování.
+- [ ] Šifrujte všecha citlivá data.
+
+### JWT (JSON Web Token)
+- [ ] Použijte náhodný a sofistikovaný klíč (`JWT Secret`), aby bylo složité token získat přes brute-force.
+- [ ] Nepoužívejte algoritmy posílané v hlavičce. Vynuťte použití algoritmů na backendu (`HS256` nebo `RS256`).
+- [ ] Zajistěte, aby platnost tokenu (`TTL`, `RTTL`) byla co nejkratší.
+- [ ] Neukládejte uvnitř JWT citlivá data, mohou být následně [poměrně jednoduše] dekódovány (https://jwt.io/#debugger-io).
+- [ ] Neukládejte v nich příliš mnoho dat. JWT se obvykle sdílí v hlavičkách a jejich velikost je omezena.
+
+## Přístup
+- [ ] Omezte počet příchozích requestů (Zahlcení) aby jste předešli DDoS/brute-force útokům.
+- [ ] Na straně serveru používejte protokol HTTPS s protokolem TLS 1.2+ a bezpečnými šiframi, abyste se vyhnuli útoku MITM (Man in the Middle).
+- [ ] Použijte hlavičku `HSTS` s protokolem SSL, abyste se vyhnuli útokům SSL Strip.
+- [ ] Vypněte vypisování adresářů.
+- [ ] U privátních API povolte přístup pouze z IP adres/hostů nastavených ve whitelistu.
+
+## Autorizace
+
+### OAuth
+- [ ] Vždy ověřujte `redirect_uri` na straně serveru, abyste povolili pouze adresy URL uvedené ve whitelistu.
+- [ ] Vždy se snažte vyměňovat autorizační kód, ne přístupové tokeny (nepovolujte `response_type=token`).
+- [ ] Použijte parametr `state` s náhodným hashem, abyste zabránili CSRF v autorizačním procesu OAuth.
+- [ ] Definujte výchozí rozsah a ověřte parametry tohoto rozsahu pro každou aplikaci.
+
+## Vstupy
+- [ ] Použijte správné metody HTTP podle operace: `GET (čtení)`, `POST (vkládání)`, `PUT/PATCH (nahrazení/update)`, a `DELETE (smazání záznamu)`, a odpovězte `405 Method Not Allowed` pokud požadovaná metoda není vhodná pro požadovaný prostředek.
+- [ ] Ověřte `content-type` v hlavičce požadavku Accept (Content Negotiation), abyste povolili pouze vámi podporovaný formát (např. `application/xml`, `application/json` atd.) a v případě neshody odpovězte `406 Not Acceptable`.
+- [ ] Ověřte typ `content-type` odesílaných dat tak, jak je přijímáte (např. `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json` atd.).
+- [ ] Ověřujte uživatelské vstupy, abyste se vyhnuli běžným zranitelnostem (např. `XSS`, `SQL-Injection`, `Remote Code Execution` atd.).
+- [ ] Nepoužívejte v URL žádné citlivé údaje (`přihlašovací údaje`, `hesla`, `security tokeny` nebo `API klíče`), ale použijte standardní Authorization hlavičku.
+- [ ] Používejte pouze šifrování na straně serveru.
+- [ ] Pomocí služby API Gateway můžete povolit ukládání do mezipaměti, zásady pro omezení rychlosti (např. `Quota`, `Spike Arrest` nebo `Concurrent Rate Limit`) a dynamické nasazování prostředků API.
+
+## Zpracování
+- [ ] Zkontrolujte, zda jsou všechny koncové body chráněny určitým ověřením přístupu, aby nedošlo k porušení procesu ověřování.
+- [ ] Neměla by se používat jednotlivá ID uživatelů. Místo `/user/654321/orders` použijte `/me/orders`.
+- [ ] Nepoužívejte auto-inkrementaci u ID. Použijte místo toho `UUID`.
+- [ ] Pokud zpracováváte XML data, ujistěte se, že není povoleno procházení jednotlivých entit, abyste se vyhnuli `XXE` (XML external entity attack).
+- [ ] Pokud zpracováváte XML, YAML nebo jakýkoli jiný jazyk s kotvami a odkazy, ujistěte se, že není povoleno rozšiřování entit, abyste se vyhnuli útokům jako `Billion Laughs/XML bomb` pomocí exponenciálního rozšiřování entit.
+- [ ] Pro nahrávání souborů používejte síť CDN.
+- [ ] Pokud pracujete s obrovským množstvím dat, použijte Workery a fronty, abyste jich co nejvíce zpracovali na pozadí, rychle vrátili odpověď, a vyhnuli se tak HTTP blokaci.
+- [ ] Nezapomeňte vypnout DEBUG režim.
+- [ ] Pokud je to možné používejte nespustitelné stacky (NX).
+
+## Výstupy
+- [ ] V hlavičce odpovědi posílejte `X-Content-Type-Options: nosniff`.
+- [ ] V hlavičce odpovědi posílejte `X-Frame-Options: deny`.
+- [ ] V hlavičce odpovědi posílejte `Content-Security-Policy: default-src 'none'`.
+- [ ] Z hlavičky odpovědi odstraňte - `X-Powered-By`, `Server`, `X-AspNet-Version`, atd.
+- [ ] Vynuťte v odpovědi použití `content-type`. Pokud vrátíte `application/json`, potom `content-type` vaší odpovědi bude `application/json`.
+- [ ] Neposílejte v odpovědích citlivá data jako `přihlašovací údaje`, `hesla`, nebo `security tokeny`.
+- [ ] Posílejte správný stavový kód podle toho jak byla operace dokončena. (např. `200 OK`, `400 Bad Request`, `401 Unauthorized`, `405 Method Not Allowed`, atd.).
+
+## CI & CD
+- [ ] Zkontrolujte svůj návrh a implementaci řešení jednotkovými/integračními testy.
+- [ ] Používejte proces kontroly kódu a to nejlépe třetí nezávislou stranou.
+- [ ] Zajistěte, aby všechny součásti vašich služeb byly před nasazením do produkce staticky oskenovány antivirem, včetně všech knihoven dodavatelů a dalších součástí.
+- [ ] Průběžně provádějte bezpečnostní testy vašeho kódu (statickou/dynamickou analýzu).
+- [ ] Zkontrolujte jestli používané technologie (oboje jak software tak OS) neobsahují známé zranitelnosti.
+- [ ] Navrhněte pro nasazený systém možnost rollbacku.
+
+## Monitorování
+- [ ] Používejte centralizované přihlašovací údaje pro všechny služby a komponenty.
+- [ ] Používejte agenty na monitorování veškeré komunikace, errorů, requestů, a odpovědí.
+- [ ] Používejte upozornění pomocí SMS, Slacku, Emailu, Telegramu, Kibany, Cloudwatche, atd.
+- [ ] Ujistěte se, že neukládáte do logů žádné citlivé údaje, jako čísla kreditních karet, hesla, kódy PIN atd.
+- [ ] Ke sledování API requestů a instancí používejte systém IDS a/nebo IPS.
+
+
+---
+
+## Viz také:
+- [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) - Sbírka užitečných zdrojů pro vytváření rozhraní RESTful HTTP+JSON API.
+
+
+---
+
+# Příspěvek
+Neváhejte přispět forknutím tohoto repozitáře, provedením nějakých změn a zasláním pull requestu. V případě jakýchkoli dotazů nám napište na e-mail `team@shieldfy.io`.

From 02d8522525a785b0d4f3f910856b236664d851f2 Mon Sep 17 00:00:00 2001
From: Caleb Mazalevskis <maikuolan@gmail.com>
Date: Sat, 7 Jan 2023 22:46:53 +0800
Subject: [PATCH 116/149] Sync.

---
 README-ar.md    |  2 +-
 README-bn.md    |  2 +-
 README-cs.md    |  2 +-
 README-de.md    |  2 +-
 README-el.md    |  2 +-
 README-es.md    |  2 +-
 README-fa.md    |  2 +-
 README-fr.md    |  2 +-
 README-hi.md    |  2 +-
 README-id.md    |  2 +-
 README-it.md    |  2 +-
 README-ja.md    |  2 +-
 README-ko.md    | 12 ++++++------
 README-lo.md    |  2 +-
 README-mk.md    |  2 +-
 README-ml.md    |  2 +-
 README-mn.md    |  2 +-
 README-nl.md    | 12 ++++++------
 README-pl.md    | 14 +++++++-------
 README-pt_BR.md |  2 +-
 README-ru.md    |  2 +-
 README-th.md    |  2 +-
 README-tr.md    |  2 +-
 README-tw.md    |  2 +-
 README-uk.md    |  2 +-
 README-vi.md    |  2 +-
 README-zh.md    |  2 +-
 README.md       |  2 +-
 28 files changed, 44 insertions(+), 44 deletions(-)

diff --git a/README-ar.md b/README-ar.md
index 426bfb5..5a49999 100644
--- a/README-ar.md
+++ b/README-ar.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [বাংলা](./README-bn.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 <div dir="rtl">
 
diff --git a/README-bn.md b/README-bn.md
index bc7c930..b861652 100644
--- a/README-bn.md
+++ b/README-bn.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # API নিরাপত্তা তালিকা
 তালিকা করুন সবচেয়ে গুরুত্বপূর্ন নিরাপত্তা পাল্টা ব্যবস্থা যখন পরিকল্পনা, পরীক্ষামূলক, এবং নিষ্কৃতি করছেন আপনার API।
diff --git a/README-cs.md b/README-cs.md
index 5f3f3ca..3f78d78 100644
--- a/README-cs.md
+++ b/README-cs.md
@@ -1,4 +1,4 @@
-[繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md) | [Čeština](./README-cs.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # Seznam API zabezpečení
 Kontrolní seznam nejdůležitějších bezpečnostních opatření při návrhu, testování a uvolňování rozhraní API.
diff --git a/README-de.md b/README-de.md
index e426efc..ca4d23c 100644
--- a/README-de.md
+++ b/README-de.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # API Security Checkliste
 Checkliste für die wichtigsten Sicherheitsmaßnahmen beim Designen, Testen und Veröffentlichen deiner API.
diff --git a/README-el.md b/README-el.md
index 7839bbe..58ef22c 100644
--- a/README-el.md
+++ b/README-el.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Deutsch](./README-de.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # API λίστα ελέγχου ασφαλείας
 Λίστα με τα πιο σημαντικά μέτρα ασφαλείας στον σχεδιασμό, έλεγχο, και την έκδοση του API σας.
diff --git a/README-es.md b/README-es.md
index 7b43dcd..65b432c 100644
--- a/README-es.md
+++ b/README-es.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # Lista de seguridad en APIs
 Lista de las contramedidas de seguridad más importantes en cuanto al diseño, testing y publicación de tu API.
diff --git a/README-fa.md b/README-fa.md
index 410df2c..aa691e4 100644
--- a/README-fa.md
+++ b/README-fa.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 <div dir="rtl">
 
diff --git a/README-fr.md b/README-fr.md
index b4686ad..e43e425 100644
--- a/README-fr.md
+++ b/README-fr.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # API Security Checklist
 Checklist des points de sécurité les plus importants lors de la conception, du test et de la mise en production de votre API.
diff --git a/README-hi.md b/README-hi.md
index 61f8f2b..bc41fcb 100644
--- a/README-hi.md
+++ b/README-hi.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # API सुरक्षा जांच-सूची
 अपने API को डिजाइन करने, परीक्षण करने और जारी करने के दौरान सबसे महत्वपूर्ण सुरक्षा प्रतिवाद की जांच सूची|
diff --git a/README-id.md b/README-id.md
index ac46d94..6492f5c 100644
--- a/README-id.md
+++ b/README-id.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # Checklist Keamanan API
 Checklist penanggulangan keamanan yang paling penting ketika merancang, menguji, dan melepaskan API ke khalayak
diff --git a/README-it.md b/README-it.md
index bed2d8b..d55ec68 100644
--- a/README-it.md
+++ b/README-it.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # Checklist per la sicurezza delle API
 Una checklist per le più importanti contromisure da mettere in pratica quando strutturiamo, testiamo e rilasciamo le nostre API.
diff --git a/README-ja.md b/README-ja.md
index ad17bd6..47de4b8 100644
--- a/README-ja.md
+++ b/README-ja.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [한국어](./README-ko.md) | [ລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [한국어](./README-ko.md) | [ລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # APIセキュリティチェックリスト
 APIを設計、テスト、リリースするときの最も重要なセキュリティ対策のチェックリスト
diff --git a/README-ko.md b/README-ko.md
index 0bea30a..75ed52d 100644
--- a/README-ko.md
+++ b/README-ko.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [ລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [ລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # API 보안 점검표
 API를 설계하고, 테스트하고, 배포할 때 고려해야 할 중요한 보안 대책에 대한 점검 목록입니다.
@@ -72,11 +72,11 @@ API를 설계하고, 테스트하고, 배포할 때 고려해야 할 중요한 
 - [ ] 배포에 대한 롤백 솔루션을 설계하세요.
 
 ## 모니터링 (Monitoring)
-- [ ] Use centralized logins for all services and components.
-- [ ] Use agents to monitor all traffic, errors, requests, and responses.
-- [ ] Use alerts for SMS, Slack, Email, Telegram, Kibana, Cloudwatch, etc.
-- [ ] Ensure that you aren't logging any sensitive data like credit cards, passwords, PINs, etc.
-- [ ] Use an IDS and/or IPS system to monitor your API requests and instances.
+- [ ] 모든 서비스 및 구성 요소에 대해 중앙 집중식 로그인을 사용합니다.
+- [ ] 에이전트를 사용하여 모든 트래픽, 오류, 요청 및 응답을 모니터링합니다.
+- [ ] SMS, Slack, 이메일, Telegram, Kibana, Cloudwatch, 등에 대한 알림을 사용합니다.
+- [ ] 신용 카드, 비밀번호, PIN, 등과 같은 민감한 데이터를 기록하고 있지 않은지 확인하십시오.
+- [ ] IDS 및/또는 IPS 시스템을 사용하여 API 요청 및 인스턴스를 모니터링합니다.
 
 
 ---
diff --git a/README-lo.md b/README-lo.md
index 9e175ea..8bf9214 100644
--- a/README-lo.md
+++ b/README-lo.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # API Security Checklist
 Checklist ທີ່ຕ້ອງໃຫ້ຄວາມສຳຄັນເມື່ອມີການສ້າງ API ໃນຊ່ວງການອອກແບບ ທົດສອບລະບົບ ແລະ ການປ່ອຍໃຫ້ຄົນນອກໃຊ້
diff --git a/README-mk.md b/README-mk.md
index 21424cf..5db6103 100644
--- a/README-mk.md
+++ b/README-mk.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ລາວ](./README-lo.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ລາວ](./README-lo.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # API Безбедносна контролна листа
 Безбедносна контролна листа од најважните безбедносни контрамерки при дизајнирање, тестирање и пуштање во употреба на вашето API.
diff --git a/README-ml.md b/README-ml.md
index 198eeba..a5af892 100644
--- a/README-ml.md
+++ b/README-ml.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # API സുരക്ഷാ ചെക്ക്‌ലിസ്റ്റ്
 നിങ്ങളുടെ API ഡിസൈൻ ചെയ്യുമ്പോഴും ടെസ്റ്റ് ചെയ്യുമ്പോഴും റിലീസ് ചെയ്യുമ്പോഴും പാലിക്കേണ്ട ഏറ്റവും പ്രധാനപ്പെട്ട സുരക്ഷാ പ്രതിരോധ നടപടികളുടെ ചെക്ക്‌ലിസ്റ്റ്.
diff --git a/README-mn.md b/README-mn.md
index 8961edd..d004071 100644
--- a/README-mn.md
+++ b/README-mn.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # API Аюулгүйн жагсаалт
 API гаргах, загварчлах, тестлэхэд аюулгүйн талаас авах сөрөг арга хэмжээний жагсаалт.
diff --git a/README-nl.md b/README-nl.md
index 819e2b3..a0e8692 100644
--- a/README-nl.md
+++ b/README-nl.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # API Security Checklist
 Checklist met de belangrijkste tegenmaatregelen bij het ontwerpen, testen en uitbrengen van een API.
@@ -72,11 +72,11 @@ Checklist met de belangrijkste tegenmaatregelen bij het ontwerpen, testen en uit
 - [ ] Ontwikkel een terugrol oplossing.
 
 ## Monitoring
-- [ ] Use centralized logins for all services and components.
-- [ ] Use agents to monitor all traffic, errors, requests, and responses.
-- [ ] Use alerts for SMS, Slack, Email, Telegram, Kibana, Cloudwatch, etc.
-- [ ] Ensure that you aren't logging any sensitive data like credit cards, passwords, PINs, etc.
-- [ ] Use an IDS and/or IPS system to monitor your API requests and instances.
+- [ ] Gebruik gecentraliseerde aanmeldingen voor alle services en componenten.
+- [ ] Gebruik agents om al het verkeer, fouten, verzoeken en reacties te monitoren.
+- [ ] Gebruik waarschuwingen voor SMS, Slack, E-mail, Telegram, Kibana, Cloudwatch, etc.
+- [ ] Zorg ervoor dat u geen gevoelige gegevens registreert, zoals creditcards, wachtwoorden, pincodes, enz.
+- [ ] Gebruik een IDS- en/of IPS-systeem om uw API-verzoeken en instanties te monitoren.
 
 
 ---
diff --git a/README-pl.md b/README-pl.md
index 9a0d6d7..899ff56 100644
--- a/README-pl.md
+++ b/README-pl.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # Lista kontrolna bezpieczeństwa API
 Lista kontrolna najważniejszych metod zabezpieczenia podczas projektowania, testowania oraz wypuszczania własnego API.
@@ -70,12 +70,12 @@ Lista kontrolna najważniejszych metod zabezpieczenia podczas projektowania, tes
 - [ ] Sprawdź swoje zależności (zarówno oprogramowanie i system operacyjny) pod kątem znanych luk w zabezpieczeniach.
 - [ ] Stwórz możliwość szybkiego wycofania udostępnionego wdrożenia.
 
-## Monitoring
-- [ ] Use centralized logins for all services and components.
-- [ ] Use agents to monitor all traffic, errors, requests, and responses.
-- [ ] Use alerts for SMS, Slack, Email, Telegram, Kibana, Cloudwatch, etc.
-- [ ] Ensure that you aren't logging any sensitive data like credit cards, passwords, PINs, etc.
-- [ ] Use an IDS and/or IPS system to monitor your API requests and instances.
+## Monitorowanie
+- [ ] Użyj ze scentralizowanych logowań dla wszystkich usług i komponentów.
+- [ ] Użyj agentów do monitorowania całego ruchu, błędów, żądań i odpowiedzi.
+- [ ] Użyj alertów dla SMS, Slack, Email, Telegram, Kibana, Cloudwatch, itp.
+- [ ] Upewnij się, że nie rejestrujesz żadnych poufnych danych, takich jak karty kredytowe, hasła, kody PIN, itp.
+- [ ] Użyj systemu IDS i/lub IPS do monitorowania żądań i instancji API.
 
 
 ---
diff --git a/README-pt_BR.md b/README-pt_BR.md
index ae30d17..e0f21eb 100644
--- a/README-pt_BR.md
+++ b/README-pt_BR.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # API Security Checklist
 Lista das mais importantes medidas de segurança para o desenvolvimento, teste e publicação da sua API.
diff --git a/README-ru.md b/README-ru.md
index 2ee283c..1f3ae31 100644
--- a/README-ru.md
+++ b/README-ru.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # Контрольный список безопасности API
 Чеклист наиболее важных контрмер по безопасности при разработке, тестировании и выпуске вашего API.
diff --git a/README-th.md b/README-th.md
index e163ab3..425372e 100644
--- a/README-th.md
+++ b/README-th.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # API Security Checklist
 Checklist ที่ต้องให้ความสำคัญเมื่อมีการสร้าง API ในช่วงการออกแบบ ทดสอบระบบ และการปล่อยให้คนนอกใช้
diff --git a/README-tr.md b/README-tr.md
index 2333ee0..28a84ff 100644
--- a/README-tr.md
+++ b/README-tr.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # API Güvenlik Kontrol Listesi
 
diff --git a/README-tw.md b/README-tw.md
index 495ab92..4314110 100644
--- a/README-tw.md
+++ b/README-tw.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # 開發安全的 API 所需要核對的清單
 以下是當你在設計, 測試以及發佈你的 API 的時候所需要核對的重要安全措施.
diff --git a/README-uk.md b/README-uk.md
index 01fc2c5..bccc27e 100644
--- a/README-uk.md
+++ b/README-uk.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md)
 
 # Контрольний список безпеки API
 Контрольний список найбільш важливих контрзаходів безпеки при розробці, тестуванні та випуску вашого API.
diff --git a/README-vi.md b/README-vi.md
index 991a8a8..0f03c18 100644
--- a/README-vi.md
+++ b/README-vi.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md)
 
 # Danh sách các giải pháp an toàn cho API
 Những giải pháp an toàn và cách khắc phục khi thiết kế, kiểm tra và phát hành API cho ứng dụng của bạn.
diff --git a/README-zh.md b/README-zh.md
index 3b07e18..2778154 100644
--- a/README-zh.md
+++ b/README-zh.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # 开发安全的 API 所需要核对的清单
 以下是当你在设计，测试以及发布你的 API 的时候所需要核对的重要安全措施。
diff --git a/README.md b/README.md
index 37eefdc..4fbdace 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,4 @@
-[繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # API Security Checklist
 Checklist of the most important security countermeasures when designing, testing, and releasing your API.

From e85973d3c488b00168d6125563ae3c94eff6ce0e Mon Sep 17 00:00:00 2001
From: Tony Deng <wolf.deng@gmail.com>
Date: Thu, 19 Jan 2023 15:16:53 +0800
Subject: [PATCH 117/149] =?UTF-8?q?:pencil:=20docs(zh):=20=E6=9B=B4?=
 =?UTF-8?q?=E6=96=B0API=E7=9B=91=E6=8E=A7=E9=83=A8=E5=88=86?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

更新API健康,并解决文档中markdown格式的警告

Signed-off-by: Tony Deng <wolf.deng@gmail.com>
---
 README-zh.md | 27 ++++++++++++++++++---------
 1 file changed, 18 insertions(+), 9 deletions(-)

diff --git a/README-zh.md b/README-zh.md
index 2778154..efeca47 100644
--- a/README-zh.md
+++ b/README-zh.md
@@ -1,18 +1,20 @@
 [English](./README.md) | [繁中版](./README-tw.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # 开发安全的 API 所需要核对的清单
-以下是当你在设计，测试以及发布你的 API 的时候所需要核对的重要安全措施。
 
+以下是当你在设计，测试以及发布你的 API 的时候所需要核对的重要安全措施。
 
 ---
 
 ## 身份认证
+
 - [ ] 不要使用 `Basic Auth` ，请使用标准的认证协议（如 [JWT](https://jwt.io/)，[OAuth](https://oauth.net/)）。
 - [ ] 不要重新实现 `Authentication`、`token generating` 和 `password storing`，请使用标准库。
 - [ ] 限制密码错误尝试次数，并且增加账号冻结功能。
 - [ ] 加密所有的敏感数据。
 
 ### JWT（JSON Web Token）
+
 - [ ] 使用随机复杂的密钥（`JWT Secret`）以增加暴力破解的难度。
 - [ ] 不要在请求体中直接提取数据，要对数据进行加密（`HS256` 或 `RS256`）。
 - [ ] 使 token 的过期时间尽量的短（`TTL`，`RTTL`）。
@@ -20,6 +22,7 @@
 - [ ] 避免存储过多的数据。 JWT 通常在标头中共享，并且它们有大小限制。
 
 ## 访问
+
 - [ ] 限制流量来防止 DDoS 攻击和暴力攻击。
 - [ ] 在服务端使用 HTTPS 协议来防止 MITM （中间人攻击）。
 - [ ] 使用 `HSTS` 协议防止 SSL Strip 攻击。
@@ -29,12 +32,14 @@
 ## Authorization
 
 ### OAuth 授权或认证协议
+
 - [ ] 始终在后台验证 `redirect_uri`，只允许白名单的 URL。
 - [ ] 始终在授权时使用有效期较短的授权码（code）而不是令牌（access_token）（不允许 `response_type=token`）。
 - [ ] 使用随机哈希数的 `state` 参数来防止跨站请求伪造（CSRF）。
 - [ ] 对不同的应用分别定义默认的作用域和各自有效的作用域参数。
 
 ## 输入
+
 - [ ] 使用与操作相符的 HTTP 操作函数，`GET（读取)`，`POST（创建）`，`PUT（替换/更新）` 以及 `DELETE（删除记录）`，如果请求的方法不适用于请求的资源则返回 `405 Method Not Allowed`。
 - [ ] 在请求头中的 `content-type` 字段使用内容验证来只允许支持的格式（如 `application/xml`，`application/json` 等等）并在不满足条件的时候返回 `406 Not Acceptable`。
 - [ ] 验证 `content-type` 中申明的编码和你收到正文编码一致（如 `application/x-www-form-urlencoded`，`multipart/form-data`，`application/json` 等等）。
@@ -44,6 +49,7 @@
 - [ ] 使用一个 API Gateway 服务来启用缓存、限制访问速率（如 `Quota`，`Spike Arrest`，`Concurrent Rate Limit`）以及动态地部署 APIs resources。
 
 ## 处理
+
 - [ ] 检查是否所有的接口都包含必要都身份认证，以避免被破坏了的认证体系。
 - [ ] 避免使用特有的资源 id。使用 `/me/orders` 替代 `/user/654321/orders`。
 - [ ] 使用 `UUID` 代替自增长的 id。
@@ -55,6 +61,7 @@
 - [ ] 可用时使用不可执行的堆栈。
 
 ## 输出
+
 - [ ] 增加请求返回头 `X-Content-Type-Options: nosniff`。
 - [ ] 增加请求返回头 `X-Frame-Options: deny`。
 - [ ] 增加请求返回头 `Content-Security-Policy: default-src 'none'`。
@@ -64,6 +71,7 @@
 - [ ] 给请求返回使用合理的 HTTP 响应代码。（如 `200 OK`，`400 Bad Request`，`401 Unauthorized`，`405 Method Not Allowed` 等等）。
 
 ## 持续集成和持续部署
+
 - [ ] 使用单元测试以及集成测试的覆盖率来保障你的设计和实现。
 - [ ] 引入代码审查流程，禁止私自合并代码。
 - [ ] 在推送到生产环境之前确保服务的所有组件都用杀毒软件静态地扫描过，包括第三方库和其它依赖。
@@ -71,21 +79,22 @@
 - [ ] 检查您的依赖项（软件和操作系统）是否存在已知漏洞。
 - [ ] 为部署设计一个回滚方案。
 
-## Monitoring
-- [ ] Use centralized logins for all services and components.
-- [ ] Use agents to monitor all traffic, errors, requests, and responses.
-- [ ] Use alerts for SMS, Slack, Email, Telegram, Kibana, Cloudwatch, etc.
-- [ ] Ensure that you aren't logging any sensitive data like credit cards, passwords, PINs, etc.
-- [ ] Use an IDS and/or IPS system to monitor your API requests and instances.
+## 监控
 
+- [ ] 对所有服务和组件使用集中式登录。
+- [ ] 使用代理来监控所有流量、错误、请求和响应。
+- [ ] 使用短信，Slack，电子邮件，电报，Kibana, Cloudwatch等提醒。
+- [ ] 确保你没有记录任何敏感数据，如信用卡、密码、pin等。
+- [ ] 使用IDS和/或IPS系统监视您的API请求和实例。
 
 ---
 
-## 也可以看看：
-- [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) - 用于构建 RESTful HTTP + JSON API 的有用资源集合。
+## 也可以看看
 
+- [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) - 用于构建 RESTful HTTP + JSON API 的有用资源集合。
 
 ---
 
 # 贡献
+
 为此存储库创建一个 fork，进行修改，并提交 pull request 来贡献。如果您有任何问题，请发送邮件至 `team@shieldfy.io`。

From abb70cbff0a5eb40f11414214bdde160a913546c Mon Sep 17 00:00:00 2001
From: Taha Ahmadi <tahaahmadimail@protonmail.com>
Date: Mon, 6 Feb 2023 02:56:38 +0330
Subject: [PATCH 118/149] Sync.

---
 README-fa.md | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/README-fa.md b/README-fa.md
index aa691e4..3c637e1 100644
--- a/README-fa.md
+++ b/README-fa.md
@@ -73,11 +73,11 @@
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;برای دپلوی‌هایتان، یک راه‌حل با قابلیت عقبگرد (rollback) طراحی کنید.
 
 ## Monitoring
-- [ ] Use centralized logins for all services and components.
-- [ ] Use agents to monitor all traffic, errors, requests, and responses.
-- [ ] Use alerts for SMS, Slack, Email, Telegram, Kibana, Cloudwatch, etc.
-- [ ] Ensure that you aren't logging any sensitive data like credit cards, passwords, PINs, etc.
-- [ ] Use an IDS and/or IPS system to monitor your API requests and instances.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;از لاگین های متمرکز برای همه سرویس ها و مؤلفه ها استفاده کنید.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;از agent ها برای مانیتور همه ترافیک, خطاها, درخواست‌ها و پاسخ‌ها استفاده کنید.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;از alert ها برای اس ام اس, Slack, ایمیل, Telegram, Kibana, Cloudwatch و غیره استفاده کنید.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;اطمینان حاصل کنید که هیچ گونه داده حساسی مانند کارت های اعتباری، رمزهای عبور، پین ها و غیره را ثبت نمی کنید.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;از یک سیستم IDS و/یا IPS برای مانیتور درخواست ها API و نمونه های خود استفاده کنید.
 
 
 ---

From 2e0e115690d3fa984c7ef3ce0d36c50f46a0f0ed Mon Sep 17 00:00:00 2001
From: Alex Savage <alex.savage@oneadvanced.com>
Date: Tue, 14 Feb 2023 15:20:29 +0000
Subject: [PATCH 119/149] Update README.md

---
 README.md | 19 ++++++++++++++-----
 1 file changed, 14 insertions(+), 5 deletions(-)

diff --git a/README.md b/README.md
index 4fbdace..fed4c24 100644
--- a/README.md
+++ b/README.md
@@ -1,18 +1,20 @@
 [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # API Security Checklist
-Checklist of the most important security countermeasures when designing, testing, and releasing your API.
 
+Checklist of the most important security countermeasures when designing, testing, and releasing your API.
 
 ---
 
 ## Authentication
+
 - [ ] Don't use `Basic Auth`. Use standard authentication instead (e.g., [JWT](https://jwt.io/)).
 - [ ] Don't reinvent the wheel in `Authentication`, `token generation`, `password storage`. Use the standards.
 - [ ] Use `Max Retry` and jail features in Login.
 - [ ] Use encryption on all sensitive data.
 
 ### JWT (JSON Web Token)
+
 - [ ] Use a random complicated key (`JWT Secret`) to make brute forcing the token very hard.
 - [ ] Don't extract the algorithm from the header. Force the algorithm in the backend (`HS256` or `RS256`).
 - [ ] Make token expiration (`TTL`, `RTTL`) as short as possible.
@@ -20,21 +22,24 @@ Checklist of the most important security countermeasures when designing, testing
 - [ ] Avoid storing too much data. JWT is usually shared in headers and they have a size limit.
 
 ## Access
+
 - [ ] Limit requests (Throttling) to avoid DDoS / brute-force attacks.
 - [ ] Use HTTPS on server side with TLS 1.2+ and secure ciphers to avoid MITM (Man in the Middle Attack).
 - [ ] Use `HSTS` header with SSL to avoid SSL Strip attacks.
 - [ ] Turn off directory listings.
-- [ ] For private APIs, allow access only from whitelisted IPs/hosts.
+- [ ] For private APIs, allow access only from safelisted IPs/hosts.
 
 ## Authorization
 
 ### OAuth
-- [ ] Always validate `redirect_uri` server-side to allow only whitelisted URLs.
+
+- [ ] Always validate `redirect_uri` server-side to allow only safelisted URLs.
 - [ ] Always try to exchange for code and not tokens (don't allow `response_type=token`).
 - [ ] Use `state` parameter with a random hash to prevent CSRF on the OAuth authorization process.
 - [ ] Define the default scope, and validate scope parameters for each application.
 
 ## Input
+
 - [ ] Use the proper HTTP method according to the operation: `GET (read)`, `POST (create)`, `PUT/PATCH (replace/update)`, and `DELETE (to delete a record)`, and respond with `405 Method Not Allowed` if the requested method isn't appropriate for the requested resource.
 - [ ] Validate `content-type` on request Accept header (Content Negotiation) to allow only your supported format (e.g., `application/xml`, `application/json`, etc.) and respond with `406 Not Acceptable` response if not matched.
 - [ ] Validate `content-type` of posted data as you accept (e.g., `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json`, etc.).
@@ -44,6 +49,7 @@ Checklist of the most important security countermeasures when designing, testing
 - [ ] Use an API Gateway service to enable caching, Rate Limit policies (e.g., `Quota`, `Spike Arrest`, or `Concurrent Rate Limit`) and deploy APIs resources dynamically.
 
 ## Processing
+
 - [ ] Check if all the endpoints are protected behind authentication to avoid broken authentication process.
 - [ ] User own resource ID should be avoided. Use `/me/orders` instead of `/user/654321/orders`.
 - [ ] Don't auto-increment IDs. Use `UUID` instead.
@@ -55,6 +61,7 @@ Checklist of the most important security countermeasures when designing, testing
 - [ ] Use non-executable stacks when available.
 
 ## Output
+
 - [ ] Send `X-Content-Type-Options: nosniff` header.
 - [ ] Send `X-Frame-Options: deny` header.
 - [ ] Send `Content-Security-Policy: default-src 'none'` header.
@@ -64,6 +71,7 @@ Checklist of the most important security countermeasures when designing, testing
 - [ ] Return the proper status code according to the operation completed. (e.g., `200 OK`, `400 Bad Request`, `401 Unauthorized`, `405 Method Not Allowed`, etc.).
 
 ## CI & CD
+
 - [ ] Audit your design and implementation with unit/integration tests coverage.
 - [ ] Use a code review process and disregard self-approval.
 - [ ] Ensure that all components of your services are statically scanned by AV software before pushing to production, including vendor libraries and other dependencies.
@@ -72,20 +80,21 @@ Checklist of the most important security countermeasures when designing, testing
 - [ ] Design a rollback solution for deployments.
 
 ## Monitoring
+
 - [ ] Use centralized logins for all services and components.
 - [ ] Use agents to monitor all traffic, errors, requests, and responses.
 - [ ] Use alerts for SMS, Slack, Email, Telegram, Kibana, Cloudwatch, etc.
 - [ ] Ensure that you aren't logging any sensitive data like credit cards, passwords, PINs, etc.
 - [ ] Use an IDS and/or IPS system to monitor your API requests and instances.
 
-
 ---
 
 ## See also:
-- [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) - A collection of useful resources for building RESTful HTTP+JSON APIs.
 
+- [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) - A collection of useful resources for building RESTful HTTP+JSON APIs.
 
 ---
 
 # Contribution
+
 Feel free to contribute by forking this repository, making some changes, and submitting pull requests. For any questions drop us an email at `team@shieldfy.io`.

From 741bbabeb5871a9fd44cffc645551416a20ae666 Mon Sep 17 00:00:00 2001
From: ardaozceviz <ardaozceviz@hotmail.com>
Date: Thu, 16 Feb 2023 21:56:54 +0100
Subject: [PATCH 120/149] remove empty spaces, capitalize a title

---
 README-tr.md | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/README-tr.md b/README-tr.md
index 28a84ff..1d435b8 100644
--- a/README-tr.md
+++ b/README-tr.md
@@ -78,14 +78,12 @@ API'nizi tasarlarken, test ederken ve yayınlarken en önemli güvenlik önlemle
 - [ ] Kredi kartları, parolalar, PIN'ler, vb. hassas verileri günlüğe kaydetmediğinizden emin olun.
 - [ ] API isteklerinizi ve örneklerinizi izlemek için bir IDS ve/veya IPS sistemi kullanın.
 
-
 ---
 
 ## Ek kaynaklar:
 - [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) - RESTful HTTP+JSON API'leri oluşturmak için kullanışlı kaynakların bir koleksiyonu.
 
-
 ---
 
-# katkı
+# Katkı
 Bu depoyu forklayarak, bazı değişiklikler yaparak ve pull requests göndererek katkıda bulunmaktan çekinmeyin. Herhangi bir sorunuz için bize bir e-posta bırakın: `team@shieldfy.io`.

From 32134869440911f82e04a61831cdfa5b0ec04296 Mon Sep 17 00:00:00 2001
From: Prasanth c41m <58906808+prasanthc41m@users.noreply.github.com>
Date: Wed, 22 Mar 2023 14:29:37 +0530
Subject: [PATCH 121/149] Update README-ml.md

---
 README-ml.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README-ml.md b/README-ml.md
index a5af892..1bc57dd 100644
--- a/README-ml.md
+++ b/README-ml.md
@@ -14,7 +14,7 @@
 
 ### JWT (JSON വെബ് ടോക്കൺ)
 - [ ] ഒരു റാൻഡം കോംപ്ലിക്കേറ്റഡ് കീ ( `JWT Secret`) ഉപയോഗിച്ച് ടോക്കണിനെ ബ്രൂട്ട് ഫോഴ്‌സ് ചെയ്യുന്നത് ബുദ്ധിമുട്ടുള്ളതാക്കാം.
-- [ ] ഹെയ്ഡറിൽ നിന്ന് അൽഗോരിതം വേര്തിരിച്ചെടുക്കരുത്. അൽഗോരിതത്തെ ബെക്കൻഡിൽ തന്നെ നിലനിർത്തുക (`HS256` അല്ലെങ്കിൽ `RS256`).
+- [ ] ഹെയ്ഡറിൽ നിന്ന് അൽഗോരിതം വേര്തിരിച്ചെടുക്കരുത്. അൽഗോരിതത്തെ ബേക്ക്എന്റിൽ തന്നെ നിലനിർത്തുക (`HS256` അല്ലെങ്കിൽ `RS256`).
 - [ ] ടോക്കൺ കാലഹരണപ്പെടൽ (` TTL`, `RTTL`) കഴിയുന്നത്ര ചെറുതാക്കുക.
 - [ ] സെൻസിറ്റീവ് ഡാറ്റ JWT പേലോഡിൽ സൂക്ഷിക്കരുത്, അത് [എളുപ്പത്തിൽ](https://jwt.io/#debugger-io) ഡീകോഡ് ചെയ്യാം .
 - [ ] വളരെയധികം ഡാറ്റ സൂക്ഷിക്കുന്നത് ഒഴിവാക്കുക. JWT സാധാരണയായി headerകളിൽ പങ്കിടുന്നു, അവയ്‌ക്ക് വലുപ്പ പരിധിയുണ്ട്.

From a18bb51bfef72b9d5f8d8eb8f528caf3f66d2f96 Mon Sep 17 00:00:00 2001
From: Caleb Mazalevskis <maikuolan@gmail.com>
Date: Fri, 31 Mar 2023 13:24:59 +0800
Subject: [PATCH 122/149] Remove whitespace.

---
 README-bn.md | 2 +-
 README-fa.md | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/README-bn.md b/README-bn.md
index b861652..0695811 100644
--- a/README-bn.md
+++ b/README-bn.md
@@ -65,7 +65,7 @@
 
 ## CI & CD
 - [ ] আপনার পরিকল্পনা এবং বাস্তবায়ন যাচাই করুন unit/integration tests coverage এর সাথে।
-- [ ] কোড পুনঃমূল্যায়ন প্রক্রিয়া ব্যবহার করুন এবং নিজের অনুমোদন উপেক্ষা করুন। 
+- [ ] কোড পুনঃমূল্যায়ন প্রক্রিয়া ব্যবহার করুন এবং নিজের অনুমোদন উপেক্ষা করুন।
 - [ ] নিশ্চিত করেন যেন আপনার সেবার সবগুলো উপাদান স্থিতিশীলভাবে AV সফটওয়্যার দ্বারা স্ক্যান করা থাকে production এ যাওয়ার আগেই, বিক্রেতা লাইব্রেরি এবং অন্যান্য নির্ভরতা সহ।
 - [ ] ক্রমাগত নিরাপত্তা পরীক্ষা চালান (স্থির/গতিশীল বিশ্লেষণ) আপনার কোডে।
 - [ ] আপনার নির্ভরতা চেক করুন (দুইটাই software এবং OS) পরিচিত দুর্বলতার জন্য।
diff --git a/README-fa.md b/README-fa.md
index 3c637e1..112e27b 100644
--- a/README-fa.md
+++ b/README-fa.md
@@ -39,7 +39,7 @@
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;از متد HTTP مناسب با توجه به نوع عملیات استفاده کنید: `GET` برای خواندن، `POST` برای ایجاد کردن، `PUT/PATCH` برای جایگزین یا بروزرسانی و `DELETE` برای حذف یک رکورد، و در صورتی‌که متد درخواستی برای منبع درخواست‌شده مناسب نباشد با `405 Method Not Allowed` پاسخ بدهید.
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;مقدار `content-type` را در هدر Accept رکوئست (مذاکره محتوا یا Content Negotiation) اعتبارسنجی کنید تا فقط به فرمت‌های مورد پشتیبانی اجازه داده شود (مثلا `application/xml`، `application/json` و ...). و در صورت عدم تطابق با یک پاسخ `406 Not Acceptable` پاسخ دهید.
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;مقدار `content-type` در داده‌ی پست‌شده را اعتبارسنجی کنید (مثلا `application/x-www-form-urlencoded`، `multipart/form-data`، `application/json` و ...).
-- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;ورودی کاربر را اعتبارسنجی کنید تا از آسیب‌پذیری‌های معمول جلوگیری شود (مثلا `XSS`، `SQL-Injection` و `Remote Code Execution`). 
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;ورودی کاربر را اعتبارسنجی کنید تا از آسیب‌پذیری‌های معمول جلوگیری شود (مثلا `XSS`، `SQL-Injection` و `Remote Code Execution`).
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;هیچ داده‌ی حساسی مثل (داده‌های اعتبارسنجی، پسوورد‌ها، توکن‌های امنیتی یا کلید‌های API) را داخل URL قرار ندهید و از هدر Authorization استاندارد استفاده کنید.
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;فقط از رمزگذاری سمت سرور استفاده کنید.
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;از یک سرویس API Gateway استفاده کنید تا کش‌کردن و سیاست‌های Rate Limit (مثلا `Quota`، `Spike Arrest` یا `Concurrent Rate Limit`) فعال شوند و منابع APIها را به صورت داینامیک دپلوی کنید.

From 49565496d6066383f1f602898250858d42651dfb Mon Sep 17 00:00:00 2001
From: Saleumsack KEOBOUALAY <saleumsack16@gmail.com>
Date: Wed, 19 Apr 2023 12:30:26 +1000
Subject: [PATCH 123/149] Translate Monitoring Section

---
 README-lo.md | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/README-lo.md b/README-lo.md
index 8bf9214..0ba3731 100644
--- a/README-lo.md
+++ b/README-lo.md
@@ -19,7 +19,7 @@ Checklist ທີ່ຕ້ອງໃຫ້ຄວາມສຳຄັນເມື່
 - [ ] ບໍ່ຄວນເກັບຂໍ້ມູນທີ່ສຳຄັນໃນ payload ຂອງ JWT ເພາະອາດຈະຖືກແກະໄດ້ [ງ່າຍ](https://jwt.io/#debugger-io).
 - [ ] ຫຼີກເວັ້ນການເກັບຮັກສາຂໍ້ມູນຫຼາຍເກີນໄປ. JWT ມັກຈະຖືກແບ່ງປັນໃນ headers ແລະພວກເຂົາມີຂອບເຂດຈໍາກັດ.
 
-## Access
+## ການເຂົ້າເຖິງ
 - [ ] ຈຳກັດຈຳນວນສູງສຸດຂອງ request ເພື່ອປ້ອງກັນ DDoS / Bruteforce.
 - [ ] ໃຊ້ https ເພື່ອປ້ອງກັນ MITM (Man In The Middle Attack).
 - [ ] ໃຊ້ `HSTS` header ກັບ SSL ເພື່ອປ້ອງກັນ SSL Strip attack.
@@ -71,12 +71,12 @@ Checklist ທີ່ຕ້ອງໃຫ້ຄວາມສຳຄັນເມື່
 - [ ] ກວດເບິ່ງຄວາມເພິ່ງພາອາໄສຂອງທ່ານ (ທັງຊອບແວ ແລະ OS) ສໍາລັບຊ່ອງໂຫວ່ທີ່ຮູ້ຈັກ.
 - [ ] ອອກແບບວິທີ rollback ໄວ້ກ່ອນຈະນຳຂຶ້ນໄປ ເພາະເວລາເກີດບັນຈະໄດ້ຍ້ອນກັບມາໃຊ້ version ເກົ່າໄປກ່ອນໄດ້ (ອາດເຈິໄດ້ຫຼາຍໃນຕອນພັດທະນາ feature ໃໝ່ໆ).
 
-## Monitoring
-- [ ] Use centralized logins for all services and components.
-- [ ] Use agents to monitor all traffic, errors, requests, and responses.
-- [ ] Use alerts for SMS, Slack, Email, Telegram, Kibana, Cloudwatch, etc.
-- [ ] Ensure that you aren't logging any sensitive data like credit cards, passwords, PINs, etc.
-- [ ] Use an IDS and/or IPS system to monitor your API requests and instances.
+## ການຕິດຕາມ
+- [ ] ໃຊ້ການເຂົ້າສູ່ລະບົບແບບສູນກາງສຳລັບທຸກ services ແລະ components.
+- [ ] ໃຊ້ agents ເພື່ອການຕິດຕາມ traffic ທັງໝົດ, ບັນຫາ, requests ແລະ reponses.
+- [ ] ໃຊ້ແຈ້ງເຕືອນສຳລັບ SMS, Slack, Email, Telegram, Kibana, Cloudwatch, ແລະ ອື່ນໆ.
+- [ ] ໝັ້ນໃຈວ່າທ່ານບໍ່ໄດ້ເຂົ້າເຖິງຂໍ້ມູນ sensitive ຕົວຢ່າງ ບັດເຄດິດ, ລະຫັດ, ລະຫັດບັດ ແລະ ອື່ນໆ.
+- [ ] ນຳໃຊ້ IDS ແລະ/ຫຼື ລະບະບົ IPS ເພື່ອຕິດຕາມ API requests ແລະ intances ຂອງທ່ານ.
 
 
 ---
@@ -87,5 +87,5 @@ Checklist ທີ່ຕ້ອງໃຫ້ຄວາມສຳຄັນເມື່
 
 ---
 
-# Contribution
-Feel free to contribute by forking this repository, making some changes, and submitting pull requests. For any questions drop us an email at `team@shieldfy.io`.
+# ມີສ່ວນຮ່ວມ
+ບໍ່ຕ້ອງລັງເລທີຈະມີສ່ວນຮ່ວມໂດຍການ fork repository ນີ້, ປ່ຽນແປງບາງຢ່າງ ແລະ submit pull request. ສຳລັບຄຳຖາມເພີ່ມເຕີມແມ່ນສົ່ງມາທີອີເມວນີ້ `team@shieldfy.io`.

From 32a6c463ed5bb06c3bc1bebe1283eb91c6ec31c9 Mon Sep 17 00:00:00 2001
From: Saleumsack KEOBOUALAY <saleumsack16@gmail.com>
Date: Wed, 19 Apr 2023 12:38:22 +1000
Subject: [PATCH 124/149] Update the Lao language link's text. Make it more
 understandable.

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index fed4c24..cd8e9db 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,4 @@
-[繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # API Security Checklist
 

From 22b2290b73bc8360744c5a69e845c9deb0f08021 Mon Sep 17 00:00:00 2001
From: Caleb Mazalevskis <maikuolan@gmail.com>
Date: Wed, 19 Apr 2023 11:42:17 +0800
Subject: [PATCH 125/149] Sync.

---
 README-ar.md    | 2 +-
 README-bn.md    | 2 +-
 README-cs.md    | 2 +-
 README-de.md    | 2 +-
 README-el.md    | 2 +-
 README-es.md    | 2 +-
 README-fa.md    | 2 +-
 README-fr.md    | 2 +-
 README-hi.md    | 2 +-
 README-id.md    | 2 +-
 README-it.md    | 2 +-
 README-ja.md    | 2 +-
 README-ko.md    | 2 +-
 README-mk.md    | 2 +-
 README-ml.md    | 2 +-
 README-mn.md    | 2 +-
 README-nl.md    | 2 +-
 README-pl.md    | 2 +-
 README-pt_BR.md | 2 +-
 README-ru.md    | 2 +-
 README-th.md    | 2 +-
 README-tr.md    | 2 +-
 README-tw.md    | 2 +-
 README-uk.md    | 2 +-
 README-vi.md    | 2 +-
 README-zh.md    | 2 +-
 26 files changed, 26 insertions(+), 26 deletions(-)

diff --git a/README-ar.md b/README-ar.md
index 5a49999..812f4e7 100644
--- a/README-ar.md
+++ b/README-ar.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 <div dir="rtl">
 
diff --git a/README-bn.md b/README-bn.md
index 0695811..adf5de2 100644
--- a/README-bn.md
+++ b/README-bn.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # API নিরাপত্তা তালিকা
 তালিকা করুন সবচেয়ে গুরুত্বপূর্ন নিরাপত্তা পাল্টা ব্যবস্থা যখন পরিকল্পনা, পরীক্ষামূলক, এবং নিষ্কৃতি করছেন আপনার API।
diff --git a/README-cs.md b/README-cs.md
index 3f78d78..d77ffdf 100644
--- a/README-cs.md
+++ b/README-cs.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # Seznam API zabezpečení
 Kontrolní seznam nejdůležitějších bezpečnostních opatření při návrhu, testování a uvolňování rozhraní API.
diff --git a/README-de.md b/README-de.md
index ca4d23c..1530c62 100644
--- a/README-de.md
+++ b/README-de.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # API Security Checkliste
 Checkliste für die wichtigsten Sicherheitsmaßnahmen beim Designen, Testen und Veröffentlichen deiner API.
diff --git a/README-el.md b/README-el.md
index 58ef22c..f1501cc 100644
--- a/README-el.md
+++ b/README-el.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # API λίστα ελέγχου ασφαλείας
 Λίστα με τα πιο σημαντικά μέτρα ασφαλείας στον σχεδιασμό, έλεγχο, και την έκδοση του API σας.
diff --git a/README-es.md b/README-es.md
index 65b432c..10e976a 100644
--- a/README-es.md
+++ b/README-es.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # Lista de seguridad en APIs
 Lista de las contramedidas de seguridad más importantes en cuanto al diseño, testing y publicación de tu API.
diff --git a/README-fa.md b/README-fa.md
index 112e27b..0599ce1 100644
--- a/README-fa.md
+++ b/README-fa.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 <div dir="rtl">
 
diff --git a/README-fr.md b/README-fr.md
index e43e425..013194d 100644
--- a/README-fr.md
+++ b/README-fr.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # API Security Checklist
 Checklist des points de sécurité les plus importants lors de la conception, du test et de la mise en production de votre API.
diff --git a/README-hi.md b/README-hi.md
index bc41fcb..10c2865 100644
--- a/README-hi.md
+++ b/README-hi.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # API सुरक्षा जांच-सूची
 अपने API को डिजाइन करने, परीक्षण करने और जारी करने के दौरान सबसे महत्वपूर्ण सुरक्षा प्रतिवाद की जांच सूची|
diff --git a/README-id.md b/README-id.md
index 6492f5c..c295693 100644
--- a/README-id.md
+++ b/README-id.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # Checklist Keamanan API
 Checklist penanggulangan keamanan yang paling penting ketika merancang, menguji, dan melepaskan API ke khalayak
diff --git a/README-it.md b/README-it.md
index d55ec68..fc85b6c 100644
--- a/README-it.md
+++ b/README-it.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # Checklist per la sicurezza delle API
 Una checklist per le più importanti contromisure da mettere in pratica quando strutturiamo, testiamo e rilasciamo le nostre API.
diff --git a/README-ja.md b/README-ja.md
index 47de4b8..13a57fc 100644
--- a/README-ja.md
+++ b/README-ja.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [한국어](./README-ko.md) | [ລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # APIセキュリティチェックリスト
 APIを設計、テスト、リリースするときの最も重要なセキュリティ対策のチェックリスト
diff --git a/README-ko.md b/README-ko.md
index 75ed52d..c549f7b 100644
--- a/README-ko.md
+++ b/README-ko.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [ລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # API 보안 점검표
 API를 설계하고, 테스트하고, 배포할 때 고려해야 할 중요한 보안 대책에 대한 점검 목록입니다.
diff --git a/README-mk.md b/README-mk.md
index 5db6103..83f596a 100644
--- a/README-mk.md
+++ b/README-mk.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ລາວ](./README-lo.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # API Безбедносна контролна листа
 Безбедносна контролна листа од најважните безбедносни контрамерки при дизајнирање, тестирање и пуштање во употреба на вашето API.
diff --git a/README-ml.md b/README-ml.md
index 1bc57dd..8fdfc3e 100644
--- a/README-ml.md
+++ b/README-ml.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # API സുരക്ഷാ ചെക്ക്‌ലിസ്റ്റ്
 നിങ്ങളുടെ API ഡിസൈൻ ചെയ്യുമ്പോഴും ടെസ്റ്റ് ചെയ്യുമ്പോഴും റിലീസ് ചെയ്യുമ്പോഴും പാലിക്കേണ്ട ഏറ്റവും പ്രധാനപ്പെട്ട സുരക്ഷാ പ്രതിരോധ നടപടികളുടെ ചെക്ക്‌ലിസ്റ്റ്.
diff --git a/README-mn.md b/README-mn.md
index d004071..11fc331 100644
--- a/README-mn.md
+++ b/README-mn.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # API Аюулгүйн жагсаалт
 API гаргах, загварчлах, тестлэхэд аюулгүйн талаас авах сөрөг арга хэмжээний жагсаалт.
diff --git a/README-nl.md b/README-nl.md
index a0e8692..e98a11c 100644
--- a/README-nl.md
+++ b/README-nl.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # API Security Checklist
 Checklist met de belangrijkste tegenmaatregelen bij het ontwerpen, testen en uitbrengen van een API.
diff --git a/README-pl.md b/README-pl.md
index 899ff56..8f24863 100644
--- a/README-pl.md
+++ b/README-pl.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # Lista kontrolna bezpieczeństwa API
 Lista kontrolna najważniejszych metod zabezpieczenia podczas projektowania, testowania oraz wypuszczania własnego API.
diff --git a/README-pt_BR.md b/README-pt_BR.md
index e0f21eb..ddc41b7 100644
--- a/README-pt_BR.md
+++ b/README-pt_BR.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # API Security Checklist
 Lista das mais importantes medidas de segurança para o desenvolvimento, teste e publicação da sua API.
diff --git a/README-ru.md b/README-ru.md
index 1f3ae31..675ab86 100644
--- a/README-ru.md
+++ b/README-ru.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # Контрольный список безопасности API
 Чеклист наиболее важных контрмер по безопасности при разработке, тестировании и выпуске вашего API.
diff --git a/README-th.md b/README-th.md
index 425372e..7175b3c 100644
--- a/README-th.md
+++ b/README-th.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # API Security Checklist
 Checklist ที่ต้องให้ความสำคัญเมื่อมีการสร้าง API ในช่วงการออกแบบ ทดสอบระบบ และการปล่อยให้คนนอกใช้
diff --git a/README-tr.md b/README-tr.md
index 1d435b8..7bad1a5 100644
--- a/README-tr.md
+++ b/README-tr.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # API Güvenlik Kontrol Listesi
 
diff --git a/README-tw.md b/README-tw.md
index 4314110..c14c25c 100644
--- a/README-tw.md
+++ b/README-tw.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # 開發安全的 API 所需要核對的清單
 以下是當你在設計, 測試以及發佈你的 API 的時候所需要核對的重要安全措施.
diff --git a/README-uk.md b/README-uk.md
index bccc27e..eb96b5f 100644
--- a/README-uk.md
+++ b/README-uk.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md)
 
 # Контрольний список безпеки API
 Контрольний список найбільш важливих контрзаходів безпеки при розробці, тестуванні та випуску вашого API.
diff --git a/README-vi.md b/README-vi.md
index 0f03c18..93a90a9 100644
--- a/README-vi.md
+++ b/README-vi.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md)
 
 # Danh sách các giải pháp an toàn cho API
 Những giải pháp an toàn và cách khắc phục khi thiết kế, kiểm tra và phát hành API cho ứng dụng của bạn.
diff --git a/README-zh.md b/README-zh.md
index efeca47..411f23d 100644
--- a/README-zh.md
+++ b/README-zh.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # 开发安全的 API 所需要核对的清单
 

From bd3b96dddca4794df13dd077731bbbe52c163755 Mon Sep 17 00:00:00 2001
From: Caleb Mazalevskis <maikuolan@gmail.com>
Date: Wed, 19 Apr 2023 11:58:22 +0800
Subject: [PATCH 126/149] Sync.

---
 README-mk.md | 20 ++++++++++----------
 README-pl.md |  2 +-
 2 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/README-mk.md b/README-mk.md
index 83f596a..fddb5fd 100644
--- a/README-mk.md
+++ b/README-mk.md
@@ -26,7 +26,7 @@
 - [ ] Исклучете ги списоците на директориуми.
 - [ ] За приватни API, дозволете пристап само од IP-а/домаќини на белата листа.
 
-## Authorization
+## Овластување
 
 ### OAuth
 - [ ] Секогаш проверувајте ја `redirect_uri` од страна на серверот за да дозволите само бела листа на адреси.
@@ -43,7 +43,7 @@
 - [ ] Користете само шифрирање од страна на серверот.
 - [ ] Користете API Gateway-услуга за да овозможите кеширање, политики за ограничување на тарифите (пр. `Quota`, `Spike Arrest`, `Concurrent Rate Limit`) и динамички да ги распоредите ресурсите за API-то.
 
-## Processing
+## Обработка
 - [ ] Проверете дали сите крајните точки се заштитени зад автентичност за да се избегне скршен процес на автентикација.
 - [ ] Треба да се избегнува идентификација на сопствени ресурси на сопственикот. Користете `/ me / orders` наместо` / user / 654321 / orders`.
 - [ ] Не автоматско зголемување на ID-ите. Наместо тоа, употребете `UUID`.
@@ -71,12 +71,12 @@
 - [ ] Проверете ги вашите зависности (и софтвер и ОС) за познати пропусти.
 - [ ] Дизајн на rollback за во продукција.
 
-## Monitoring
-- [ ] Use centralized logins for all services and components.
-- [ ] Use agents to monitor all traffic, errors, requests, and responses.
-- [ ] Use alerts for SMS, Slack, Email, Telegram, Kibana, Cloudwatch, etc.
-- [ ] Ensure that you aren't logging any sensitive data like credit cards, passwords, PINs, etc.
-- [ ] Use an IDS and/or IPS system to monitor your API requests and instances.
+## Мониторинг
+- [ ] Користете централизирани логин за сите услуги и компоненти.
+- [ ] Користете агенти за следење на целиот сообраќај, грешки, барања и одговори.
+- [ ] Користете предупредувања за SMS, Slack, Е-пошта, Telegram, Kibana, Cloudwatch, итн.
+- [ ] Осигурете се дека не внесувате чувствителни податоци како кредитни картички, лозинки, PIN-кодови, итн.
+- [ ] Користете IDS и/или IPS систем за следење на вашите барања и примери на API.
 
 
 ---
@@ -87,5 +87,5 @@
 
 ---
 
-# Contribution
-Feel free to contribute by forking this repository, making some changes, and submitting pull requests. For any questions drop us an email at `team@shieldfy.io`.
+# Придонес
+Слободно можете да придонесете со forking на ова repository, правење некои промени и поднесување pull request. За какви било прашања испратете ни е-пошта на `team@shieldfy.io`.
diff --git a/README-pl.md b/README-pl.md
index 8f24863..38ca2b0 100644
--- a/README-pl.md
+++ b/README-pl.md
@@ -87,4 +87,4 @@ Lista kontrolna najważniejszych metod zabezpieczenia podczas projektowania, tes
 ---
 
 # Contribution
-Feel free to contribute by forking this repository, making some changes, and submitting pull requests. For any questions drop us an email at `team@shieldfy.io`.
+Możesz wnieść swój wkład, tworząc fork tego repozytorium, wprowadzając pewne zmiany i przesyłając pull request. W przypadku jakichkolwiek pytań napisz do nas email na adres `team@shieldfy.io`.

From fcb90c61409eb4dee582ef9c1f05b2752725ce76 Mon Sep 17 00:00:00 2001
From: Prasanth c41m <58906808+prasanthc41m@users.noreply.github.com>
Date: Tue, 9 May 2023 18:47:01 +0530
Subject: [PATCH 127/149] Update README-ml.md

Translated Monitoring section
---
 README-ml.md | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/README-ml.md b/README-ml.md
index 8fdfc3e..514cd6f 100644
--- a/README-ml.md
+++ b/README-ml.md
@@ -72,11 +72,11 @@
 - [ ] ഡിപ്ലോയ്‌മെന്റിനായി ഒരു റോൾബാക്ക് പരിഹാരം രൂപകൽപ്പന ചെയ്യുക.
 
 ## Monitoring
-- [ ] Use centralized logins for all services and components.
-- [ ] Use agents to monitor all traffic, errors, requests, and responses.
-- [ ] Use alerts for SMS, Slack, Email, Telegram, Kibana, Cloudwatch, etc.
-- [ ] Ensure that you aren't logging any sensitive data like credit cards, passwords, PINs, etc.
-- [ ] Use an IDS and/or IPS system to monitor your API requests and instances.
+- [ ] എല്ലാ സേവനങ്ങൾക്കും ഘടകങ്ങൾക്കുമായി കേന്ദ്രീകൃത ലോഗിനുകൾ ഉപയോഗിക്കുക.
+- [ ] എല്ലാ ട്രാഫിക്കും എററുകളും റിക്യുസ്റ്റുകളും റെസ്പോണ്ട്സുകളും നിരീക്ഷിക്കാൻ ഏജന്റ്സ് ഉപയോഗിക്കുക.
+- [ ] SMS, Slack, Email, Telegram, Kibana, Cloudwatch മുതലായവയ്‌ക്കായി അലേർട്ടുകൾ ഉപയോഗിക്കുക.
+- [ ] ക്രെഡിറ്റ് കാർഡുകൾ, പാസ്‌വേഡുകൾ, പിന്നുകൾ മുതലായവ പോലുള്ള സെൻസിറ്റീവ് ഡാറ്റയൊന്നും നിങ്ങൾ ലോഗ് ചെയ്യുന്നില്ലെന്ന് ഉറപ്പാക്കുക.
+- [ ] നിങ്ങളുടെ API റിക്യുസ്റ്റുകളും ഇൻസ്റ്റൻസുകളും നിരീക്ഷിക്കാൻ ഒരു IDS കൂടാതെ/അല്ലെങ്കിൽ IPS സിസ്റ്റം ഉപയോഗിക്കുക.
 
 
 ---

From f6e8c7895571bf6fa4c764d84a7f9e6d76159d15 Mon Sep 17 00:00:00 2001
From: tkanzaki42 <tkanzaki@student.42tokyo.jp>
Date: Wed, 12 Jul 2023 15:10:33 +0900
Subject: [PATCH 128/149] Fix mixed forms in ja

---
 README-ja.md | 26 +++++++++++++-------------
 1 file changed, 13 insertions(+), 13 deletions(-)

diff --git a/README-ja.md b/README-ja.md
index 13a57fc..ee682ec 100644
--- a/README-ja.md
+++ b/README-ja.md
@@ -17,14 +17,14 @@ APIを設計、テスト、リリースするときの最も重要なセキュ
 - [ ] ペイロードからアルゴリズムを抽出しないこと。アルゴリズムは必ずバックエンド処理のみとする（`HS256`または`RS256`）。
 - [ ] トークンの有効期限（`TTL`, `RTTL`）を可能な限り短くする。
 - [ ] JWTのペイロードに機密情報を格納してはいけない。それは[簡単に](https://jwt.io/#debugger-io)復号できる。
-- [ ] あまり多くのデータを保存するに避けるください。JWTは通常header「ヘッダー」に共有され、サイズ制限があります。
+- [ ] 多くのデータを保存することを避ける。JWTは通常header「ヘッダー」に共有され、サイズ制限があるため。
 
 ## アクセス
 - [ ] DDoSやブルートフォース攻撃を回避するため、リクエストを制限（スロットリング）する。
 - [ ] MITM（Man in the Middle Attack）を防ぐため、サーバサイドではHTTPSを使用する。
 - [ ] SSL Strip attackを防ぐため、SSL化とともに`HSTS`ヘッダを設定する。
-- [ ] ディレクトリ・リストをオフにしてください。
-- [ ] プライベートAPIの場合、ホワイト・リストに登録されたIP/ホストからのアクセスのみを許可します。
+- [ ] ディレクトリ・リストをオフにする。
+- [ ] プライベートAPIの場合、ホワイト・リストに登録されたIP/ホストからのアクセスのみを許可する。
 
 ## 認可
 
@@ -40,7 +40,7 @@ APIを設計、テスト、リリースするときの最も重要なセキュ
 - [ ] POSTされたデータの`content-type`が受け入れ可能（例: `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json`等）かどうかを検証する。
 - [ ] ユーザーの入力に一般的な脆弱性が含まれていないことを検証する（例: `XSS`, `SQLインジェクション`, `リモートコード実行`等）。
 - [ ] URLの中に機密情報（`認証情報`, `パスワード`, `セキュリティトークン`）を利用せず、標準的な認証ヘッダを使用する。
-- [ ] サーバー側の暗号化のみを使用してください。
+- [ ] サーバー側の暗号化のみを使用する。
 - [ ] キャッシュ、Rate Limit policies（例: `Quota`, `Spike Arrest`, `Concurrent Rate Limit`）を有効化し、APIリソースのデプロイを動的に行うため、APIゲートウェイサービスを利用する。
 
 ## 処理
@@ -51,8 +51,8 @@ APIを設計、テスト、リリースするときの最も重要なセキュ
 - [ ] XMLファイルをパースする場合、exponential entity expansion attackによる`Billion Laughs/XML bomb`攻撃を回避するためentity expansion が有効でないことを確認する。
 - [ ] ファイルアップロードにはCDNを利用する。
 - [ ] 大量のデータを扱う場合、バックグラウンドでWorkerプロセスやキューを出来る限り使用し、レスポンスを速く返すことでHTTPブロッキングを避ける。
-- [ ] デバッグ・モードを無効にすることを忘れないでください。
-- [ ] 可能な場合は、実行不可能なスタックを使用してください。
+- [ ] デバッグ・モードを無効にすることを忘れない。
+- [ ] 可能な場合は、実行不可能なスタックを使用する。
 
 ## 出力
 - [ ] `X-Content-Type-Options: nosniff`をヘッダに付与する。
@@ -67,16 +67,16 @@ APIを設計、テスト、リリースするときの最も重要なセキュ
 - [ ] ユニットテスト/結合テストのカバレッジで、設計と実装を継続的に検査する。
 - [ ] コードレビューのプロセスを採用し、自身による承認を無視する。
 - [ ] プロダクションへプッシュする前に、ベンダのライブラリ、その他の依存関係を含め、サービスの全ての要素をアンチウイルスソフトで静的スキャンする。
-- [ ] コードに対してセキュリティ・テスト（静的/動的分析）を継続的に実行して。
-- [ ] 既知の脆弱性について、依存関係（ソフトウェアとOSの両方）を確認して。
+- [ ] コードに対してセキュリティ・テスト（静的/動的分析）を継続的に実行する。
+- [ ] 既知の脆弱性について、依存関係（ソフトウェアとOSの両方）を確認する。
 - [ ] デプロイのロールバックを用意する。
 
 ## モニタリング
-- [ ] すべてのサービスとコンポーネントに集中ログインを使用します。
-- [ ] すべてのトラフィック、エラー、リクエスト、およびレスポンスを監視ために、エージェントを使用します。
-- [ ] SMS、Slack、Email、Telegram、Kibana、Cloudwatch、などのアラートを使用します。
-- [ ] クレジット・カード、パスワード、ＰＩＮ、などの機密データをログに記録していないことを確認します。
-- [ ] ＡＰＩリクエストとインスタンスを監視ためにＩＤＳやＩＰＳシステムを使用します。
+- [ ] すべてのサービスとコンポーネントに集中ログインを使用する。
+- [ ] すべてのトラフィック、エラー、リクエスト、およびレスポンスを監視ために、エージェントを使用する。
+- [ ] SMS、Slack、Email、Telegram、Kibana、Cloudwatch、などのアラートを使用する。
+- [ ] クレジット・カード、パスワード、ＰＩＮ、などの機密データをログに記録していないことを確認する。
+- [ ] ＡＰＩリクエストとインスタンスを監視ためにＩＤＳやＩＰＳシステムを使用する。
 
 
 ---

From bca4781a6bb7adcd27805fb0483587526e317828 Mon Sep 17 00:00:00 2001
From: Zerbaliy3v <128548437+zerbaliy3v@users.noreply.github.com>
Date: Tue, 12 Dec 2023 16:35:24 -0500
Subject: [PATCH 129/149] add README-az.md

---
 README-az.md | 89 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 89 insertions(+)
 create mode 100644 README-az.md

diff --git a/README-az.md b/README-az.md
new file mode 100644
index 0000000..0ea4e95
--- /dev/null
+++ b/README-az.md
@@ -0,0 +1,89 @@
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) |[Azerbaijan](./README-az.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+
+# API təhlükəsizlik yoxlama siyahısı
+
+API-nizi tərtib edərkən, sınaqdan keçirərkən və dərc edərkən ən vacib təhlükəsizlik tədbirlərinin siyahısı.
+
+---
+
+## Autentifikasiya
+- [ ] `Basic Auth' istifadə etməyin. Bunun əvəzinə standart identifikasiya həllərindən (məsələn: [JWT](https://jwt.io/), [OAuth](https://oauth.net/) kimi) istifadə edin.
+- [ ] `Autentifikasiya`, `tokenlərin yaradılması`, `parolların saxlanması` üçün təkəri yenidən kəşf etməyə çalışmayın. Standartlardan istifadə edin.
+- [ ] `Cəhdlərin sayını` məhdudlaşdırmaqla giriş hüquqlarını məhdudlaşdırın.
+- [ ] Bütün həssas məlumatlarda şifrələmədən istifadə edin.
+
+### JWT (JSON Veb Token)
+- [ ] (`JWT Secret`) kimi təsadüfi, mürəkkəb və çətin açardan istifadə edərək, kobud qüvvə ilə şifrənin açılmasını mümkün qədər çətinləşdirin.
+- [ ] Daxil olan məlumatlara əsasən alqoritmi təyin etməyin. Bunu arxa planda reallaşdırın. ('HS256' və ya 'RS256').
+- [ ] Tokenin son istifadə tarixini (`TTL`, `RTTL`) mümkün qədər qısa edin.
+- [ ] Həssas məlumatlarınızı JWT faydalı yükünə qoymayın, o [Asanlıqla](https://jwt.io/#debugger-io) deşifrə edilə bilər.
+- [ ] Çox məlumat saxlamaqdan çəkinin. JWT adətən başlıqlarda paylaşılır və onların ölçü limiti var.
+
+## Giriş
+- [ ] Özünüzü DDoS və ya kobud güc hücumlarından qorumaq üçün sorğuları məhdudlaşdırmalısınız.
+- [ ] MITM (Man In The Middle Attack) hücumlarından qorunmaq üçün server tərəfində HTTPS-dən istifadə edin.
+- [ ] SSL Strip hücumlarından qorunmaq üçün SSL ilə `HSTS` başlığından istifadə edin.
+- [ ] Kataloq siyahılarını bağlayın.
+- [ ] Şəxsi API-lər üçün yalnız ağ siyahıya alınmış IP-lərdən/hostlardan girişə icazə verin.
+
+## Səlahiyyət
+
+### OAuth
+- [ ] Yalnız ağ siyahıya alınmış URL-lərə icazə vermək üçün həmişə server tərəfindəki `redirect_uri` məlumatını yoxlayın.
+- [ ] Həmişə işarəni deyil, kodu dəyişməyə çalışın (`response_type=token` istifadə etməyə icazə verməyin).
+- [ ] OAuth autentifikasiyası zamanı CSRF-nin qarşısını almaq üçün `state` parametrini təsadüfi olaraq hash edin.
+- [ ] Standart əhatə dairəsini təyin edin və hər bir tətbiq üçün əhatə dairəsi parametrlərini yoxlayın.
+
+## Giriş
+- [ ] Əməliyyata uyğun olaraq müvafiq HTTP metodundan istifadə edin: `GET (oxu)`, `POST (yarat)`, `PUT/PATCH (dəyişiklik etmək/yeniləmək üçün)` və `DELETE (yazı silmək üçün)`, əgər istədiyiniz üsul resurs üçün uyğun deyilsə, `405 Metoduna İcazə Verilmədi` mesajı ilə cavab verin.
+- [ ] Qəbul başlığındakı `məzmun növü` gözlədiyiniz və icazə verdiyiniz formatda olub-olmadığını yoxlayın. (məsələn, `application/xml`, `application/json` və s.) Format uyğun gəlmirsə, `406 Qəbul Edilməz` mesajı ilə cavab verin.
+- [ ] Göndərilən məlumatı təsdiq edərkən, daxil olan məlumatların 'məzmun növünü' yoxlayın (məsələn, 'application/x-www-form-urlencoded', 'multipart/form-data', 'application/json' və s.).
+- [ ] Ümumi təhlükəsizlik zəifliklərinin qarşısını almaq üçün istifadəçidən gələn hər bir məlumatı yoxlayın (məsələn, `XSS`, `SQL-Injection`, `Remote Code Execution` və s.).
+- [ ] URL-də həssas datadan (`etimadnamələr`, `Parollar`, `təhlükəsizlik nişanları` və ya `API açarları`) istifadə etməyin, lakin standart Avtorizasiya başlığından istifadə edin.
+- [ ] Yalnız server tərəfində şifrələmədən istifadə edin.
+- [ ] Keşləmə və sürət limiti siyasətlərini aktivləşdirmək (məsələn, `Kvota`, `Spike Həbs`, `Paylaşım sürəti limiti`) və API resurslarını dinamik şəkildə yaymaq üçün API Gateway xidmətindən istifadə edin.
+
+## Emal
+- [ ] Doğrulama yan keçməsinin qarşısını almaq üçün bütün proses son nöqtələrinin autentifikasiya arxasında qorunub-qorunmadığını yoxlayın.
+- [ ] İstifadəçinin öz resurs identifikatorundan istifadə etməkdən çəkinmək lazımdır. `/me/orders` əvəzinə `/user/654321/orders` istifadə edin.
+- [ ] Avtomatik artan ID-lərdən istifadə etməyin. Əvəzinə `UUID` istifadə edin.
+- [ ] XML fayllarını təhlil edirsinizsə (analiz edirsinizsə), `XXE` (XML xarici obyekt hücumu) qarşısını almaq üçün obyektin təhlilinin aktiv edilmədiyini yoxlayın.
+- [ ] Əgər XML fayllarını təhlil edirsinizsə (analiz edirsinizsə), `Milyard Gülüş/XML bomba` obyektinin genişləndirilməsi hücumu vasitəsilə obyektin genişlənməsinin qarşısını almaq üçün onun aktiv olmadığından əmin olun.
+- [ ] Fayl yükləmələri üçün CDN istifadə edin.
+- [ ] Böyük həcmdə məlumatlarla məşğul olursunuzsa, HTTP bloklanmasının qarşısını almaq üçün arxa planda işləmək və tez cavab vermək üçün mümkün qədər işçilərdən və növbələrdən istifadə edin.
+- [ ] DEBUG rejimini söndürməyi unutmayın!
+- [ ] Əgər varsa, icra olunmayan parçalardan istifadə edin.
+
+## Çıxış
+- [ ] `X-Content-Type-Options: nosniff` başlığını göndərin.
+- [ ] `X-Frame-Options: rədd et` başlığını göndərin.
+- [ ] `Məzmun-Təhlükəsizlik-Siyasəti: default-src 'heç biri'' başlığını göndərin.
+- [ ] Barmaq izi başlıqlarını silin - `X-Powered-By`, `Server`, `X-AspNet-Version` və s.
+- [ ] Sorğuya cavab olaraq `content-type` istifadə etməyə məcbur edin, əgər məlumatları `application/json` kimi qaytarsanız, `content-type` `application/json` olmalıdır.
+- [ ] Nəticədə "etimadnamələr", "parollar" və ya "təhlükəsizlik nişanları" kimi həssas məlumatları göndərməyin.
+- [ ] Əməliyyat başa çatdıqdan sonra müvafiq status kodunu qaytarın. (məsələn, `200 OK`, `400 Bad Sorğu`, `401 İcazəsiz`, `405 Metod İcazə Verilmir` və s.).
+
+## CI&CD
+- [ ] Vahid/inteqrasiya testi əhatə ölçüləri ilə dizayn və tətbiqinizi yoxlayın.
+- [ ] Kodun nəzərdən keçirilməsi prosesindən istifadə edin və öz təsdiqinizə məhəl qoymayın.
+- [ ] Kodunuzu aktivləşdirməzdən əvvəl xarici kitabxanalar və digər asılılıqlar daxil olmaqla xidmətlərinizin bütün komponentlərinin AntiVirus proqramı ilə statik olaraq skan edildiyinə əmin olun.
+- [ ] Davamlı olaraq kodunuzda təhlükəsizlik testlərini (statik/dinamik analiz) keçirin.
+- [ ] Məlum zəifliklər üçün asılılıqlarınızı (həm proqram təminatı, həm də əməliyyat sistemi) yoxlayın.
+- [ ] Yerləşdirmələr üçün ehtiyat həlli dizayn edin.
+
+## İzləmə
+- [ ] Bütün xidmətlər və komponentlər üçün mərkəzi girişdən istifadə edin.
+- [ ] Bütün trafikə, səhvlərə, sorğulara və cavablara nəzarət etmək üçün agentlərdən istifadə edin.
+- [ ] SMS, Slack, E-poçt, Telegram, Kibana, Cloudwatch və s. üçün xəbərdarlıqlardan istifadə edin.
+- [ ] Kredit kartları, parollar, PIN-lər və s. Həssas məlumatları daxil etmədiyinizə əmin olun.
+- [ ] API sorğularınızı və nümunələrinizi izləmək üçün IDS və/və ya IPS sistemindən istifadə edin.
+
+---
+
+## Əlavə resurslar:
+- [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) - RESTful HTTP+JSON API qurmaq üçün faydalı resurslar toplusu.
+
+---
+
+# Töhfə
+Bu deponu budaqlamaq, bəzi dəyişikliklər etmək və pull requests göndərməklə töhfə verməkdən çəkinməyin. Hər hansı bir sual üçün bizə bir e-poçt yazın: `team@shieldfy.io `.

From f459616f07cfb5a53676b5501d89c1bef5be80c4 Mon Sep 17 00:00:00 2001
From: Zerbaliy3v <128548437+zerbaliy3v@users.noreply.github.com>
Date: Tue, 12 Dec 2023 16:37:36 -0500
Subject: [PATCH 130/149] Update the Lao language link's text. Make it more
 understandable.

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index cd8e9db..bc72bd3 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,4 @@
-[繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md) | [Azerbaijan](./README-az.md)
 
 # API Security Checklist
 

From b5206f61bc10eae826a5765732cd0240d38619d1 Mon Sep 17 00:00:00 2001
From: Zerbaliy3v <128548437+zerbaliy3v@users.noreply.github.com>
Date: Tue, 12 Dec 2023 16:42:29 -0500
Subject: [PATCH 131/149] Sync.


From 975e45c3c0e9af96a2ac9687e889b7ef402a2d16 Mon Sep 17 00:00:00 2001
From: Zerbaliy3v <128548437+zerbaliy3v@users.noreply.github.com>
Date: Tue, 12 Dec 2023 16:44:26 -0500
Subject: [PATCH 132/149] Sync.

---
 README-az.md | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/README-az.md b/README-az.md
index 0ea4e95..b247298 100644
--- a/README-az.md
+++ b/README-az.md
@@ -74,15 +74,14 @@ API-nizi tərtib edərkən, sınaqdan keçirərkən və dərc edərkən ən vaci
 ## İzləmə
 - [ ] Bütün xidmətlər və komponentlər üçün mərkəzi girişdən istifadə edin.
 - [ ] Bütün trafikə, səhvlərə, sorğulara və cavablara nəzarət etmək üçün agentlərdən istifadə edin.
-- [ ] SMS, Slack, E-poçt, Telegram, Kibana, Cloudwatch və s. üçün xəbərdarlıqlardan istifadə edin.
+- [ ] SMS, Slack, E-poçt, Telegram, Kibana, Cloudwatch və s. xəbərdarlıqlardan istifadə edin.
 - [ ] Kredit kartları, parollar, PIN-lər və s. Həssas məlumatları daxil etmədiyinizə əmin olun.
 - [ ] API sorğularınızı və nümunələrinizi izləmək üçün IDS və/və ya IPS sistemindən istifadə edin.
 
 ---
 
 ## Əlavə resurslar:
-- [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) - RESTful HTTP+JSON API qurmaq üçün faydalı resurslar toplusu.
-
+- [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) - RESTful HTTP + JSON API qurmaq üçün faydalı resurslar toplusu.
 ---
 
 # Töhfə

From 842d71af2c8884ad50cf7cabbe68d39c9dbd5984 Mon Sep 17 00:00:00 2001
From: Zerbaliy3v <128548437+zerbaliy3v@users.noreply.github.com>
Date: Tue, 12 Dec 2023 16:51:26 -0500
Subject: [PATCH 133/149] az.md

---
 README-az.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README-az.md b/README-az.md
index b247298..56a91a7 100644
--- a/README-az.md
+++ b/README-az.md
@@ -7,7 +7,7 @@ API-nizi tərtib edərkən, sınaqdan keçirərkən və dərc edərkən ən vaci
 ---
 
 ## Autentifikasiya
-- [ ] `Basic Auth' istifadə etməyin. Bunun əvəzinə standart identifikasiya həllərindən (məsələn: [JWT](https://jwt.io/), [OAuth](https://oauth.net/) kimi) istifadə edin.
+- [ ] `Basic Auth` istifadə etməyin. Bunun əvəzinə standart identifikasiya həllərindən (məsələn: [JWT](https://jwt.io/), [OAuth](https://oauth.net/) kimi) istifadə edin.
 - [ ] `Autentifikasiya`, `tokenlərin yaradılması`, `parolların saxlanması` üçün təkəri yenidən kəşf etməyə çalışmayın. Standartlardan istifadə edin.
 - [ ] `Cəhdlərin sayını` məhdudlaşdırmaqla giriş hüquqlarını məhdudlaşdırın.
 - [ ] Bütün həssas məlumatlarda şifrələmədən istifadə edin.

From 8d052bd473eef7a5ad6c500941a7ec40dde520cd Mon Sep 17 00:00:00 2001
From: Caleb Mazalevskis <maikuolan@gmail.com>
Date: Wed, 13 Dec 2023 13:09:29 +0800
Subject: [PATCH 134/149] Sync.

---
 README-ar.md    |  2 +-
 README-az.md    | 14 +++++++++++++-
 README-bn.md    | 17 +++++++++++++----
 README-cs.md    | 17 +++++++++++++----
 README-de.md    | 17 +++++++++++++----
 README-el.md    | 17 +++++++++++++----
 README-es.md    | 17 +++++++++++++----
 README-fa.md    | 16 +++++++++++++---
 README-fr.md    | 17 +++++++++++++----
 README-hi.md    | 17 +++++++++++++----
 README-id.md    | 17 +++++++++++++----
 README-it.md    | 17 +++++++++++++----
 README-ja.md    | 17 +++++++++++++----
 README-ko.md    | 17 +++++++++++++----
 README-lo.md    | 17 +++++++++++++----
 README-mk.md    | 17 +++++++++++++----
 README-ml.md    | 17 +++++++++++++----
 README-mn.md    | 17 +++++++++++++----
 README-nl.md    | 17 +++++++++++++----
 README-pl.md    | 17 +++++++++++++----
 README-pt_BR.md | 17 +++++++++++++----
 README-ru.md    | 17 +++++++++++++----
 README-th.md    | 18 ++++++++++++++----
 README-tr.md    | 13 ++++++++++++-
 README-tw.md    | 17 +++++++++++++----
 README-uk.md    | 17 +++++++++++++----
 README-vi.md    | 17 +++++++++++++----
 README-zh.md    |  2 +-
 README.md       |  2 +-
 29 files changed, 341 insertions(+), 100 deletions(-)

diff --git a/README-ar.md b/README-ar.md
index 812f4e7..c606032 100644
--- a/README-ar.md
+++ b/README-ar.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 <div dir="rtl">
 
diff --git a/README-az.md b/README-az.md
index 56a91a7..2b67fcd 100644
--- a/README-az.md
+++ b/README-az.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) |[Azerbaijan](./README-az.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # API təhlükəsizlik yoxlama siyahısı
 
@@ -7,12 +7,14 @@ API-nizi tərtib edərkən, sınaqdan keçirərkən və dərc edərkən ən vaci
 ---
 
 ## Autentifikasiya
+
 - [ ] `Basic Auth` istifadə etməyin. Bunun əvəzinə standart identifikasiya həllərindən (məsələn: [JWT](https://jwt.io/), [OAuth](https://oauth.net/) kimi) istifadə edin.
 - [ ] `Autentifikasiya`, `tokenlərin yaradılması`, `parolların saxlanması` üçün təkəri yenidən kəşf etməyə çalışmayın. Standartlardan istifadə edin.
 - [ ] `Cəhdlərin sayını` məhdudlaşdırmaqla giriş hüquqlarını məhdudlaşdırın.
 - [ ] Bütün həssas məlumatlarda şifrələmədən istifadə edin.
 
 ### JWT (JSON Veb Token)
+
 - [ ] (`JWT Secret`) kimi təsadüfi, mürəkkəb və çətin açardan istifadə edərək, kobud qüvvə ilə şifrənin açılmasını mümkün qədər çətinləşdirin.
 - [ ] Daxil olan məlumatlara əsasən alqoritmi təyin etməyin. Bunu arxa planda reallaşdırın. ('HS256' və ya 'RS256').
 - [ ] Tokenin son istifadə tarixini (`TTL`, `RTTL`) mümkün qədər qısa edin.
@@ -20,6 +22,7 @@ API-nizi tərtib edərkən, sınaqdan keçirərkən və dərc edərkən ən vaci
 - [ ] Çox məlumat saxlamaqdan çəkinin. JWT adətən başlıqlarda paylaşılır və onların ölçü limiti var.
 
 ## Giriş
+
 - [ ] Özünüzü DDoS və ya kobud güc hücumlarından qorumaq üçün sorğuları məhdudlaşdırmalısınız.
 - [ ] MITM (Man In The Middle Attack) hücumlarından qorunmaq üçün server tərəfində HTTPS-dən istifadə edin.
 - [ ] SSL Strip hücumlarından qorunmaq üçün SSL ilə `HSTS` başlığından istifadə edin.
@@ -29,12 +32,14 @@ API-nizi tərtib edərkən, sınaqdan keçirərkən və dərc edərkən ən vaci
 ## Səlahiyyət
 
 ### OAuth
+
 - [ ] Yalnız ağ siyahıya alınmış URL-lərə icazə vermək üçün həmişə server tərəfindəki `redirect_uri` məlumatını yoxlayın.
 - [ ] Həmişə işarəni deyil, kodu dəyişməyə çalışın (`response_type=token` istifadə etməyə icazə verməyin).
 - [ ] OAuth autentifikasiyası zamanı CSRF-nin qarşısını almaq üçün `state` parametrini təsadüfi olaraq hash edin.
 - [ ] Standart əhatə dairəsini təyin edin və hər bir tətbiq üçün əhatə dairəsi parametrlərini yoxlayın.
 
 ## Giriş
+
 - [ ] Əməliyyata uyğun olaraq müvafiq HTTP metodundan istifadə edin: `GET (oxu)`, `POST (yarat)`, `PUT/PATCH (dəyişiklik etmək/yeniləmək üçün)` və `DELETE (yazı silmək üçün)`, əgər istədiyiniz üsul resurs üçün uyğun deyilsə, `405 Metoduna İcazə Verilmədi` mesajı ilə cavab verin.
 - [ ] Qəbul başlığındakı `məzmun növü` gözlədiyiniz və icazə verdiyiniz formatda olub-olmadığını yoxlayın. (məsələn, `application/xml`, `application/json` və s.) Format uyğun gəlmirsə, `406 Qəbul Edilməz` mesajı ilə cavab verin.
 - [ ] Göndərilən məlumatı təsdiq edərkən, daxil olan məlumatların 'məzmun növünü' yoxlayın (məsələn, 'application/x-www-form-urlencoded', 'multipart/form-data', 'application/json' və s.).
@@ -44,6 +49,7 @@ API-nizi tərtib edərkən, sınaqdan keçirərkən və dərc edərkən ən vaci
 - [ ] Keşləmə və sürət limiti siyasətlərini aktivləşdirmək (məsələn, `Kvota`, `Spike Həbs`, `Paylaşım sürəti limiti`) və API resurslarını dinamik şəkildə yaymaq üçün API Gateway xidmətindən istifadə edin.
 
 ## Emal
+
 - [ ] Doğrulama yan keçməsinin qarşısını almaq üçün bütün proses son nöqtələrinin autentifikasiya arxasında qorunub-qorunmadığını yoxlayın.
 - [ ] İstifadəçinin öz resurs identifikatorundan istifadə etməkdən çəkinmək lazımdır. `/me/orders` əvəzinə `/user/654321/orders` istifadə edin.
 - [ ] Avtomatik artan ID-lərdən istifadə etməyin. Əvəzinə `UUID` istifadə edin.
@@ -55,6 +61,7 @@ API-nizi tərtib edərkən, sınaqdan keçirərkən və dərc edərkən ən vaci
 - [ ] Əgər varsa, icra olunmayan parçalardan istifadə edin.
 
 ## Çıxış
+
 - [ ] `X-Content-Type-Options: nosniff` başlığını göndərin.
 - [ ] `X-Frame-Options: rədd et` başlığını göndərin.
 - [ ] `Məzmun-Təhlükəsizlik-Siyasəti: default-src 'heç biri'' başlığını göndərin.
@@ -64,6 +71,7 @@ API-nizi tərtib edərkən, sınaqdan keçirərkən və dərc edərkən ən vaci
 - [ ] Əməliyyat başa çatdıqdan sonra müvafiq status kodunu qaytarın. (məsələn, `200 OK`, `400 Bad Sorğu`, `401 İcazəsiz`, `405 Metod İcazə Verilmir` və s.).
 
 ## CI&CD
+
 - [ ] Vahid/inteqrasiya testi əhatə ölçüləri ilə dizayn və tətbiqinizi yoxlayın.
 - [ ] Kodun nəzərdən keçirilməsi prosesindən istifadə edin və öz təsdiqinizə məhəl qoymayın.
 - [ ] Kodunuzu aktivləşdirməzdən əvvəl xarici kitabxanalar və digər asılılıqlar daxil olmaqla xidmətlərinizin bütün komponentlərinin AntiVirus proqramı ilə statik olaraq skan edildiyinə əmin olun.
@@ -72,6 +80,7 @@ API-nizi tərtib edərkən, sınaqdan keçirərkən və dərc edərkən ən vaci
 - [ ] Yerləşdirmələr üçün ehtiyat həlli dizayn edin.
 
 ## İzləmə
+
 - [ ] Bütün xidmətlər və komponentlər üçün mərkəzi girişdən istifadə edin.
 - [ ] Bütün trafikə, səhvlərə, sorğulara və cavablara nəzarət etmək üçün agentlərdən istifadə edin.
 - [ ] SMS, Slack, E-poçt, Telegram, Kibana, Cloudwatch və s. xəbərdarlıqlardan istifadə edin.
@@ -81,8 +90,11 @@ API-nizi tərtib edərkən, sınaqdan keçirərkən və dərc edərkən ən vaci
 ---
 
 ## Əlavə resurslar:
+
 - [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) - RESTful HTTP + JSON API qurmaq üçün faydalı resurslar toplusu.
+
 ---
 
 # Töhfə
+
 Bu deponu budaqlamaq, bəzi dəyişikliklər etmək və pull requests göndərməklə töhfə verməkdən çəkinməyin. Hər hansı bir sual üçün bizə bir e-poçt yazın: `team@shieldfy.io `.
diff --git a/README-bn.md b/README-bn.md
index adf5de2..92cff29 100644
--- a/README-bn.md
+++ b/README-bn.md
@@ -1,18 +1,20 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # API নিরাপত্তা তালিকা
-তালিকা করুন সবচেয়ে গুরুত্বপূর্ন নিরাপত্তা পাল্টা ব্যবস্থা যখন পরিকল্পনা, পরীক্ষামূলক, এবং নিষ্কৃতি করছেন আপনার API।
 
+তালিকা করুন সবচেয়ে গুরুত্বপূর্ন নিরাপত্তা পাল্টা ব্যবস্থা যখন পরিকল্পনা, পরীক্ষামূলক, এবং নিষ্কৃতি করছেন আপনার API।
 
 ---
 
 ## প্রমাণীকরণ
+
 - [ ] `Basic Auth` ব্যাবহার করবেন না । এর পরিবর্তে standard প্রমাণীকরণ ব্যবহার করুন (যেমন [JWT](https://jwt.io/)).
 - [ ] `Authentication`, `token generation`, `password storage` এ নতুন করে চাকা উদ্ভাবন করবেন না । standards গুলোই ব্যবহার করুন ।
 - [ ] `Max Retry` এবং জেলে দেওয়া(block) বৈশিষ্ট্য সম্পূর্ণ করুন
 - [ ] সংবেদনশীল তথ্য গোপন(encryption) করে ব্যবহার করন
 
 ### JWT (JSON Web Token)
+
 - [ ] একটি এলোমেলো জটিল পিন (`JWT Secret`) ব্যবহার করুন brute forcing প্রক্রিয়া কে অনেক কঠিন করতে।
 - [ ] header থেকে অ্যালগরিদম নির্যাস(extract) করবেন না।অ্যালগরিদম টি কে ব্যাকএন্ড(backend) এ পাঠিয়ে দিন (`HS256` অথবা `RS256`) ।
 - [ ] টোকেন (`TTL`, `RTTL`) মেয়াদকাল যত কম করা যায় তা করেন ।
@@ -20,6 +22,7 @@
 - [ ] অনেক বেশি তথ্য সংরক্ষণ করবেন না। JWT এটি সাধারণত হেডার এ ভাগ করে এবং এটার একটা আয়তন সীমা আছে।
 
 ## অ্যাক্সেস
+
 - [ ] Requests এ সীমা দিয়ে দিন (Throttling) DDoS / brute-force আক্রমণ এড়ানোর জন্য।
 - [ ] সার্ভার এ HTTPS এর সাথে TLS 1.2+ এবং নিরাপদ ciphers ব্যবহার করুন MITM (Man in the Middle Attack) এড়ানোর জন্য।
 - [ ] `HSTS` header ব্যবহার করুন SSL এর সাছে SSL Strip আক্রমণ এড়ানোর জন্য।
@@ -29,12 +32,14 @@
 ## অনুমোদন
 
 ### OAuth
+
 - [ ] `redirect_uri` সব সময় সার্ভার এ যাচাই করে শুধুমাত্র সাদা তালিকাভুক্ত URLs কে গ্রহণ করবেন।
 - [ ] সর্বদা কোড বিনিময় করার চেষ্টা করুন, টোকেন নয় (`response_type=token` গ্রহণ করবেন না)।
 - [ ] OAuth অনুমোদন প্রক্রিয়া কালে CSRF আক্রমণ থেকে বাচার জন্য `state` প্যারামিটারটি সবসময় এলোমেলো hash এর সাথে বেব্যহার করবেন।
 - [ ] ডিফল্ট scope সংজ্ঞায়িত করুন, এবং প্রতিটি আবেদনের জন্য প্যারামিটারটি যাচাই করুন.
 
 ## ইনপুট
+
 - [ ] যথাযথ HTTP পদ্ধতি ব্যবহার করুন কাজ অনুযায়ী: `GET (পড়া)`, `POST (সৃষ্টি করা)`, `PUT/PATCH (প্রতিস্থাপন/হালনাগাদ)`, and `DELETE (মুছে ফেলা)`, এবং `405 Method Not Allowed` জবাব দেওয়া যদি resource এর সাথে উপযুক্ত না হয়।
 - [ ] আলাপ - আলোচনা করার সময় `content-type` টি যাচাই করুন এবং আপনার সমর্থিত বিন্যাস (যেমন, `application/xml`, `application/json`, ইত্যাদি) না হলে `406 Not Acceptable` জবাব দেওয়া।
 - [ ] পাঠানো তথ্য `content-type` টি যাচাই করুন এবং আপনার সমর্থিত বিন্যাস এর সাথে (যেমন, `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json`, ইত্যাদি)।
@@ -44,6 +49,7 @@
 - [ ] একটি API প্রবেশপথ সেবা ব্যবহার করবেন caching সক্রিয় করতে, হার সীমা নীতি (যেমন, `Quota`, `Spike Arrest`, or `Concurrent Rate Limit`) এবং গতিশীলভাবে APIs সংস্থান স্থাপন করুন।
 
 ## প্রক্রিয়াকরণ
+
 - [ ] ভাঙ্গা authentication প্রক্রিয়া এড়াতে সবগুলো endpoints প্রমাণীকরণ(authentication) সহ কাজ করছে কিনা তা যাচাই করুন।
 - [ ] ব্যবহারকারীর নিজের ID ব্যবহার করা উচিত নয়। `/user/654321/orders` না ব্যবহার করে এটা `/me/orders` ব্যবহার করুন।
 - [ ] auto-increment ID ব্যবহার না করে, `UUID` ব্যবহার করুন।
@@ -55,6 +61,7 @@
 - [ ] non-executable stacks ব্যবহার করবেন যখন সম্ভব।
 
 ## আউটপুট
+
 - [ ] `X-Content-Type-Options: nosniff` header পাঠান।
 - [ ] `X-Frame-Options: deny` header পাঠান।
 - [ ] `Content-Security-Policy: default-src 'none'` পাঠান।
@@ -64,6 +71,7 @@
 - [ ] অপারেশন অনুযায়ী যথাযথ status code পাঠাবেন (যেমন, `200 OK`, `400 Bad Request`, `401 Unauthorized`, `405 Method Not Allowed`, ইত্যাদি)।
 
 ## CI & CD
+
 - [ ] আপনার পরিকল্পনা এবং বাস্তবায়ন যাচাই করুন unit/integration tests coverage এর সাথে।
 - [ ] কোড পুনঃমূল্যায়ন প্রক্রিয়া ব্যবহার করুন এবং নিজের অনুমোদন উপেক্ষা করুন।
 - [ ] নিশ্চিত করেন যেন আপনার সেবার সবগুলো উপাদান স্থিতিশীলভাবে AV সফটওয়্যার দ্বারা স্ক্যান করা থাকে production এ যাওয়ার আগেই, বিক্রেতা লাইব্রেরি এবং অন্যান্য নির্ভরতা সহ।
@@ -72,20 +80,21 @@
 - [ ] স্থাপনার জন্য একটি রোলব্যাক সমাধান পরিকল্পনা করুন।
 
 ## মনিটরিং
+
 - [ ] সমস্ত সেবা এবং উপাদানগুলির জন্য কেন্দ্রীভূত লগইনগুলো ব্যবহার করুন৷
 - [ ] ট্র্যাফিক, ত্রুটি, অনুরোধ এবং প্রতিক্রিয়াগুলো নিরীক্ষণ করতে এজেন্ট ব্যবহার করুন।
 - [ ] SMS, Slack, Email, Telegram, Kibana, Cloudwatch, ইত্যাদির জন্য সতর্কতা ব্যবহার করুন।
 - [ ] আপনি কোন সংবেদনশীল তথ্য লগ করছেন না তা নিশ্চিত করুন যেমন credit cards, passwords, PINs, ইত্যাদি।
 - [ ] IDS অথবা IPS পদ্ধতি ব্যবহার করুন  API requests এবং instances মূল্যায়ন করতে।
 
-
 ---
 
 ## আরও দেখুন:
-- [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) -  RESTful HTTP+JSON APIs নির্মাণ করার একটি দরকারী সংগ্রহ।
 
+- [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) -  RESTful HTTP+JSON APIs নির্মাণ করার একটি দরকারী সংগ্রহ।
 
 ---
 
 # অবদান
+
 নিঃসঙ্কোচে repository টি fork করে অবদান রাখুন, কিছু পরিবর্তন করে এবং পুল অনুরোধ জমা দিয়ে নির্দ্বিধায় অবদান রাখুন। কোন প্রশ্নের জন্য আমাদের একটি ইমেল পাঠান `team@shieldfy.io`.
diff --git a/README-cs.md b/README-cs.md
index d77ffdf..463b8c7 100644
--- a/README-cs.md
+++ b/README-cs.md
@@ -1,18 +1,20 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # Seznam API zabezpečení
-Kontrolní seznam nejdůležitějších bezpečnostních opatření při návrhu, testování a uvolňování rozhraní API.
 
+Kontrolní seznam nejdůležitějších bezpečnostních opatření při návrhu, testování a uvolňování rozhraní API.
 
 ---
 
 ## Autentizace
+
 - [ ] Nepoužívejte `Basic Auth`. Místo toho použijte standardní ověřování (např. [JWT](https://jwt.io/)).
 - [ ] Nevymýšlejte znovu způsoby `ověření`, `generace tokenů`, `ukládání hesel`. Držte se standardů.
 - [ ] Používejte u loginů funkce `Maximum Pokusů` a dočasné zablokování.
 - [ ] Šifrujte všecha citlivá data.
 
 ### JWT (JSON Web Token)
+
 - [ ] Použijte náhodný a sofistikovaný klíč (`JWT Secret`), aby bylo složité token získat přes brute-force.
 - [ ] Nepoužívejte algoritmy posílané v hlavičce. Vynuťte použití algoritmů na backendu (`HS256` nebo `RS256`).
 - [ ] Zajistěte, aby platnost tokenu (`TTL`, `RTTL`) byla co nejkratší.
@@ -20,6 +22,7 @@ Kontrolní seznam nejdůležitějších bezpečnostních opatření při návrhu
 - [ ] Neukládejte v nich příliš mnoho dat. JWT se obvykle sdílí v hlavičkách a jejich velikost je omezena.
 
 ## Přístup
+
 - [ ] Omezte počet příchozích requestů (Zahlcení) aby jste předešli DDoS/brute-force útokům.
 - [ ] Na straně serveru používejte protokol HTTPS s protokolem TLS 1.2+ a bezpečnými šiframi, abyste se vyhnuli útoku MITM (Man in the Middle).
 - [ ] Použijte hlavičku `HSTS` s protokolem SSL, abyste se vyhnuli útokům SSL Strip.
@@ -29,12 +32,14 @@ Kontrolní seznam nejdůležitějších bezpečnostních opatření při návrhu
 ## Autorizace
 
 ### OAuth
+
 - [ ] Vždy ověřujte `redirect_uri` na straně serveru, abyste povolili pouze adresy URL uvedené ve whitelistu.
 - [ ] Vždy se snažte vyměňovat autorizační kód, ne přístupové tokeny (nepovolujte `response_type=token`).
 - [ ] Použijte parametr `state` s náhodným hashem, abyste zabránili CSRF v autorizačním procesu OAuth.
 - [ ] Definujte výchozí rozsah a ověřte parametry tohoto rozsahu pro každou aplikaci.
 
 ## Vstupy
+
 - [ ] Použijte správné metody HTTP podle operace: `GET (čtení)`, `POST (vkládání)`, `PUT/PATCH (nahrazení/update)`, a `DELETE (smazání záznamu)`, a odpovězte `405 Method Not Allowed` pokud požadovaná metoda není vhodná pro požadovaný prostředek.
 - [ ] Ověřte `content-type` v hlavičce požadavku Accept (Content Negotiation), abyste povolili pouze vámi podporovaný formát (např. `application/xml`, `application/json` atd.) a v případě neshody odpovězte `406 Not Acceptable`.
 - [ ] Ověřte typ `content-type` odesílaných dat tak, jak je přijímáte (např. `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json` atd.).
@@ -44,6 +49,7 @@ Kontrolní seznam nejdůležitějších bezpečnostních opatření při návrhu
 - [ ] Pomocí služby API Gateway můžete povolit ukládání do mezipaměti, zásady pro omezení rychlosti (např. `Quota`, `Spike Arrest` nebo `Concurrent Rate Limit`) a dynamické nasazování prostředků API.
 
 ## Zpracování
+
 - [ ] Zkontrolujte, zda jsou všechny koncové body chráněny určitým ověřením přístupu, aby nedošlo k porušení procesu ověřování.
 - [ ] Neměla by se používat jednotlivá ID uživatelů. Místo `/user/654321/orders` použijte `/me/orders`.
 - [ ] Nepoužívejte auto-inkrementaci u ID. Použijte místo toho `UUID`.
@@ -55,6 +61,7 @@ Kontrolní seznam nejdůležitějších bezpečnostních opatření při návrhu
 - [ ] Pokud je to možné používejte nespustitelné stacky (NX).
 
 ## Výstupy
+
 - [ ] V hlavičce odpovědi posílejte `X-Content-Type-Options: nosniff`.
 - [ ] V hlavičce odpovědi posílejte `X-Frame-Options: deny`.
 - [ ] V hlavičce odpovědi posílejte `Content-Security-Policy: default-src 'none'`.
@@ -64,6 +71,7 @@ Kontrolní seznam nejdůležitějších bezpečnostních opatření při návrhu
 - [ ] Posílejte správný stavový kód podle toho jak byla operace dokončena. (např. `200 OK`, `400 Bad Request`, `401 Unauthorized`, `405 Method Not Allowed`, atd.).
 
 ## CI & CD
+
 - [ ] Zkontrolujte svůj návrh a implementaci řešení jednotkovými/integračními testy.
 - [ ] Používejte proces kontroly kódu a to nejlépe třetí nezávislou stranou.
 - [ ] Zajistěte, aby všechny součásti vašich služeb byly před nasazením do produkce staticky oskenovány antivirem, včetně všech knihoven dodavatelů a dalších součástí.
@@ -72,20 +80,21 @@ Kontrolní seznam nejdůležitějších bezpečnostních opatření při návrhu
 - [ ] Navrhněte pro nasazený systém možnost rollbacku.
 
 ## Monitorování
+
 - [ ] Používejte centralizované přihlašovací údaje pro všechny služby a komponenty.
 - [ ] Používejte agenty na monitorování veškeré komunikace, errorů, requestů, a odpovědí.
 - [ ] Používejte upozornění pomocí SMS, Slacku, Emailu, Telegramu, Kibany, Cloudwatche, atd.
 - [ ] Ujistěte se, že neukládáte do logů žádné citlivé údaje, jako čísla kreditních karet, hesla, kódy PIN atd.
 - [ ] Ke sledování API requestů a instancí používejte systém IDS a/nebo IPS.
 
-
 ---
 
 ## Viz také:
-- [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) - Sbírka užitečných zdrojů pro vytváření rozhraní RESTful HTTP+JSON API.
 
+- [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) - Sbírka užitečných zdrojů pro vytváření rozhraní RESTful HTTP+JSON API.
 
 ---
 
 # Příspěvek
+
 Neváhejte přispět forknutím tohoto repozitáře, provedením nějakých změn a zasláním pull requestu. V případě jakýchkoli dotazů nám napište na e-mail `team@shieldfy.io`.
diff --git a/README-de.md b/README-de.md
index 1530c62..32e4885 100644
--- a/README-de.md
+++ b/README-de.md
@@ -1,18 +1,20 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # API Security Checkliste
-Checkliste für die wichtigsten Sicherheitsmaßnahmen beim Designen, Testen und Veröffentlichen deiner API.
 
+Checkliste für die wichtigsten Sicherheitsmaßnahmen beim Designen, Testen und Veröffentlichen deiner API.
 
 ---
 
 ## Authentifizierung
+
 - [ ] Verwende kein `Basic Auth`. Nutze standardisierte Authentifizierungsmethoden (bspw. JWT, OAuth).
 - [ ] Erfinde das Rad nicht neu für `Authentication`, `Tokengenerierung` oder `Passwort speichern`. Nutze hierfür existierende Standards.
 - [ ] Nutze eine `limitierte Anzahl von Anmeldeversuche` und Aussperrfunktionen (Ban, IP-Block, Permanent) im Loginprozess.
 - [ ] Nutze Verschlüsselung für alle sensitiven Daten.
 
 ### JWT (JSON Web Token)
+
 - [ ] Verwende einen per Zufall generierten, komplizierten Schlüssel (`JWT Secret`), um Brute Force Attacken gegen diesen so schwer wie möglich zu machen.
 - [ ] Verwende den Algorithmus des Payloads ausschließlich über das Backend, sodass dieser geheim bleibt (`HS256` oder `RS256`).
 - [ ] Lege einen möglichst kurzen Gültigkeitszeitraum für den Token fest (`TTL`, `RTTL`).
@@ -20,6 +22,7 @@ Checkliste für die wichtigsten Sicherheitsmaßnahmen beim Designen, Testen und
 - [ ] Vermeiden zu viele Daten zu speichern. JWT wird normalerweise in Headern geteilt und hat eine Größenbeschränkung.
 
 ## Zugriff
+
 - [ ] Limitiere alle Requests (Throttling), um DDoS / Brute-Force Attacken zu verhindern.
 - [ ] Nutze HTTPS serverseitig, um MITM (Man In The Middle Attack) zu verhindern.
 - [ ] Setze `HSTS` (HTTP Strict Transport Security) im Header bei SSL, um SSLStrip Attacken zu verhindern.
@@ -29,12 +32,14 @@ Checkliste für die wichtigsten Sicherheitsmaßnahmen beim Designen, Testen und
 ## Autorisierung
 
 ### OAuth
+
 - [ ] Überprüfe stets die `redirect_uri` serverseitig und erlaube nur URLs aus einer Whitelist.
 - [ ] Frage immer mit einem Access-Code (vom initialen Request) einen Access-Token ab (verbiete `response_type=token`).
 - [ ] Nutze den `state` Parameter immer mit einem zufälligem Hash, um CSRF auf den OAuth Authentifizierungsprozess zu verhindern.
 - [ ] Definiere einen Standard-Scope und validiere alle Scope Parameter für jede Applikation.
 
 ## Input
+
 - [ ] Nutze für Requests die passenden HTTP Methoden: `GET (Lesen)`, `POST (Erzeugen)`, `PUT/PATCH (Ersetzen/Aktualisieren)`, and `DELETE (Datensatz löschen)`, und gib `405 Method Not Allowed`, wenn die angeforderte Methode nicht auf die Ressource passt.
 - [ ] Validiere den `content-type` im "Accept" Header der Anfrage und erlaube nur unterstützte Formate (wie `application/xml`, `application/json`, usw). Gib den Response `406 Not Acceptable` zurück, wenn keine der übergebenen Content-Typen unterstützt wird.
 - [ ] Validiere den `Content-Type` im Header der Anfrage für übertragene Daten (bspw. POST oder PUT) wie bspw. `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json`, usw.
@@ -44,6 +49,7 @@ Checkliste für die wichtigsten Sicherheitsmaßnahmen beim Designen, Testen und
 - [ ] Nutze ein API Gateway Service für Caching, Rate Limit Regeln (bspw. `Quota`, `Spike Arrest`, `Concurrent Rate Limit`) und der Bereitstellung dynamischer API Ressourcen.
 
 ## Verarbeitung
+
 - [ ] Überprüfe, ob alle Endpunkte mit einer Authentifizierung geschützt sind.
 - [ ] Nutzereigene Ressourcen-Ids sollten vermieden werden. Verwende `/me/orders` statt `/user/654321/orders`.
 - [ ] Verwende keine automatisch hochzählende IDs, sondern `UUID`, damit Ressourcen nicht einfach erraten werden können.
@@ -55,6 +61,7 @@ Checkliste für die wichtigsten Sicherheitsmaßnahmen beim Designen, Testen und
 - [ ] Verwenden nicht ausführbare Stacks sofern verfügbar.
 
 ## Output
+
 - [ ] Sende `X-Content-Type-Options: nosniff` im Header.
 - [ ] Sende `X-Frame-Options: deny` im Header.
 - [ ] Sende `Content-Security-Policy: default-src 'none'` im Header.
@@ -64,6 +71,7 @@ Checkliste für die wichtigsten Sicherheitsmaßnahmen beim Designen, Testen und
 - [ ] Verwende immer einen passenden HTTP Statuscode je nach Status der Operation (bspw. `200 OK`, `400 Bad Request`, `401 Unauthorized`, `405 Method Not Allowed`, usw).
 
 ## Kontinuierliche Integration (CI) & Continuous Delivery (CD)
+
 - [ ] Nutze Unit- und Integrationstest und deren Abdeckung (Test Coverage), um deine Implementierungen und Design zu kontrollieren.
 - [ ] Nutze einen Code Review Prozess, aber bleib sachlich.
 - [ ] Stelle sicher, dass alle verwendeten Komponenten (Bibliotheken und alle anderen Abhängigkeiten) noch einmal statisch von einer Anti-Virus Software überprüft wurden bevor diese in die Produktionsumgebung gehen.
@@ -72,20 +80,21 @@ Checkliste für die wichtigsten Sicherheitsmaßnahmen beim Designen, Testen und
 - [ ] Stelle sicher, dass du im Fehlerfall auch schnell wieder den vorherigen Stand einspielen kannst (Rollback).
 
 ## Überwachung
+
 - [ ] Verwenden Sie zentralisierte Logins für alle Dienste und Komponenten.
 - [ ] Verwenden Sie Agenten, um den gesamten Datenverkehr, Fehler, Anfragen und Antworten zu überwachen.
 - [ ] Verwenden Sie Benachrichtigungen für SMS, Slack, E-Mail, Telegramm, Kibana, Cloudwatch, usw.
 - [ ] Stellen Sie sicher, dass Sie keine sensiblen Daten wie Kreditkarten, Passwörter, PINs, usw protokollierst.
 - [ ] Verwenden Sie ein IDS-System und/oder ein IPS-System um die Anforderungen und Instanzen Ihrer API zu überwachen.
 
-
 ---
 
 ## Siehe auch:
-- [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) - Eine Sammlung nützlicher Ressourcen für den Aufbau von RESTful HTTP+JSON APIs.
 
+- [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) - Eine Sammlung nützlicher Ressourcen für den Aufbau von RESTful HTTP+JSON APIs.
 
 ---
 
 # Contribution
+
 Du kannst gerne etwas beisteuern, indem du einen Fork dieses Repositorys erstellst, Änderungen vornimmst und dann einen Pull Request anlegst. Bei Fragen schick uns eine E-Mail an `team@shieldfy.io`.
diff --git a/README-el.md b/README-el.md
index f1501cc..cf53c1b 100644
--- a/README-el.md
+++ b/README-el.md
@@ -1,18 +1,20 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # API λίστα ελέγχου ασφαλείας
-Λίστα με τα πιο σημαντικά μέτρα ασφαλείας στον σχεδιασμό, έλεγχο, και την έκδοση του API σας.
 
+Λίστα με τα πιο σημαντικά μέτρα ασφαλείας στον σχεδιασμό, έλεγχο, και την έκδοση του API σας.
 
 ---
 
 ## Επικύρωση ασφαλείας (Authentication)
+
 - [ ] Μη χρησιμοποιήτε `Basic Auth`. Χρησιμοποιήστε standard authentication (π.χ. [JWT](https://jwt.io/), [OAuth](https://oauth.net/)).
 - [ ] Μην προσπαθήσετε να επανεφεύρετε τον τροχό για `Authentication`, `token generation`, `password storage`. Χρησιμοποιήστε ήδη υπάρχων βιβλιοθήκες.
 - [ ] Χρησιμοποιήστε `Max Retry` και jail features κατά τη σύνδεση (Login).
 - [ ] Χρησιμοποιήστε κρυπτογράφηση (encryption) για όλα τα σημαντικά δεδομένα.
 
 ### JWT (JSON Web Token)
+
 - [ ] Χρησιμοποιήστε τυχαίο περίπλοκο κλειδί (`JWT Secret`) για να γίνει αρκετά δύσκολο να αποκρυπτογραφηθεί με brute forcing.
 - [ ] Μη χρησιμοποιήτε/αφαιρήτε τον αλγόριθμο απο το payload. Ο αλγόριθμος πρέπει να πραγματοποιήτε στο backend (`HS256` ή `RS256`).
 - [ ] Κάντε το token να λήγει (token expiration) (`TTL`, `RTTL`) όσο πιο σύντομα γίνεται.
@@ -20,6 +22,7 @@
 - [ ] Αποφύγετε την αποθήκευση πάρα πολλών δεδομένων. JWT είναι συνήθως κοινόχρηστο σε headers και έχουν όριο μεγέθους.
 
 ## Πρόσβαση (Access)
+
 - [ ] Περιορίστε τα αιτήματα (requests) (Throttling) για να αποφύγετε επιθέσεις DDoS / brute-force.
 - [ ] Χρησιμοποιήστε HTTPS στο server side για να αποφύγετε επιθέσεις MITM (Man in the Middle Attack).
 - [ ] Χρησιμοποιήστε `HSTS` κεφαλίδα (header) με SSL για να αποφύγετε SSL Strip επιθέσεις.
@@ -29,12 +32,14 @@
 ## Authorization
 
 ### OAuth
+
 - [ ] Πάντα να επαληθεύετε το `redirect_uri` στο server-side και επιτρέπετε μόνο whitelisted URLs.
 - [ ] Πάντα να προσπαθήτε να ανταλλάσετε auth code και όχι tokens (μην επιτρέπετε `response_type=token`).
 - [ ] Χρησιμοποιήστε `state` παράμετρο με τυχαίο περίπλοκο κλειδί (hash) για να αποτρέψετε CSRF κατα τη διάρκεια της OAuth authentication διαδικασίας.
 - [ ] Ορίστε το προεπιλεγμένο πεδίο (default scope), και επικυρώστε τις παραμέτρους πεδίου (scope parameters) για κάθε εφαρμογή.
 
 ## Είσοδος δεδομένων (Input)
+
 - [ ] Χρησιμοποιήστε την κατάλληλη HTTP μέθοδο σύμφωνα με τη λειτουργία που χρειάζεστε: `GET (read)`, `POST (create)`, `PUT/PATCH (replace/update)`, και `DELETE (για διαγραφή αρχείου)`, και απαντήστε με `405 Method Not Allowed` εάν η ζητούμενη μέθοδος δεν είναι κατάλληλη για την αιτούμενη εφαρμογή.
 - [ ] Επικυρώστε `content-type` στη ζητούμενη Accept κεφαλίδα (Content Negotiation) για να επιτρέψετε μόνο το format που υποστηρίζετε (π.χ. `application/xml`, `application/json`, κτλ.) και απαντήστε με `406 Not Acceptable` εάν δεν το υποστηρίζετε.
 - [ ] Επικυρώστε `content-type` δεδομένα που στέλνετε, με τον ίδιο τρόπο όπως τα δέχεστε (π.χ. `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json`, κτλ.).
@@ -44,6 +49,7 @@
 - [ ] Χρησιμοποιήστε API Gateway service για να ενεργοποιήσετε caching, Rate Limit policies (π.χ. `Quota`, `Spike Arrest`, ή `Concurrent Rate Limit`) και κάντε deploy APIs resources δυναμικά.
 
 ## Επεξεργασία (Processing)
+
 - [ ] Ελέγξτε ότι όλα τα endpoints είναι προστατευμένα πίσω από επικύρωση ασφαλείας(authentication) για να αποφύγετε προβλήματα λανθασμένης επικύρωσης (broken authentication process).
 - [ ] Μη χρησιμοποιήτε το ID των χρηστών. Χρησιμοποιήστε `/me/orders` αντί `/user/654321/orders`.
 - [ ] Μη χρησιμοποιήτε την αυτόματη αύξηση των IDs. Χρησιμοποιήστε `UUID` αντι αυτου.
@@ -55,6 +61,7 @@
 - [ ] Χρησιμοποιήστε μη εκτελέσιμες στοίβες όταν είναι διαθέσιμες.
 
 ## Αποστολή/Επιστροφή δεδομένων (Output)
+
 - [ ] Αποστέλετε `X-Content-Type-Options: nosniff` κεφαλίδα (header).
 - [ ] Αποστέλετε `X-Frame-Options: deny` κεφαλίδα (header).
 - [ ] Αποστέλετε `Content-Security-Policy: default-src 'none'` κεφαλίδα (header).
@@ -64,6 +71,7 @@
 - [ ] Επιστρέψτε τον κατάλληλο κωδικό κατάστασης σύμφωνα με τη διαδικασία που ολοκληρώθηκε. (π.χ. `200 OK`, `400 Bad Request`, `401 Unauthorized`, `405 Method Not Allowed`, κτλ.).
 
 ## CI & CD
+
 - [ ] Ελέγξτε το σχεδιασμό και την κατάσταση της εφαρμογή σας με επαρκή κάλυψη τεστ Unit / integration.
 - [ ] Χρησιμοποιήτε code review διαδικασίες και μη δέχεστε self-approval απο την ομάδα.
 - [ ] Εξασφαλίστε ότι όλα τα στοιχέια των υπηρεσιών σας περνούν απο στατικό έλεγχο με AV software πριν τα αναρτήσετε στο production, συμπεριλαμβανομένου οποιασδήποτε εξωτερικής βιβλιοθήκης που μπορει να χρησιμοποιήτε.
@@ -72,20 +80,21 @@
 - [ ] Σχεδιάστε rollback διαδικασίες για deployments.
 
 ## Monitoring
+
 - [ ] Use centralized logins for all services and components.
 - [ ] Use agents to monitor all traffic, errors, requests, and responses.
 - [ ] Use alerts for SMS, Slack, Email, Telegram, Kibana, Cloudwatch, etc.
 - [ ] Ensure that you aren't logging any sensitive data like credit cards, passwords, PINs, etc.
 - [ ] Use an IDS and/or IPS system to monitor your API requests and instances.
 
-
 ---
 
 ## Δείτε επίσης:
-- [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) - Λίστα με χρήσιμες πληροφορίες για τον σχεδιασμό RESTful HTTP+JSON APIs.
 
+- [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) - Λίστα με χρήσιμες πληροφορίες για τον σχεδιασμό RESTful HTTP+JSON APIs.
 
 ---
 
 # Συνεισφορά
+
 Μη διστάσετε να συμβάλλετε με το να κάνετε forking αυτό το repository, κάνοντας αλλαγές και υποβάλλοντας pull requests. Για οποιεσδήποτε ερωτήσεις στείλτε μας ένα email στο `team@shieldfy.io`.
diff --git a/README-es.md b/README-es.md
index 10e976a..82a7276 100644
--- a/README-es.md
+++ b/README-es.md
@@ -1,18 +1,20 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # Lista de seguridad en APIs
-Lista de las contramedidas de seguridad más importantes en cuanto al diseño, testing y publicación de tu API.
 
+Lista de las contramedidas de seguridad más importantes en cuanto al diseño, testing y publicación de tu API.
 
 ---
 
 ## Autenticación
+
 - [ ] No uses `Basic Auth` Usa autenticación estándar (e.g. JWT, OAuth).
 - [ ] No reinventes la rueda en `autenticación`, `generación de tokens`, `almacenamiento de contraseñas`. Usa los estándares.
 - [ ] Usa políticas de límite de reintentos (`Max Retry`) y funcionalidades de jailing en el Login.
 - [ ] Usa encriptación en toda la información que sea sensible.
 
 ### JWT (JSON Web Token)
+
 - [ ] Usa claves aleatorias complejas (`JWT Secret`) para dificultar los ataques por fuerza bruta.
 - [ ] No extraigas el algoritmo del contenido. Fuerza el algoritmo en el backend (`HS256` o `RS256`).
 - [ ] Haz que la expiración del token (`TTL`, `RTTL`) sea tan corta como sea posible.
@@ -20,6 +22,7 @@ Lista de las contramedidas de seguridad más importantes en cuanto al diseño, t
 - [ ] Evita almacenar datos muy grandes o crecientes. JWT se transmite en las headers y éstas tienen un tamaño máximo.
 
 ## Acceso
+
 - [ ] Limita las peticiones (`Throttling`) para prevenir ataques DDoS y de fuerza bruta.
 - [ ] Usa HTTPS en el lado del servidor para evitar ataques MITM (Man In The Middle Attack).
 - [ ] Usa la cabecera `HSTS` con SSL para evitar SSL Strip attack.
@@ -29,12 +32,14 @@ Lista de las contramedidas de seguridad más importantes en cuanto al diseño, t
 ## Autorización
 
 ### OAuth
+
 - [ ] Siempre valida `redirect_uri` en el lado del servidor para permitir sólo ciertas URLs.
 - [ ] Trata siempre de intercambiar código y no tokens (no permitas `response_type=token`).
 - [ ] Usa el parámetro `state` con un hash aleatorio para prevenir CSRF en el proceso de autenticación OAuth.
 - [ ] Define el ámbito (`scope`) por defecto, y valida los parámetros de ámbito para cada aplicación.
 
 ## Entradas
+
 - [ ] Usa el método HTTP apropiado a cada operación: `GET (lectura)`, `POST (creación)`, `PUT/PATCH (reemplazo/actualización)`, y `DELETE (borrado)`, y responde con `405 Method Not Allowed` si el método en la petición no es apropiado para el recurso.
 - [ ] Valida el `content-type` en la cabecera `Accept` de las peticiones (Content Negotiation), para permitir sólo los formatos soportados (e.g. `application/xml`, `application/json`, etc) y responde con `406 Not Acceptable` si no hay coincidencias.
 - [ ] Valida el `content-type` de información enviada en base a la que aceptes (e.g. `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json`, etc).
@@ -44,6 +49,7 @@ Lista de las contramedidas de seguridad más importantes en cuanto al diseño, t
 - [ ] Usa un servicio de API Gateway para permitir almacenamiento en caché (caching), límite de peticiones (Rate Limit), Spike Arrest y el despliegue de APIs dinámicamente.
 
 ## Procesamiento
+
 - [ ] Valida que todos los endpoints estén protegidos con autenticación para evitar romper el proceso de autenticación.
 - [ ] Debes evitar los recursos bajo un ID de usuario. Usa `/me/orders` en lugar de `/user/654321/orders`.
 - [ ] No uses IDs auto incrementales. Usa `UUID` en su lugar.
@@ -55,6 +61,7 @@ Lista de las contramedidas de seguridad más importantes en cuanto al diseño, t
 - [ ] Utilice stacks no ejecutables cuando estén disponibles.
 
 ## Salidas
+
 - [ ] Envía la cabecera `X-Content-Type-Options: nosniff`.
 - [ ] Envía la cabecera `X-Frame-Options: deny`.
 - [ ] Envía la cabecera `Content-Security-Policy: default-src 'none'`.
@@ -64,6 +71,7 @@ Lista de las contramedidas de seguridad más importantes en cuanto al diseño, t
 - [ ] Devuelve el código HTTP acorde a la operación completada. (e.g. `200 OK`, `400 Bad Request`, `401 Unauthorized`, `405 Method Not Allowed`, etc).
 
 ## CI & CD
+
 - [ ] Audita tu diseño e implementación con tests unitarios/integración y test coverage.
 - [ ] Usa procesos de revisión de código y evita la auto aprobación.
 - [ ] Asegura que todos los componentes de tus servicios se escanean estáticamente con un software AV antes de ir a producción, incluyendo librerías de terceros y dependencias.
@@ -72,20 +80,21 @@ Lista de las contramedidas de seguridad más importantes en cuanto al diseño, t
 - [ ] Diseña un proceso de `rollback` para tus `deploys`.
 
 ## Monitorear
+
 - [ ] Usa logins centralizados para todos los servicios y componentes.
 - [ ] Usa agentes para monitorear todo el tráfico, errores, solicitudes, y respuestas.
 - [ ] Usa alertas para SMS, Slack, Email, Telegram, Kibana, Cloudwatch, etc.
 - [ ] Asegúrese de no registrar datos confidenciales, como tarjetas de crédito, contraseñas, PIN, etc.
 - [ ] Use un sistema IDS y/o IPS para monitorear las solicitudes e instancias de su API.
 
-
 ---
 
 ## Ver también:
-- [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) - Una colección de recursos útiles para la creación de APIs RESTful HTTP+JSON.
 
+- [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) - Una colección de recursos útiles para la creación de APIs RESTful HTTP+JSON.
 
 ---
 
 # Contribución
+
 Siéntete libre de contribuir haciendo un fork de éste repositorio, haciendo cambios, y enviando pull requests. Para cualquier pregunta déjanos un email en `team@shieldfy.io`.
diff --git a/README-fa.md b/README-fa.md
index 0599ce1..f727676 100644
--- a/README-fa.md
+++ b/README-fa.md
@@ -1,19 +1,22 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 <div dir="rtl">
 
 # چک‌لیست امنیتی API
+
 چک‌لیستی از مهم‌ترین کارهای لازم برای حفظ امنیت در زمان طراحی، تست و انتشار API.
 
 ---
 
 ## احراز هویت
+
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;از `Basic Auth` یا همان `اصالت‌سنجی برای دسترسی‌های اولیه` استفاده نکنید. به جای آن از روش‌های استاندارد احراز هویت استفاده کنید (مثلا [JWT](https://jwt.io/) یا [OAuth](https://oauth.net/)).
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;برای کارهایی مثل `احراز هویت`، `تولید توکن` و `ذخیره پسوورد` چرخ را دوباره اختراع نکنید. از استانداردها استفاده کنید.
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;برای لاگین محدودیت‌های `تعداد ماکسیمم تلاش مجدد`  و تعداد دفعات ورود را قرار بدید.
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;همه‌ی داده‌های حساس را رمزگذاری کنید.
 
 ### JWT (JSON Web Token)
+
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;از یک کلید پیچیده‌ی تصادفی برای `JWT Secret` استفاده کنید تا حمله‌ی بروت‌فورس به توکن بسیار سخت باشد.
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;الگوریتم را از هدر استخراج نکنید. در بک‌اند الگوریتم را تحمیل کنید (`HS256` یا `RS256`).
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;انقضای توکن (`TTL` یا `RTTL`) را تا حد ممکن کوتاه کن.
@@ -21,6 +24,7 @@
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;از ذخیره بیش از حد داده ها خودداری کنید. JWT معمولاً در هدر به اشتراک گذاشته می شود و محدودیت اندازه دارند.
 
 ## دسترسی
+
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;رکوئست‌ها را محدود کنید (Throttling) تا از حملات DDos یا بروت‌فورس جلوگیری شود.
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;در سمت سرور از HTTPS استفاده کنید تا از حملات مرد میانی جلوگیری شود.
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;از هدر `HSTS` استفاده کنید تا از حمله‌ی SSL Strip جلوگیری شود.
@@ -30,12 +34,14 @@
 ## Authorization
 
 ### OAuth
+
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;همیشه `redirect_uri` را در سمت سرور اعتبارسنجی کنید تا تنها به URLهای مجاز اجازه داده شود.
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;همیشه تلاش کنید تا code را به جای token تبادل کنید (اجازه `response_type=token` را ندهید).
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;از پارامتر `state` با یک هش تصادفی استفاده کنید تا از CSRF روی پروسه‌ی احراز هویت OAuth جلوگیری کنید.
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;مقدار scope پیش‌فرض را تعریف کنید و پارامترهای scope را برای هر اپلیکیشن اعتبارسنجی کنید.
 
 ## ورودی
+
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;از متد HTTP مناسب با توجه به نوع عملیات استفاده کنید: `GET` برای خواندن، `POST` برای ایجاد کردن، `PUT/PATCH` برای جایگزین یا بروزرسانی و `DELETE` برای حذف یک رکورد، و در صورتی‌که متد درخواستی برای منبع درخواست‌شده مناسب نباشد با `405 Method Not Allowed` پاسخ بدهید.
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;مقدار `content-type` را در هدر Accept رکوئست (مذاکره محتوا یا Content Negotiation) اعتبارسنجی کنید تا فقط به فرمت‌های مورد پشتیبانی اجازه داده شود (مثلا `application/xml`، `application/json` و ...). و در صورت عدم تطابق با یک پاسخ `406 Not Acceptable` پاسخ دهید.
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;مقدار `content-type` در داده‌ی پست‌شده را اعتبارسنجی کنید (مثلا `application/x-www-form-urlencoded`، `multipart/form-data`، `application/json` و ...).
@@ -45,6 +51,7 @@
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;از یک سرویس API Gateway استفاده کنید تا کش‌کردن و سیاست‌های Rate Limit (مثلا `Quota`، `Spike Arrest` یا `Concurrent Rate Limit`) فعال شوند و منابع APIها را به صورت داینامیک دپلوی کنید.
 
 ## پردازش
+
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;چک کنید که تمامی endpointها توسط احراز هویت محافظت شوند تا از پروسه‌ی احراز هویت ناقص جلوگیری شود.
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;از استفاده از ID ریسورس خود کاربر اجتناب کنید. به جای `user/654321/orders` از `/me/orders` استفاده کنید.
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;از IDهای auto-increment استفاده نکنید. به جای آن از `UUID` استفاده کنید.
@@ -56,6 +63,7 @@
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;در صورت وجود از پشته های غیر قابل اجرا استفاده کنید.
 
 ## خروجی
+
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;هدر `X-Content-Type-Options: nosniff` را ارسال کنید.
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;هدر `X-Frame-Options: deny` را ارسال کنید.
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;هدر `'Content-Security-Policy: default-src 'none` را ارسال کنید.
@@ -65,6 +73,7 @@
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;با توجه به عملیات انجام‌شده، status code مناسب را برگردانِد. مثلا `200 OK`، `400 Bad Request`، `401 Unauthorized` و `405 Method Not Allowed`.
 
 ## CI & CD
+
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;طراحی و پیاده سازی خودتان را با پوشش تست‌های unit/integration بازرسی کنید.
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;از یک پروسه‌ی مرور کد استفاده کنید و خود-تاییدی را نادیده بگیرید.
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;مطمئن شوید تا تمامی اجزای سرویس‌هایتان، شامل کتابخانه‌های استفاده‌شده و دیگر وابستگی‌ها، قبل از انتشار در حالت production، به طور ایستا توسط نرم‌افزارهای آنتی‌ویروس اسکن شده‌اند.
@@ -73,21 +82,22 @@
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;برای دپلوی‌هایتان، یک راه‌حل با قابلیت عقبگرد (rollback) طراحی کنید.
 
 ## Monitoring
+
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;از لاگین های متمرکز برای همه سرویس ها و مؤلفه ها استفاده کنید.
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;از agent ها برای مانیتور همه ترافیک, خطاها, درخواست‌ها و پاسخ‌ها استفاده کنید.
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;از alert ها برای اس ام اس, Slack, ایمیل, Telegram, Kibana, Cloudwatch و غیره استفاده کنید.
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;اطمینان حاصل کنید که هیچ گونه داده حساسی مانند کارت های اعتباری، رمزهای عبور، پین ها و غیره را ثبت نمی کنید.
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;از یک سیستم IDS و/یا IPS برای مانیتور درخواست ها API و نمونه های خود استفاده کنید.
 
-
 ---
 
 ## نگاهی بیاندازید به:
-- [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) - یک مجموعه از منابع مفید برای ساختن APIهای RESTful با HTTP و JSON -
 
+- [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) - یک مجموعه از منابع مفید برای ساختن APIهای RESTful با HTTP و JSON -
 
 ---
 
 # مشارکت
+
 برای همکاری و کمک می‌توانید به راحتی این مخزن را fork کنید، تغییرات مورد نظرت را اعمال کنید و یک pull request ثب کنید. اگر سوالی داشتید به آدرس `team@shieldfy.io` ایمیل بزنید.
 </div>
diff --git a/README-fr.md b/README-fr.md
index 013194d..0d7f9e7 100644
--- a/README-fr.md
+++ b/README-fr.md
@@ -1,18 +1,20 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # API Security Checklist
-Checklist des points de sécurité les plus importants lors de la conception, du test et de la mise en production de votre API.
 
+Checklist des points de sécurité les plus importants lors de la conception, du test et de la mise en production de votre API.
 
 ---
 
 ## Authentification
+
 - [ ] Ne pas utiliser une authentification basique http (`Basic Auth`) mais plutôt un standard d'authentification (tel que JWT, OAuth).
 - [ ] Ne pas réinventer la roue lors de `l'authentification`, `la génération de token`, `le stockage de mots de passe` mais utiliser les standards.
 - [ ] Lors de l'authentification, mettre en place les fonctionnalités de bannissement (`jail`) avec des seuils de tentatives maximales (`Max Retry`).
 - [ ] Chiffrer toutes les données sensibles.
 
 ### JWT (JSON Web Token)
+
 - [ ] Utiliser des clés aléatoires complexes (`JWT Secret`) pour rendre les attaques par force brute difficiles.
 - [ ] Ne pas extraire l'algorithme du payload. Imposer l'algorithme côté serveur (`HS256` ou `RS256`).
 - [ ] Rendre la durée de vie des tokens (`TTL`, `RTTL`) aussi courte que possible.
@@ -20,6 +22,7 @@ Checklist des points de sécurité les plus importants lors de la conception, du
 - [ ] Éviter de stocker trop de données. JWT est généralement partagé dans les en-têtes et ils ont une limite de taille.
 
 ## Accès
+
 - [ ] Limiter le nombre de requêtes (limitation de bande passante) pour éviter les dénis de service et les attaques par force brute.
 - [ ] Utiliser le protocole HTTPS côté serveur afin d'éviter les attaques de l'homme du milieu (MITM).
 - [ ] Utiliser les entêtes `HSTS` avec SSL pour éviter les attaques SSL Strip.
@@ -29,12 +32,14 @@ Checklist des points de sécurité les plus importants lors de la conception, du
 ## Autorisation
 
 ### OAuth
+
 - [ ] Toujours valider la redirection d'uri (`redirect_uri`) côté serveur afin d'accéder uniquement aux URLs autorisées.
 - [ ] Toujours utiliser un échange de code plutôt que des tokens (ne pas autoriser `response_type=token`).
 - [ ] Utiliser le paramètre d'état (`state`) avec un hash aléatoire pour prévenir les CSRF sur le processus d'authentification OAuth.
 - [ ] Définir la portée par défaut et valider le paramètre de portée pour chaque application.
 
 ## Entrées
+
 - [ ] Utiliser la bonne méthode en fonction de l'opération, `GET (lire)`, `POST (créer)`, `PUT (remplacer/mettre à jour)` et `DELETE (pour supprimer un enregistrement)`.
 - [ ] Valider le `content-type` dans l'en-tête HTTP des requêtes (négociation de contenu) pour n'autoriser que les formats supportés (e.g. `application/xml`, `application/json`, etc…) et renvoyer une réponse `406 Not Acceptable` si ça ne correspond pas.
 - [ ] Valider le `content-type` des données postées avec celles acceptées (e.g. `application/x-www-form-urlencoded`, `multipart/form-data, application/json`, etc…).
@@ -44,6 +49,7 @@ Checklist des points de sécurité les plus importants lors de la conception, du
 - [ ] Utiliser un service de passerelle d'API afin d'obtenir la mise en cache, une limitation de la saturation des ressources, la gestion des pics d'activités et le déploiement automatique des ressources.
 
 ## Traitement
+
 - [ ] Vérifier qu'aucun point d'entrée dans l'application n'échappe à l'authentification.
 - [ ] Éviter l'utilisation des identifiants de ressource utilisateur. Préférer `/me/orders` au lieu de `/user/654321/orders`
 - [ ] Ne pas utiliser d'identifiant auto-incrémenté mais plutôt des `UUID`.
@@ -55,6 +61,7 @@ Checklist des points de sécurité les plus importants lors de la conception, du
 - [ ] Utiliser des piles non exécutables lorsqu'elles sont disponibles.
 
 ## Sorties
+
 - [ ] Envoyer l'en-tête `X-Content-Type-Options: nosniff`.
 - [ ] Envoyer l'en-tête `X-Frame-Options: deny`.
 - [ ] Envoyer l'en-tête `Content-Security-Policy: default-src 'none'`.
@@ -64,6 +71,7 @@ Checklist des points de sécurité les plus importants lors de la conception, du
 - [ ] Retourner un code de statuts en adéquation avec l'opération effectuée. (e.g. `200 OK`, `400 Bad Request`, `401 Unauthorized`, `405 Method Not Allowed`, etc…).
 
 ## CI & CD
+
 - [ ] Vérifiez votre conception et votre implémentation avec une couverture des tests unitaires et d'intégration.
 - [ ] Utilisez un processus de revue de code et ignorez l'auto-approbation.
 - [ ] Assurez-vous que tous les composants de vos services sont scannés par un logiciel anti-virus avant la mise en production, ainsi que les bibliothèques tierces et autres dépendances.
@@ -72,20 +80,21 @@ Checklist des points de sécurité les plus importants lors de la conception, du
 - [ ] Concevez une solution de rollback pour les déploiements.
 
 ## Surveillance
+
 - [ ] Utilisez des connexions centralisées pour tous les services et composants.
 - [ ] Utilisez des agents pour surveiller tout le trafic, les erreurs, les requêtes, et les réponses.
 - [ ] Utilisez des alertes pour SMS, Slack, Email, Telegram, Kibana, Cloudwatch, etc.
 - [ ] Assurez-vous que vous n'enregistrez aucune donnée sensible comme les cartes de crédit, les mots de passe, les codes PIN, etc.
 - [ ] Utilisez un système IDS et/ou IPS pour surveiller vos requêtes et instances d'API.
 
-
 ---
 
 ## Voir également :
-- [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) - Une collection de ressources utiles pour créer des API RESTful HTTP+JSON.
 
+- [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) - Une collection de ressources utiles pour créer des API RESTful HTTP+JSON.
 
 ---
 
 # Contribution
+
 N'hésitez pas à contribuer en forkant ce dépôt, faire quelques changements, et soumettre une pull request. Pour toute question, envoyez un courriel à `team@shieldfy.io`.
diff --git a/README-hi.md b/README-hi.md
index 10c2865..26634f7 100644
--- a/README-hi.md
+++ b/README-hi.md
@@ -1,18 +1,20 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # API सुरक्षा जांच-सूची
-अपने API को डिजाइन करने, परीक्षण करने और जारी करने के दौरान सबसे महत्वपूर्ण सुरक्षा प्रतिवाद की जांच सूची|
 
+अपने API को डिजाइन करने, परीक्षण करने और जारी करने के दौरान सबसे महत्वपूर्ण सुरक्षा प्रतिवाद की जांच सूची|
 
 ---
 
 ## प्रमाणीकरण (Authentication)
+
 - [ ] `बेसिक एथ` का उपयोग मानक प्रमाणन का उपयोग न करें (जैसे [JWT](https://jwt.io/), [OAuth](https://oauth.net/))।
 - [ ] `प्रमाणीकरण`, `टोकन पीढ़ी`, `पासवर्ड भंडारण` में पहिया को फिर से न बदलें। मानकों का उपयोग करें।
 - [ ] लॉग इन में `मैक्स पुन: प्रयास` और `जेल` सुविधाओं का उपयोग करें।
 - [ ] सभी संवेदनशील डेटा पर एन्क्रिप्शन का उपयोग करें।
 
 ### JWT (JSON वेब टोकन)
+
 - [ ] एक यादृच्छिक जटिल कुंजी (`JWT सीक्रेट`) का प्रयोग करें ताकि brute force करने के लिए टोकन बहुत कठिन हो।
 - [ ] पेलोड से एल्गोरिदम न निकालें। बैकएण्ड (`HS256` या `RS256`) में एल्गोरिथम को बल दें।
 - [ ] टोकन की समाप्ति (`टीटीएल`, `आरटीटीएल`) को यथासंभव कम करें।
@@ -20,6 +22,7 @@
 - [ ] ज्यादा डाटा स्टोर करने से बचें। JWT को आमतौर पर headers में साझा किया जाता है और उनकी एक आकार सीमा होती है।
 
 ## Access
+
 - [ ] DDOS / ब्रूट-फॉरेस्ट हमलों से बचने के लिए सीमा अनुरोध (थ्रोटलिंग)।
 - [ ] MITM (मैन इन द मिडल अटैक) से बचने के लिए सर्वर साइड पर HTTPS का उपयोग करें।
 - [ ] SSL strip हमले से बचने के लिए SSL के साथ HSTS हैडर का उपयोग करें।
@@ -29,12 +32,14 @@
 ## Authorization
 
 ### OAuth
+
 - [ ] केवल व्हाइटलिस्ट किए गए URL को अनुमति देने के लिए हमेशा `redirect_uri` सर्वर-पक्ष को मान्य करें।
 - [ ] हमेशा कोड के लिए आदान-प्रदान करने की कोशिश नहीं करें और टोकन न दें (`response_type=token` की अनुमति न दें)
 - [ ] OAuth प्रमाणीकरण प्रक्रिया पर CSRF को रोकने के लिए एक यादृच्छिक हैश के साथ `state` पैरामीटर का उपयोग करें।
 - [ ] डिफ़ॉल्ट स्कोप को परिभाषित करें, और प्रत्येक एप्लिकेशन के लिए स्कोप मापदंडों को मान्य करें।
 
 ## Input
+
 - [ ] ऑपरेशन के अनुसार उचित HTTP विधि का प्रयोग करें: अनुरोधित विधि है, अगर `GET (पढ़ें)`, `पोस्ट (बनाएं)`, `पुट / पैच (प्रतिस्थापित / अद्यतन)`, और `हटाएं (रिकॉर्ड को हटाने के लिए)`, और `405 Method Not Allowed` के साथ प्रतिक्रिया न दें अनुरोधित संसाधन के लिए उचित नहीं है
 - [ ] अनुरोध पर `content-type` मान्य करें केवल अपने समर्थित प्रारूप (जैसे `application/xml`, `application/json`, आदि) को अनुमति देने के लिए हेडर (सामग्री वार्ता-Content Negotiation) स्वीकार करें और `406 Not Acceptable` करें यदि स्वीकार्य न हो तो।
 - [ ] जैसा कि आप स्वीकार करते हैं, उतनी ही पोस्ट की गई `content-type` की पुष्टि करें (जैसे `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json`, इत्यादि)।
@@ -44,6 +49,7 @@
 - [ ] कैशिंग, दर सीमा नीतियों (`Quota`, `Spike Arrest`, `Concurrent Rate Limit`) को सक्षम करने के लिए API गेटवे सेवा का उपयोग करें और गतिशील रूप से API संसाधनों की तैनाती करें।
 
 ## Processing
+
 - [ ] जांचें कि क्या सभी समापन बिंदुओं को टूटा प्रमाणीकरण प्रक्रिया से बचने के लिए प्रमाणीकरण के पीछे सुरक्षित किया गया है या नहीं।
 - [ ] उपयोगकर्ता के स्वयं के संसाधन आईडी से बचना चाहिए। `/user/654321/orders` के बजाय `/me/orders` का उपयोग करें।
 - [ ] auto-increment आईडी न करें। बजाय यूयूआईडी का प्रयोग करें।
@@ -55,6 +61,7 @@
 - [ ] उपलब्ध होने पर गैर-निष्पादन योग्य stack का उपयोग करें।
 
 ## Output
+
 - [ ] `X-Content-Type-Options: nosniff` हेडर भेजें।
 - [ ] `X-Frame-Options: deny`हेडर भेजें।
 - [ ] `Content-Security-Policy: default-src 'none'`हेडर भेजें।
@@ -64,6 +71,7 @@
 - [ ] ऑपरेशन के अनुसार उचित स्थिति कोड वापस करें। (जैसे `200 OK`, `400 Bad Request`, `401 Unauthorized`, `405 Method Not Allowed`, आदि)।
 
 ## CI & CD
+
 - [ ] unit/integration परीक्षण कवरेज के साथ अपने डिजाइन और कार्यान्वयन की जांच करें।
 - [ ] कोड समीक्षा प्रक्रिया का उपयोग करें और स्वयं-स्वीकृति की उपेक्षा करें।
 - [ ] सुनिश्चित करें कि आपकी सेवाओं के सभी components को AV सॉफ्टवेयर द्वारा स्कैन करने से पहले उत्पादक को push. vendor libraries और अन्य dependencies शामिल हैं।
@@ -72,20 +80,21 @@
 - [ ] तैनाती के लिए एक रोलबैक समाधान तैयार करें।
 
 ## Monitoring
+
 - [ ] Use centralized logins for all services and components.
 - [ ] Use agents to monitor all traffic, errors, requests, and responses.
 - [ ] Use alerts for SMS, Slack, Email, Telegram, Kibana, Cloudwatch, etc.
 - [ ] Ensure that you aren't logging any sensitive data like credit cards, passwords, PINs, etc.
 - [ ] Use an IDS and/or IPS system to monitor your API requests and instances.
 
-
 ---
 
 ## यह भी देखें:
-- [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) RESTful HTTP+JSON APIs के निर्माण के लिए उपयोगी संसाधनों का संग्रह।
 
+- [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) RESTful HTTP+JSON APIs के निर्माण के लिए उपयोगी संसाधनों का संग्रह।
 
 ---
 
 # योगदान
+
 इस रिपोजिटरी contribute, कुछ बदलाव करने और pull request सबमिट करने में योगदान करने के लिए स्वतंत्र महसूस करें। किसी भी प्रश्न के लिए हमें `team@shieldfy.io` पर एक ईमेल है।
diff --git a/README-id.md b/README-id.md
index c295693..e5e9047 100644
--- a/README-id.md
+++ b/README-id.md
@@ -1,18 +1,20 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # Checklist Keamanan API
-Checklist penanggulangan keamanan yang paling penting ketika merancang, menguji, dan melepaskan API ke khalayak
 
+Checklist penanggulangan keamanan yang paling penting ketika merancang, menguji, dan melepaskan API ke khalayak
 
 ---
 
 ## Autentikasi
+
 - [ ] Jangan gunakan `Basic Auth`. Gunakan autentikasi baku (Contoh: JWT, Oauth).
 - [ ] Gunakan mekanisme baku untuk `autentikasi`, `pembuatan token`, dan `penyimpanan kata sandi`.
 - [ ] Gunakan maksimal percobaan berulang dan fitur penjara pada Login.
 - [ ] Gunakan enkripsi untuk seluruh data sensitif.
 
 ### JWT (JSON Web Token)
+
 - [ ] Gunakan kunci acak yang rumit (`JWT Secret`) untuk membuat proses pemecahan token secara paksa menjadi sangat susah.
 - [ ] Jangan gunakan algoritma yang berasal dari muatan yang dikirim oleh pengguna. Paksa penggunaan algoritma di sisi peladen (`HS256` atau `RS256`).
 - [ ] Gunakan masa tenggat token (`TTL`, `RTTL`) yang sesingkat mungkin.
@@ -20,6 +22,7 @@ Checklist penanggulangan keamanan yang paling penting ketika merancang, menguji,
 - [ ] Hindari menyimpan terlalu banyak data. JWT biasanya dibagikan di header dan mereka memiliki batas ukuran.
 
 ## Akses
+
 - [ ] Batasi permintaan (_throttling_) di sisi peladen untuk menghindari serangan yang dapat melumpukan sistem (Contoh: DDoS, serangan paksa).
 - [ ] Gunakan HTTPS di sisi peladen untuk menghindari serangan pencegatan / MItM (Man In The Middle Attack).
 - [ ] Gunakan tajuk `HSTS` pada SSL untuk mencegah serangan SSL Strip.
@@ -29,12 +32,14 @@ Checklist penanggulangan keamanan yang paling penting ketika merancang, menguji,
 ## Otorisasi
 
 ### OAuth
+
 - [ ] Selalu validasi `redirect_uri` di sisi peladen sehingga hanya URL-URL yang ada di dalam daftar putih yang boleh digunakan.
 - [ ] Selalu coba untuk mempertukarkan kode bukan token (jangan ijinkan `response_type=token`).
 - [ ] Gunakan parameter `state` dengan campuran nilai acak (_random hash_) untuk mencegah CSRF pada proses autentikasi.
 - [ ] Tetapkan cakupan baku dan validasi parameter cakupan untuk setiap aplikasi.
 
 ## Masuk
+
 - [ ] Gunakan metode HTTP yang sesuai dengan operasi yang digunakan, `GET untuk membaca catatan`, `POST untuk membuat catatan baru`, `PUT/PATCH untuk mengganti secara keseluruhan/mengubah sebagian catatan`, `DELETE untuk menghapus catatan` dan tanggapan `405 Method Not Allowed` jika metode permintaan tidak dikenali pada sumber daya.
 - [ ] Validasi `content-type` pada tajuk _Accept_ pada permintaan (Negosiasi konten) sehingga hanya mengijinkan format yang dikenali (Contoh: `application/xml`, `application/json`, dan lain sebagainya). Berikan tanggapan `406 Not Acceptable` jika nilai tajuk _Accept_ tidak dikenali.
 - [ ] Validasi `content-type` dari data yang dipos oleh pengguna (Contoh: `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json`, dan lain sebagainya).
@@ -44,6 +49,7 @@ Checklist penanggulangan keamanan yang paling penting ketika merancang, menguji,
 - [ ] Gunakan layanan pintu gerbang API (_API Gateway_) untuk memungkinan singgahan, pembatasan laju, pendeteksian lalu lintas tinggi, dan penyebaran sumber daya API secara dinamis.
 
 ## Pemrosesan
+
 - [ ] Cek apakah seluruh titik akhir terlindungi oleh autentikasi untuk menghindari proses autentikasi yang rusak.
 - [ ] Sumber daya ID kepunyaan pengguna sebaiknya dihindari. Lebih baik menggunakan`/me/orders` daripada `/user/654321/orders`.
 - [ ] Jangan gunakan ID yang bertambah secara otomatis. Sebaiknya gunakan `UUID`.
@@ -55,6 +61,7 @@ Checklist penanggulangan keamanan yang paling penting ketika merancang, menguji,
 - [ ] Gunakan stack yang tidak dapat dieksekusi jika tersedia.
 
 ## Keluaran
+
 - [ ] Kirim tajuk `X-Content-Type-Options: nosniff`.
 - [ ] Kirim tajuk `X-Frame-Options: deny`.
 - [ ] Kirim tajuk `Content-Security-Policy: default-src 'none'`.
@@ -64,6 +71,7 @@ Checklist penanggulangan keamanan yang paling penting ketika merancang, menguji,
 - [ ] Kembalikan kode status yang layak sesuai dengan operasi yang diselesaikan (Contoh: `200 OK`, `400 Bad Request`, `401 Unauthorized`, `405 Method Not Allowed`, dan lain sebagainya).
 
 ## CI & CD
+
 - [ ] Audit rancangan dan pelaksanaan dengan pengujian unit/integrasi.
 - [ ] Gunakan proses ulasan kode dan kesampingkan persetujuan sendiri.
 - [ ] Pastikan seluruh komponen layanan dipindai secara statis menggunakan anti virus sebelum didorong ke lingkungan produksi, termasuk pustaka-pustaka milik vendor dan ketergantungan lainnya.
@@ -72,20 +80,21 @@ Checklist penanggulangan keamanan yang paling penting ketika merancang, menguji,
 - [ ] Rancang solusi kembali ke versi sebelumnya pada proses penyebaran.
 
 ## Pemantauan
+
 - [ ] Gunakan login terpusat untuk semua layanan dan komponen.
 - [ ] Gunakan agen untuk memantau semua lalu lintas, kesalahan, permintaan, dan respons.
 - [ ] Gunakan peringatan untuk SMS, Slack, Email, Telegram, Kibana, Cloudwatch, dll.
 - [ ] Pastikan Anda tidak mencatat data apapun yang sensitif, seperti kartu kredit, kata sandi, PIN, dll.
 - [ ] Gunakan sistem IDS dan/atau IPS untuk memantau permintaan dan instans API Anda.
 
-
 ---
 
 ## Lihat juga:
-- [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) - Kumpulan sumber yang berguna untuk membangun API RESTful HTTP+JSON.
 
+- [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) - Kumpulan sumber yang berguna untuk membangun API RESTful HTTP+JSON.
 
 ---
 
 # Kontribusi
+
 Silahkan berkontribusi dengan cara menduplikasi repositori ini, lakukan perubahan, dan kirimkan PR. Jika ada pertanyaan silakan kirim email ke `team@shieldfy.io`.
diff --git a/README-it.md b/README-it.md
index fc85b6c..6155225 100644
--- a/README-it.md
+++ b/README-it.md
@@ -1,18 +1,20 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # Checklist per la sicurezza delle API
-Una checklist per le più importanti contromisure da mettere in pratica quando strutturiamo, testiamo e rilasciamo le nostre API.
 
+Una checklist per le più importanti contromisure da mettere in pratica quando strutturiamo, testiamo e rilasciamo le nostre API.
 
 ---
 
 ## Autenticazione
+
 - [ ] Non usare la `Basic Auth` Utilizzare piuttosto dei sistemi standard di identificazione (es. JWT, OAuth).
 - [ ] Non re-inventarsi sistemi di `autenticazione`, `generazione token`, `salvataggio password`. Utilizzare gli standard.
 - [ ] Utilizzare `Max Retry` e le jail features per il Login.
 - [ ] Utilizzare la cifratura per tutti i dati sensibili.
 
 ### JWT (JSON Web Token)
+
 - [ ] Utilizzare una chiave random complessa (`JWT Secret`) per rendere assai difficile il brute force del token.
 - [ ] Non ricavare l'algoritmo dal payload. Forzare l'algoritmo nel backend (`HS256` o `RS256`).
 - [ ] Rendere la scadenza del token (`TTL`, `RTTL`) il più breve possibile.
@@ -20,6 +22,7 @@ Una checklist per le più importanti contromisure da mettere in pratica quando s
 - [ ] Evita di archiviare troppi dati. JWT è solitamente condiviso nelle header e hanno un limite di dimensioni.
 
 ## Accesso
+
 - [ ] Limitare le richieste (Throttling) per evitare attacchi DDoS o brute-force.
 - [ ] Utilizzare il protocollo HTTPS per evitare attacchi MITM (Man In The Middle Attack).
 - [ ] Utilizzare l'header `HSTS` per evitare attacchi SSL Strip.
@@ -29,12 +32,14 @@ Una checklist per le più importanti contromisure da mettere in pratica quando s
 ## Autorizzazione
 
 ### OAuth
+
 - [ ] Validare sempre il valore di `redirect_uri` lato server permettendo solo url verificati nella whitelist.
 - [ ] Tentare sempre lo scambio attraverso il codice e non tramite token (non permettere `response_type=token`).
 - [ ] Utilizzare il parametro `state` con un hash random per prevenire il CSRF durante il processo di autenticazione OAuth.
 - [ ] Definire lo scope di default e validare i parametri dello scope per ogni singola applicazione.
 
 ## Input
+
 - [ ] Utilizzare il metodo HTTP appropriato in base all'azione: `GET (lettura)`, `POST (scrittura)`, `PUT/PATCH (sostituzione/modifica)`, e `DELETE (cancellazione)`, e rispondere con uno status `405 Method Not Allowed` se il metodo della richiesta non è appropriato.
 - [ ] Validare il `content-type` rispetto all' Accept header (Content Negotiation) per consentire solo i formati supportati (es. `application/xml`, `application/json`, ecc.) e rispondere con un `406 Not Acceptable` se la risposta non coincide.
 - [ ] Validare il `content-type` in base alle strutture accettate (es. `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json`, ecc.).
@@ -44,6 +49,7 @@ Una checklist per le più importanti contromisure da mettere in pratica quando s
 - [ ] Utilizzare un gateway per abilitare il caching delle API, con sistema di controllo delle chiamate (es. `Quota`, `Spike Arrest`, `Concurrent Rate Limit`).
 
 ## Processing
+
 - [ ] Verificare che tutti gli endpoints siano protetti dal sistema di autenticazione, per evitare eventuali falle.
 - [ ] L'ID dell'utente corrente andrebbe sempre evitato nelle url. Utilizzare ad esempio `/me/orders` piuttosto che `/user/654321/orders`.
 - [ ] Non ricorrere all'autoincremento di un ID. Utilizzare piuttosto un `UUID`.
@@ -55,6 +61,7 @@ Una checklist per le più importanti contromisure da mettere in pratica quando s
 - [ ] Utilizzare stack non eseguibili quando disponibili.
 
 ## Output
+
 - [ ] Inviare l'header `X-Content-Type-Options: nosniff`.
 - [ ] Inviare l'header `X-Frame-Options: deny`.
 - [ ] Inviare l'header `Content-Security-Policy: default-src 'none'`.
@@ -64,6 +71,7 @@ Una checklist per le più importanti contromisure da mettere in pratica quando s
 - [ ] Ritornare sempre lo status code corretto in base all'esito della chiamata. (es. `200 OK`, `400 Bad Request`, `401 Unauthorized`, `405 Method Not Allowed`, ecc).
 
 ## CI & CD
+
 - [ ] Verificare il design attraverso gli unit/integration tests.
 - [ ] Definire e utilizzare una procedura di code review per il rilascio, evitando l'auto approvazione.
 - [ ] Verificare che tutti i componenti dei servizi siano controllati da software AV prima di essere messi in produzione, incluse le librerie di terze parti.
@@ -72,20 +80,21 @@ Una checklist per le più importanti contromisure da mettere in pratica quando s
 - [ ] Definire una strategia di rollback per il deploy.
 
 ## Monitoraggio
+
 - [ ] Utilizza accessi centralizzati per tutti i servizi e i componenti.
 - [ ] Utilizza gli agenti per monitorare tutto il traffico, gli errori, le richieste, e le risposte.
 - [ ] Utilizza gli avvisi per SMS, Slack, Email, Telegram, Kibana, Cloudwatch, ecc.
 - [ ] Assicurati di non registrare dati sensibili come carte di credito, password, PIN, ecc.
 - [ ] Utilizza un sistema IDS e/o IPS per monitorare le richieste e le istanze della tua API.
 
-
 ---
 
 ## Guarda anche:
-- [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) - Una collezione di risorse utili per la creazione di API RESTful HTTP+JSON.
 
+- [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) - Una collezione di risorse utili per la creazione di API RESTful HTTP+JSON.
 
 ---
 
 # Contribuire
+
 Siate liberi di contribuire a questo progetto facendo un fork, modificandolo e inviando una pull request. Per qualsiasi dubbio inviare un'email all'indirizzo: `team@shieldfy.io`.
diff --git a/README-ja.md b/README-ja.md
index ee682ec..d357594 100644
--- a/README-ja.md
+++ b/README-ja.md
@@ -1,18 +1,20 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # APIセキュリティチェックリスト
-APIを設計、テスト、リリースするときの最も重要なセキュリティ対策のチェックリスト
 
+APIを設計、テスト、リリースするときの最も重要なセキュリティ対策のチェックリスト
 
 ---
 
 ## 認証
+
 - [ ] `Basic認証`を利用せず、標準的な認証を利用する（例: [JWT](https://jwt.io/)、[OAuth](https://oauth.net/)）。
 - [ ] `認証`、`トークンの生成`、`パスワードの保管`において「車輪の再発明」をしないこと。すでに標準化されているものを利用する。
 - [ ] ログインにおいては`最大リトライ回数（Max Retry）`とjail機能を利用する。
 - [ ] 全ての機微情報において暗号化を活用する。
 
 ### JWT (JSON Web Token)
+
 - [ ] ランダムで複雑なキー（`JWT Secret`）を使用する。これはブルートフォース攻撃を困難にするため。
 - [ ] ペイロードからアルゴリズムを抽出しないこと。アルゴリズムは必ずバックエンド処理のみとする（`HS256`または`RS256`）。
 - [ ] トークンの有効期限（`TTL`, `RTTL`）を可能な限り短くする。
@@ -20,6 +22,7 @@ APIを設計、テスト、リリースするときの最も重要なセキュ
 - [ ] 多くのデータを保存することを避ける。JWTは通常header「ヘッダー」に共有され、サイズ制限があるため。
 
 ## アクセス
+
 - [ ] DDoSやブルートフォース攻撃を回避するため、リクエストを制限（スロットリング）する。
 - [ ] MITM（Man in the Middle Attack）を防ぐため、サーバサイドではHTTPSを使用する。
 - [ ] SSL Strip attackを防ぐため、SSL化とともに`HSTS`ヘッダを設定する。
@@ -29,12 +32,14 @@ APIを設計、テスト、リリースするときの最も重要なセキュ
 ## 認可
 
 ### OAuth
+
 - [ ] サーバサイドで常に`redirect_uri`を検証し、ホワイトリストに含まれるURLのみを許可する。
 - [ ] 常にtokenではなくcodeを交換するようにする（`response_type=token`を許可しない）。
 - [ ] `state`パラメータをランダムなハッシュと共に利用し、OAuth認証プロセスでのCSRFを防ぐ。
 - [ ] デフォルトのscopeを定義し、アプリケーション毎にscopeパラメータを検証する。
 
 ## 入力
+
 - [ ] 操作に応じて適切なHTTPメソッドを利用する。`GET（読み込み）`, `POST（作成）`, `PUT/PATCH（置き換え/更新）`, `DELETE（単一レコードの削除）`。リクエストメソッドがリソースに対して適切ではない場合、`405 Method Not Allowed`を返す。
 - [ ] リクエストのAcceptヘッダ（コンテンツネゴシエーション）の`content-type`を検証する。サポートしているフォーマット（例: `application/xml`, `application/json`等）は許可し、そうでない場合は`406 Not Acceptable`を返す。
 - [ ] POSTされたデータの`content-type`が受け入れ可能（例: `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json`等）かどうかを検証する。
@@ -44,6 +49,7 @@ APIを設計、テスト、リリースするときの最も重要なセキュ
 - [ ] キャッシュ、Rate Limit policies（例: `Quota`, `Spike Arrest`, `Concurrent Rate Limit`）を有効化し、APIリソースのデプロイを動的に行うため、APIゲートウェイサービスを利用する。
 
 ## 処理
+
 - [ ] 壊れた認証プロセスを回避するため、全てのエンドポイントが認証により守られていることを確かめる。
 - [ ] ユーザーに紐付いたリソースIDを使用してはならない。`/user/654321/orders`の代わりに`/me/orders`を利用する。
 - [ ] オートインクリメントなIDを利用せず、代わりに`UUID`を利用する。
@@ -55,6 +61,7 @@ APIを設計、テスト、リリースするときの最も重要なセキュ
 - [ ] 可能な場合は、実行不可能なスタックを使用する。
 
 ## 出力
+
 - [ ] `X-Content-Type-Options: nosniff`をヘッダに付与する。
 - [ ] `X-Frame-Options: deny`をヘッダに付与する。
 - [ ] `Content-Security-Policy: default-src 'none'`をヘッダに付与する。
@@ -64,6 +71,7 @@ APIを設計、テスト、リリースするときの最も重要なセキュ
 - [ ] 処理の終了時に適切なステータスコードを返す（例: `200 OK`, `400 Bad Request`, `401 Unauthorized`, `405 Method Not Allowed`等）。
 
 ## CI & CD (継続的インテグレーションと継続的デリバリー)
+
 - [ ] ユニットテスト/結合テストのカバレッジで、設計と実装を継続的に検査する。
 - [ ] コードレビューのプロセスを採用し、自身による承認を無視する。
 - [ ] プロダクションへプッシュする前に、ベンダのライブラリ、その他の依存関係を含め、サービスの全ての要素をアンチウイルスソフトで静的スキャンする。
@@ -72,20 +80,21 @@ APIを設計、テスト、リリースするときの最も重要なセキュ
 - [ ] デプロイのロールバックを用意する。
 
 ## モニタリング
+
 - [ ] すべてのサービスとコンポーネントに集中ログインを使用する。
 - [ ] すべてのトラフィック、エラー、リクエスト、およびレスポンスを監視ために、エージェントを使用する。
 - [ ] SMS、Slack、Email、Telegram、Kibana、Cloudwatch、などのアラートを使用する。
 - [ ] クレジット・カード、パスワード、ＰＩＮ、などの機密データをログに記録していないことを確認する。
 - [ ] ＡＰＩリクエストとインスタンスを監視ためにＩＤＳやＩＰＳシステムを使用する。
 
-
 ---
 
 ## 参照：
-- [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) - RESTful HTTP+JSON APIを構築するための有用なリソースの集まり。
 
+- [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) - RESTful HTTP+JSON APIを構築するための有用なリソースの集まり。
 
 ---
 
 # コントリビューション
+
 このリポジトリをforkして、変更し、プルリクエストを送信し、自由にコントリビューションしてください。何か質問があれば `team@shieldfy.io` まで電子メールを送ってください。
diff --git a/README-ko.md b/README-ko.md
index c549f7b..01a9c22 100644
--- a/README-ko.md
+++ b/README-ko.md
@@ -1,18 +1,20 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # API 보안 점검표
-API를 설계하고, 테스트하고, 배포할 때 고려해야 할 중요한 보안 대책에 대한 점검 목록입니다.
 
+API를 설계하고, 테스트하고, 배포할 때 고려해야 할 중요한 보안 대책에 대한 점검 목록입니다.
 
 ---
 
 ## 인증 (Authentication)
+
 - [ ] `Basic Auth`를 사용하지 말고 표준 인증방식을 사용하세요. (예로, JWT, OAuth 등)
 - [ ] `인증`, `토큰 생성`, `패스워드 저장`은 직접 개발하지 말고 표준을 사용하세요.
 - [ ] 로그인에서 `Max Retry`와 격리 기능을 사용하세요.
 - [ ] 민감한 데이터는 모두 암호화하세요.
 
 ### JWT (JSON Web Token)
+
 - [ ] 무작위 대입 공격을 어렵게 하기 위해 랜덤하고 복잡한 키값 (`JWT Secret`)을 사용하세요.
 - [ ] 요청 페이로드에서 알고리즘을 가져오지 마세요. 알고리즘은 백엔드에서 강제로 적용하세요. (`HS256` 혹은 `RS256`)
 - [ ] 토큰 만료 기간 (`TTL`, `RTTL`)은 되도록 짧게 설정하세요.
@@ -20,6 +22,7 @@ API를 설계하고, 테스트하고, 배포할 때 고려해야 할 중요한 
 - [ ] 너무 많은 데이터를 저장하지 마십시오. JWT는 일반적으로 header서 공유되며 크기 제한이 있습니다.
 
 ## 접근 (Access)
+
 - [ ] DDoS나 무작위 대입 공격을 피하려면 요청 수를 제한하세요. (Throttling)
 - [ ] MITM (중간자 공격)을 피하려면 서버 단에서 HTTPS를 사용하세요.
 - [ ] SSL Strip 공격을 피하려면 `HSTS` 헤더를 SSL과 함께 사용하세요.
@@ -29,12 +32,14 @@ API를 설계하고, 테스트하고, 배포할 때 고려해야 할 중요한 
 ## 권한 부여 (Authorization)
 
 ### OAuth
+
 - [ ] 허용된 URL만 받기 위해서는 서버 단에서 `redirect_uri`의 유효성을 항상 검증하세요.
 - [ ] 항상 토큰 대신 코드를 주고받으세요. (`response_type=token`을 허용하지 마세요)
 - [ ] OAuth 인증 프로세스에서 CSRF를 방지하기 위해 랜덤 해쉬값을 가진 `state` 파라미터를 사용하세요.
 - [ ] 디폴트 스코프를 정의하고 각 애플리케이션마다 스코프 파라미터의 유효성을 검증하세요.
 
 ## 입력 및 요청 (Input)
+
 - [ ] 각 요청의 연산에 맞는 적절한 HTTP 메서드를 사용하세요. `GET (읽기)`, `POST (생성)`, `PUT (대체/갱신)`, `DELETE (삭제)`. 그리고 요청 메소드가 리소스에 적합하지 않은 경우 `405 Method Not Allowed`로 응답하세요.
 - [ ] 여러분이 지원하는 포맷 (예를 들어 `application/xml`이나 `application/json` 등)만을 허용하려면 요청의 Accept 헤더에서 `content-type`의 유효성을 검사하고 일치하지 않으면 `406 Not Acceptable`로 응답하세요.
 - [ ] 요청받은 POST 데이터의 `content-type`을 검증하세요. (예를 들어 `application/x-www-form-urlencoded`나 `multipart/form-data` 또는 `application/json` 등)
@@ -44,6 +49,7 @@ API를 설계하고, 테스트하고, 배포할 때 고려해야 할 중요한 
 - [ ] 캐싱과 속도 제한 정책을 제공하는 API 게이트웨이 서비스 (예를 들어 `Quota`, `Spike Arrest`, `Concurrent Rate Limit`)를 사용하고, API 리소스를 동적으로 배포하세요.
 
 ## 서버 처리
+
 - [ ] 인증 프로세스가 손상되는 것을 피하기 위해 모든 엔드포인트가 인증 프로세스 뒤에서 보호되고 있는지 확인하세요.
 - [ ] 사용자 소유의 리소스 식별자는 피해야 합니다. `/user/654321/orders` 대신 `/me/orders`를 사용하세요.
 - [ ] 자동 증가 (auto-increment) 식별자 대신 `UUID`를 사용하세요.
@@ -55,6 +61,7 @@ API를 설계하고, 테스트하고, 배포할 때 고려해야 할 중요한 
 - [ ] 가능한 경우 실행 불가능한 스택을 사용하십시오.
 
 ## 반환 및 응답 (Output)
+
 - [ ] `X-Content-Type-Options: nosniff` 헤더를 반환하세요.
 - [ ] `X-Frame-Options: deny` 헤더를 반환하세요.
 - [ ] `Content-Security-Policy: default-src 'none'` 헤더를 반환하세요.
@@ -64,6 +71,7 @@ API를 설계하고, 테스트하고, 배포할 때 고려해야 할 중요한 
 - [ ] 각 작업에 맞는 적절한 상태 코드를 반환하세요. (예를 들어 `200 OK`, `400 Bad Request`, `401 Unauthorized`, `405 Method Not Allowed` 등)
 
 ## CI & CD
+
 - [ ] 단위/통합 테스트 범위로 설계 및 구현을 검토하세요.
 - [ ] 코드 리뷰 절차를 사용하고 자체 승인을 무시하세요.
 - [ ] 제품 출시전에 백신 소프트웨어로 공급 업체의 라이브러리 및 기타 종속적인 것을 포함한 서비스의 모든 구성 요소들을 정적으로 검사했는지 확인하세요.
@@ -72,20 +80,21 @@ API를 설계하고, 테스트하고, 배포할 때 고려해야 할 중요한 
 - [ ] 배포에 대한 롤백 솔루션을 설계하세요.
 
 ## 모니터링 (Monitoring)
+
 - [ ] 모든 서비스 및 구성 요소에 대해 중앙 집중식 로그인을 사용합니다.
 - [ ] 에이전트를 사용하여 모든 트래픽, 오류, 요청 및 응답을 모니터링합니다.
 - [ ] SMS, Slack, 이메일, Telegram, Kibana, Cloudwatch, 등에 대한 알림을 사용합니다.
 - [ ] 신용 카드, 비밀번호, PIN, 등과 같은 민감한 데이터를 기록하고 있지 않은지 확인하십시오.
 - [ ] IDS 및/또는 IPS 시스템을 사용하여 API 요청 및 인스턴스를 모니터링합니다.
 
-
 ---
 
 ## 참조 :
-- [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) - RESTful HTTP+JSON API를 만드는 데 유용한 자원의 콜렉션.
 
+- [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) - RESTful HTTP+JSON API를 만드는 데 유용한 자원의 콜렉션.
 
 ---
 
 # 기여하기
+
 포크, 변경, pull request를 보내 자유롭게 기여하세요. 질문은 `team@shieldfy.io`로 이메일을 보내주세요.
diff --git a/README-lo.md b/README-lo.md
index 0ba3731..6d9a01f 100644
--- a/README-lo.md
+++ b/README-lo.md
@@ -1,18 +1,20 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # API Security Checklist
-Checklist ທີ່ຕ້ອງໃຫ້ຄວາມສຳຄັນເມື່ອມີການສ້າງ API ໃນຊ່ວງການອອກແບບ ທົດສອບລະບົບ ແລະ ການປ່ອຍໃຫ້ຄົນນອກໃຊ້
 
+Checklist ທີ່ຕ້ອງໃຫ້ຄວາມສຳຄັນເມື່ອມີການສ້າງ API ໃນຊ່ວງການອອກແບບ ທົດສອບລະບົບ ແລະ ການປ່ອຍໃຫ້ຄົນນອກໃຊ້
 
 ---
 
 ## Authentication (ການພິສູດຕົວຕົນ)
+
 - [ ] ບໍ່ຄວນໃຊ້ `Basic Auth` (ການ authen ປົກກະຕິດ້ວຍ username password) ສຳລັບການພິສູດຕົວຕົນ ແຕ່ໃຫ້ໃຊ້ຮູບແບບມາດຕະຖານສາກົນແທນ(ຕົວຢ່າງ, JWT, OAuth).
 - [ ] ບໍ່ຕ້ອງເສຍເວລາສ້າງວິທີ Authentication ໃໝ່ຂຶ້ນມາ ໃຫ້ໃຊ້ທີ່ມີຢູ່ໃນມາດຕະຖານໄປເລີຍ.
 - [ ] ໃຫ້ມີການຈຳກັດຈຳນວນຄັ້ງໃນການພະຍາຍາມ authen ແລະ ສ້າງລະບົບລ໋ອກກໍລະນີພະຍາຍາມເກີນກຳນົດ.
 - [ ] ຂໍ້ມູນທີ່ສຳຄັນຄວນມີການເຂົ້າລະຫັດສະເໝີ.
 
 ### JWT (JSON Web Token)
+
 - [ ] key ໃນການ generate token ຄວນມີຄວາມສັບຊ້ອນສູງ ເພື່ອປ້ອງກັນການ brute force ຫາຕົວເຂົ້າລະຫັດ.
 - [ ] ບໍ່ຄວນມີການແກະຂໍ້ມູນ ຫຼື ຂັ້ນຕອນການຖອດຂໍ້ມູນໃນຝັ່ງ client. ໃຫ້ມີສະເພາະໃນ server ເທົ່ານັ້ນ ໂດຍອາດໃຊ້ວິທີເຂົ້າລະຫັດດ້ວຍ HS256 ຫຼື RS256 ແທນ.
 - [ ] ພະຍາຍາມໃຫ້ token ໝົດອາຍຸໄວທີ່ສຸດເທົ່າທີ່ຈະເປັນໄປໄດ້ (`TTL`, `RTTL`).
@@ -20,6 +22,7 @@ Checklist ທີ່ຕ້ອງໃຫ້ຄວາມສຳຄັນເມື່
 - [ ] ຫຼີກເວັ້ນການເກັບຮັກສາຂໍ້ມູນຫຼາຍເກີນໄປ. JWT ມັກຈະຖືກແບ່ງປັນໃນ headers ແລະພວກເຂົາມີຂອບເຂດຈໍາກັດ.
 
 ## ການເຂົ້າເຖິງ
+
 - [ ] ຈຳກັດຈຳນວນສູງສຸດຂອງ request ເພື່ອປ້ອງກັນ DDoS / Bruteforce.
 - [ ] ໃຊ້ https ເພື່ອປ້ອງກັນ MITM (Man In The Middle Attack).
 - [ ] ໃຊ້ `HSTS` header ກັບ SSL ເພື່ອປ້ອງກັນ SSL Strip attack.
@@ -29,12 +32,14 @@ Checklist ທີ່ຕ້ອງໃຫ້ຄວາມສຳຄັນເມື່
 ## Authorization
 
 ### OAuth
+
 - [ ] ມີການ validate `redirect_uri` ໃນຝັ່ງ server ໂດຍຍອມຮັບ uri ສະເພາະທີ່ມີຢູ່ໃນລີສທີ່ເຮົາເຊື່ອຖືເທົ່ານັ້ນ (whitelist).
 - [ ] ບັງຄັບໃຫ້ມີການໃຊ້ response_type ເປັນ code ສະເໝີ (ພະຍາຍາມລ່ຽງບໍ່ໃຊ້ `response_type=token`).
 - [ ] ໂຕແປ `state` ໃຫ້ໃຊ້ random hash ເພື່ອປ້ອງກັນ CSRF (Cross Site Request Forgery) ໃນຕອນ OAuth authentication.
 - [ ] ກຳນົດ scope ແລະ ມີການ validate scope ໂຕແປສຳລັບແຕ່ລະແອັບ.
 
 ## Input
+
 - [ ] ໃຊ້ຄຳສັ່ງ HTTP ຕາມ operation ທີ່ເຮັດ ເຊັ່ນ `GET (read)`, `POST (create)`, `PUT/PATCH (replace/update)` and `DELETE (to delete a record)` ແລະ ສົ່ງກັບດ້ວຍ `405 Method Not Allowed` ຖ້າບໍ່ມີການຮອງຮັບ request ດ້ວຍ method ນັ້ນໃນລະບົບ.
 - [ ] Validate `content-type` ໃນ header ຂາ request (Content Negotiation) ໂດຍຍອມໃຫ້ສົ່ງມາສະເພາະ format ທີ່ກຳນົດ (ຕົວຢ່າງ, `application/xml`, `application/json` ... ໆລໆ) ແລະ ຕອບກັບດ້ວຍ `406 Not Acceptable` ຖ້າ format ທີ່ສົ່ງມາບໍ່ຖືກ.
 - [ ] Validate `content-type` ຂອງ data ທີ່ຮັບມາທຸກຄັ້ງ(ຕົວຢ່າງ, `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json` ... ໆລໆ).
@@ -44,6 +49,7 @@ Checklist ທີ່ຕ້ອງໃຫ້ຄວາມສຳຄັນເມື່
 - [ ] ເຮັດ API Gateway ເພື່ອໃຫ້ສາມາດເຮັດ caching, Rate Limit, Spike Arrest, ແລະ ຈັດການຊັບພະຍາກອນສຳລັບ API ໄດ້ຢ່າງຍືດຍຸ່ນ.
 
 ## Processing
+
 - [ ] ກວດເບິ່ງວ່າ endpoints ທຸກຈຸດຢູ່ພາຍໃຕ້ authentication ເພື່ອປ້ອງກັນຊ່ອງໂຫວ່ທີ່ເຮັດໃຫ້ຄົນອື່ນມາເອີ້ນໃຊ້ໂດຍບໍ່ຈຳເປັນຕ້ອງພິສູດຕົວຕົນ.
 - [ ] ບໍ່ຄວນນຳ resource ID ຂອງ user ໄປໃຊ້ (`/user/654321/orders`) ແຕ່ໃຫ້ໄປໃຊ້ແບບ `/me/orders` ແທນ ເພື່ອປ້ອງກັນ user ປ່ຽນໄປໃຊ້ຂອງຄົນອື່ນ.
 - [ ] ເລກ ID ຂອງ user ບໍ່ຄວນມີການສ້າງແບບໄລ່ລຳດັບໄປເລື້ອຍໆ ແຕ່ໃຫ້ສ້າງ UUID ແທນ.
@@ -55,6 +61,7 @@ Checklist ທີ່ຕ້ອງໃຫ້ຄວາມສຳຄັນເມື່
 - [ ] ໃຊ້ stacks ທີ່ບໍ່ສາມາດປະຕິບັດໄດ້ເມື່ອມີ.
 
 ## Output
+
 - [ ] ຕັ້ງ `X-Content-Type-Options: nosniff` ໃນ header.
 - [ ] ຕັ້ງ`X-Frame-Options: deny` ໃນ header.
 - [ ] ຕັ້ງ `Content-Security-Policy: default-src 'none'` ໃນ header.
@@ -64,6 +71,7 @@ Checklist ທີ່ຕ້ອງໃຫ້ຄວາມສຳຄັນເມື່
 - [ ] ຕອບ status code ທີ່ກົງກັບ operation ກັບໄປ (ຕົວຢ່າງ, `200 OK`, `400 Bad Request`, `401 Unauthorized`, `405 Method Not Allowed` ... ໆລໆ).
 
 ## CI & CD
+
 - [ ] ກວດສອບ design ກັບ implementation ໃນຂັ້ນ unit/integration test ຢ່າງຄອບຄຸມ.
 - [ ] ໃຫ້ໃຊ້ code review process ບໍ່ແມ່ນວ່າໂຕເອງພໍໃຈກໍໂອເຄແລ້ວ.
 - [ ] ໝັ້ນໃຈວ່າທຸກຢ່າງ service ປອດໄວລັດແລ້ວກ່ອນຈະນຳຂຶ້ນ production ລວມໄປເຖິງ lib ຂອງພວກ vendor ກັບ dependencies ອື່ນໆ ອີກດ້ວຍ.
@@ -72,20 +80,21 @@ Checklist ທີ່ຕ້ອງໃຫ້ຄວາມສຳຄັນເມື່
 - [ ] ອອກແບບວິທີ rollback ໄວ້ກ່ອນຈະນຳຂຶ້ນໄປ ເພາະເວລາເກີດບັນຈະໄດ້ຍ້ອນກັບມາໃຊ້ version ເກົ່າໄປກ່ອນໄດ້ (ອາດເຈິໄດ້ຫຼາຍໃນຕອນພັດທະນາ feature ໃໝ່ໆ).
 
 ## ການຕິດຕາມ
+
 - [ ] ໃຊ້ການເຂົ້າສູ່ລະບົບແບບສູນກາງສຳລັບທຸກ services ແລະ components.
 - [ ] ໃຊ້ agents ເພື່ອການຕິດຕາມ traffic ທັງໝົດ, ບັນຫາ, requests ແລະ reponses.
 - [ ] ໃຊ້ແຈ້ງເຕືອນສຳລັບ SMS, Slack, Email, Telegram, Kibana, Cloudwatch, ແລະ ອື່ນໆ.
 - [ ] ໝັ້ນໃຈວ່າທ່ານບໍ່ໄດ້ເຂົ້າເຖິງຂໍ້ມູນ sensitive ຕົວຢ່າງ ບັດເຄດິດ, ລະຫັດ, ລະຫັດບັດ ແລະ ອື່ນໆ.
 - [ ] ນຳໃຊ້ IDS ແລະ/ຫຼື ລະບະບົ IPS ເພື່ອຕິດຕາມ API requests ແລະ intances ຂອງທ່ານ.
 
-
 ---
 
 ## ເບິ່ງສິ່ງນີ້ດ້ວຍ:
-- [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) - ຊຸດແຫຼ່ງຂໍ້ມູນທີ່ເປັນປະໂຫຍດໃນການສ້າງ API RESTful HTTP+JSON.
 
+- [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) - ຊຸດແຫຼ່ງຂໍ້ມູນທີ່ເປັນປະໂຫຍດໃນການສ້າງ API RESTful HTTP+JSON.
 
 ---
 
 # ມີສ່ວນຮ່ວມ
+
 ບໍ່ຕ້ອງລັງເລທີຈະມີສ່ວນຮ່ວມໂດຍການ fork repository ນີ້, ປ່ຽນແປງບາງຢ່າງ ແລະ submit pull request. ສຳລັບຄຳຖາມເພີ່ມເຕີມແມ່ນສົ່ງມາທີອີເມວນີ້ `team@shieldfy.io`.
diff --git a/README-mk.md b/README-mk.md
index fddb5fd..acd95b4 100644
--- a/README-mk.md
+++ b/README-mk.md
@@ -1,18 +1,20 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # API Безбедносна контролна листа
-Безбедносна контролна листа од најважните безбедносни контрамерки при дизајнирање, тестирање и пуштање во употреба на вашето API.
 
+Безбедносна контролна листа од најважните безбедносни контрамерки при дизајнирање, тестирање и пуштање во употреба на вашето API.
 
 ---
 
 ## Автентикација
+
 - [ ] Не користете `Basic Auth` Користете стандардна автентикација (п.р. [JWT](https://jwt.io/), [OAuth](https://oauth.net/)).
 - [ ] Не измислувајте топла вода за `Authentication`, `generation token`, `password storage`. Користете ги стандардите.
 - [ ] Користете `Max Retry` и затворските функции во Login.
 - [ ] Користете енкрипција на сите чувствителни податоци.
 
 ### JWT (JSON Web Token)
+
 - [ ] Користете случајно генериран и комплициран клуч (`JWT Secret`) за да направите што можно потешко погодување на токенот со испробување на секоја можна комбинација.
 - [ ] Не го извлекувајте алгоритмот од носивост. Присилете го алгоритмот во задниот дел (`HS256` или `RS256`).
 - [ ] Направете токенот да истече (`TTL`, `RTTL`) што е можно побрзо.
@@ -20,6 +22,7 @@
 - [ ] Избегнувајте да складирате премногу податоци. JWT обично се дели во header и тие имаат ограничување на големината.
 
 ## Пристап
+
 - [ ] Ограничете ги барањата (забавување) за да избегнете напади DDoS / brute-force.
 - [ ] Користете HTTPS на страната на серверот за да избегнете MITM (Man In The Middle Attack).
 - [ ] Користете `HSTS` насловот со SSL за да избегнете SSL Strip напад.
@@ -29,12 +32,14 @@
 ## Овластување
 
 ### OAuth
+
 - [ ] Секогаш проверувајте ја `redirect_uri` од страна на серверот за да дозволите само бела листа на адреси.
 - [ ] Секогаш обидувајте се да разменувате за код, а не токени (не дозволувајте `response_type = token`).
 - [ ] Користете `state` параметар со случаен хаш за да се спречи CSRF на процесот на автентикација на OAuth.
 - [ ] Дефинирајте го основниот опсег и проверете ги параметрите на опсегот за секоја апликација.
 
 ## Влез
+
 - [ ] Користете ја соодветната HTTP-метод според операцијата: "GET (read)", "POST (создади)", "PUT / PATCH (замени / ажурирај)" и "DELETE (за бришење на запис) 405 Метод не е дозволено` ако бараниот метод не е соодветен за бараниот ресурс.
 - [ ] Потврдете `content-type` на барање Accept header (Content Negotiation) за да го дозволите само вашиот поддржан формат (на пр.`application/xml`, `application/json`, итн) И да одговори со 406 Not Acceptable` одговор ако не се совпаѓа.
 - [ ] Потврдете ги `content-type` на објавените податоци што ги прифаќате (на пр., `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json`, итн.).
@@ -44,6 +49,7 @@
 - [ ] Користете API Gateway-услуга за да овозможите кеширање, политики за ограничување на тарифите (пр. `Quota`, `Spike Arrest`, `Concurrent Rate Limit`) и динамички да ги распоредите ресурсите за API-то.
 
 ## Обработка
+
 - [ ] Проверете дали сите крајните точки се заштитени зад автентичност за да се избегне скршен процес на автентикација.
 - [ ] Треба да се избегнува идентификација на сопствени ресурси на сопственикот. Користете `/ me / orders` наместо` / user / 654321 / orders`.
 - [ ] Не автоматско зголемување на ID-ите. Наместо тоа, употребете `UUID`.
@@ -55,6 +61,7 @@
 - [ ] Користете неизвршни stack кога е достапно.
 
 ## Излез
+
 - [ ] Праќај `X-Content-Type-Options: nosniff` хедер.
 - [ ] Праќај `X-Frame-Options: deny` хедер.
 - [ ] Праќај `Content-Security-Policy: default-src 'none'` хедер.
@@ -64,6 +71,7 @@
 - [ ] Врати го соодветниот код за статусот според завршената операција. (п.р. `200 OK`, `400 Bad Request`, `401 Unauthorized`, `405 Method Not Allowed`, итн).
 
 ## CI & CD
+
 - [ ] Ревизија на вашиот дизајн и имплементација со покриеност тестови за единица / интеграција.
 - [ ] Користете процес на прегледување на кодот и не дозволувајте самоодобрување.
 - [ ] Осигурајте се дека сите компоненти на вашите услуги се статички скенирани од AV-софтверот пред да се изврши притисок за производство, вклучувајќи библиотеки на продавачи и други зависности.
@@ -72,20 +80,21 @@
 - [ ] Дизајн на rollback за во продукција.
 
 ## Мониторинг
+
 - [ ] Користете централизирани логин за сите услуги и компоненти.
 - [ ] Користете агенти за следење на целиот сообраќај, грешки, барања и одговори.
 - [ ] Користете предупредувања за SMS, Slack, Е-пошта, Telegram, Kibana, Cloudwatch, итн.
 - [ ] Осигурете се дека не внесувате чувствителни податоци како кредитни картички, лозинки, PIN-кодови, итн.
 - [ ] Користете IDS и/или IPS систем за следење на вашите барања и примери на API.
 
-
 ---
 
 ## Исто така види:
-- [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) - A collection of useful resources for building RESTful HTTP+JSON APIs.
 
+- [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) - A collection of useful resources for building RESTful HTTP+JSON APIs.
 
 ---
 
 # Придонес
+
 Слободно можете да придонесете со forking на ова repository, правење некои промени и поднесување pull request. За какви било прашања испратете ни е-пошта на `team@shieldfy.io`.
diff --git a/README-ml.md b/README-ml.md
index 514cd6f..9b4c889 100644
--- a/README-ml.md
+++ b/README-ml.md
@@ -1,18 +1,20 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # API സുരക്ഷാ ചെക്ക്‌ലിസ്റ്റ്
-നിങ്ങളുടെ API ഡിസൈൻ ചെയ്യുമ്പോഴും ടെസ്റ്റ് ചെയ്യുമ്പോഴും റിലീസ് ചെയ്യുമ്പോഴും പാലിക്കേണ്ട ഏറ്റവും പ്രധാനപ്പെട്ട സുരക്ഷാ പ്രതിരോധ നടപടികളുടെ ചെക്ക്‌ലിസ്റ്റ്.
 
+നിങ്ങളുടെ API ഡിസൈൻ ചെയ്യുമ്പോഴും ടെസ്റ്റ് ചെയ്യുമ്പോഴും റിലീസ് ചെയ്യുമ്പോഴും പാലിക്കേണ്ട ഏറ്റവും പ്രധാനപ്പെട്ട സുരക്ഷാ പ്രതിരോധ നടപടികളുടെ ചെക്ക്‌ലിസ്റ്റ്.
 
 ---
 
 ## ഒതെന്റിക്കേഷൻ
+
 - [ ] `Basic Auth` ഉപയോഗിക്കരുത്. പകരം സ്റ്റാൻഡേർഡ് ഓതെന്റിക്കേഷൻ ഉപയോഗിക്കുക (e.g. [JWT](https://jwt.io/), [OAuth](https://oauth.net/)).
 - [ ] `Authentication`, `token generation`, `password storage` എന്നിവയിൽ മുമ്പ് സൃഷ്ടിച്ച അടിസ്ഥാന രീതിയുടെ ആവർത്തനം ഉണ്ടാകരുത്. മാനദണ്ഡങ്ങൾ പാലിക്കുക.
 - [ ] ലോഗിനിൽ `Max Retry` യും ജയിൽ ഫീച്ചേഴ്സും ഉപയോഗിക്കുക.
 - [ ] എല്ലാ സെൻസിറ്റീവ് ഡാറ്റയിലും എൻക്രിപ്ഷൻ ഉപയോഗിക്കുക.
 
 ### JWT (JSON വെബ് ടോക്കൺ)
+
 - [ ] ഒരു റാൻഡം കോംപ്ലിക്കേറ്റഡ് കീ ( `JWT Secret`) ഉപയോഗിച്ച് ടോക്കണിനെ ബ്രൂട്ട് ഫോഴ്‌സ് ചെയ്യുന്നത് ബുദ്ധിമുട്ടുള്ളതാക്കാം.
 - [ ] ഹെയ്ഡറിൽ നിന്ന് അൽഗോരിതം വേര്തിരിച്ചെടുക്കരുത്. അൽഗോരിതത്തെ ബേക്ക്എന്റിൽ തന്നെ നിലനിർത്തുക (`HS256` അല്ലെങ്കിൽ `RS256`).
 - [ ] ടോക്കൺ കാലഹരണപ്പെടൽ (` TTL`, `RTTL`) കഴിയുന്നത്ര ചെറുതാക്കുക.
@@ -20,6 +22,7 @@
 - [ ] വളരെയധികം ഡാറ്റ സൂക്ഷിക്കുന്നത് ഒഴിവാക്കുക. JWT സാധാരണയായി headerകളിൽ പങ്കിടുന്നു, അവയ്‌ക്ക് വലുപ്പ പരിധിയുണ്ട്.
 
 ## ആക്സസ്
+
 - [ ] DDoS / ബ്രൂട്ട്-ഫോഴ്സ് ആക്രമണങ്ങൾ ഒഴിവാക്കാൻ റിക്വറ്റുകൾ (ത്രോട്ടിലിംഗ്) പരിമിതപ്പെടുത്തുക.
 - [ ] MITM (മാൻ ഇൻ ദ മിഡിൽ അറ്റാക്ക്) ഒഴിവാക്കാൻ സെർവർ സൈഡിൽ HTTPS ഉപയോഗിക്കുക.
 - [ ] SSL സ്ട്രിപ്പ് ആക്രമണം ഒഴിവാക്കാൻ SSL-നൊപ്പം `HSTS` ഹെഡർ ഉപയോഗിക്കുക.
@@ -29,12 +32,14 @@
 ## Authorization
 
 ### OAuth
+
 - [ ] വൈറ്റ്‌ലിസ്റ്റ് ചെയ്‌ത URL-കൾ മാത്രം അനുവദിക്കുന്നതിന് സെർവർ സൈഡിൽ എല്ലായ്‌പ്പോഴും `redirect_uri` സാധൂകരിക്കുക.
 - [ ] എപ്പോഴും ടോക്കണുകൾ കൈമാറാതെ പകരം കോഡുകൾ കൈമാറാൻ ശ്രമിക്കുക (`response_type=token` അനുവദിക്കരുത്).
 - [ ] `state` പരാമീറ്ററിനോടൊപ്പം ഒരു റാൻഡം ഹാഷ് ഉപയോഗിച്ച് OAuth ഓതെന്റിക്കേഷൻ പ്രോസസ്സിലെ `CSRF` തടയാനാവും.
 - [ ] ഓരോ ആപ്ലിക്കേഷനും ഡിഫോൾട്ട് സ്കോപ്പ് നിർവചിക്കുകയും സ്കോപ്പ് പാരാമീറ്ററുകൾ സാധൂകരിക്കുകയും ചെയ്യുക.
 
 ## ഇൻപുട്ട്
+
 - [ ] പ്രവർത്തനത്തിനനുസരിച്ച് ശരിയായ HTTP രീതി ഉപയോഗിക്കുക: `GET (read)`, `POST (create)`, `PUT/PATCH (replace/update)`, and `DELETE (to delete a record)`, അഭ്യർത്ഥിച്ച ഉറവിടത്തിന് അഭ്യർത്ഥിച്ച രീതി അനുയോജ്യമല്ലെങ്കിൽ `405 Method Not Allowed` എന്ന് പ്രതികരിക്കുക.
 - [ ] Accept ഹെഡ്‍ർ (കണ്ടെന്റ് നെഗോഷിയേഷൻ) അവശ്യപെടുന്നതിനനുസരിച്ചു `content-type` വാലിഡേറ്റ് ചെയ്യുകയും സപ്പോർട്ട് ചെയ്യുന്ന ഫോർമാറ്റുകൾ മാത്രം അനുവദിക്കുകയും (ഉദാ. `application/xml`, `application/json`, മുതലായവ) പൊരുത്തപ്പെടുന്നില്ലെങ്കിൽ `406 Not Acceptable` എന്ന റെസ്പോൻഡ്‌സ് ഉപയോഗിച്ച് പ്രതികരിക്കുകയും ചെയ്യുക.
 - [ ] പോസ്റ്റ് ചെയ്‌ത ടാറ്റായുടെ `content-type` നിങ്ങൾ അനുവദിക്കുന്നതതിനനുസരിച് വാലിഡേറ്റ് ചെയ്യുക. (ഉദാ: `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json`, മുതലായവ).
@@ -44,6 +49,7 @@
 - [ ] കാഷിംഗ്, നിരക്ക് പരിധി നയങ്ങൾ (ഉദാ. `Quota`, `Spike Arrest`, `Concurrent Rate Limit`) എന്നിവ പ്രവർത്തനക്ഷമമാക്കുന്നതിനും API-കളുടെ ഉറവിടങ്ങൾ ചലനാത്മകമായി വിന്യസിക്കുന്നതിനും ഒരു API ഗേറ്റ്‌വേ സേവനം ഉപയോഗിക്കുക.
 
 ## പ്രോസസ്സിംഗ്
+
 - [ ] തകർന്ന ഓതെന്റിക്കേഷൻ പ്രക്രിയ ഒഴിവാക്കാൻ എല്ലാ എൻഡ് പോയിന്റുകളും ഓതെന്റിക്കേഷൻന് പിന്നിൽ പരിരക്ഷിച്ചിട്ടുണ്ടോയെന്ന് പരിശോധിക്കുക.
 - [ ] ഉപയോക്താവിന്റെ സ്വന്തം റിസോഴ്സ് ഐഡി ഒഴിവാക്കണം. `/me/orders` പകരം `/user/654321/orders` ഉപയോഗിക്കുക.
 - [ ] ഐഡികൾ ഓട്ടോ-ഇൻക്രിമെന്റ് ചെയ്യരുത്. പകരം `UUID` ഉപയോഗിക്കുക.
@@ -55,6 +61,7 @@
 - [ ] ലഭ്യമാകുമ്പോൾ എക്സിക്യൂട്ടബിൾ അല്ലാത്ത stackകൾ ഉപയോഗിക്കുക.
 
 ## ഔട്ട്പുട്ട്
+
 - [ ] `X-Content-Type-Options: nosniff` ഹെഡ്‍ർ അയയ്ക്കുക.
 - [ ] `X-Frame-Options: deny` ഹെഡ്‍ർ അയയ്ക്കുക.
 - [ ] `Content-Security-Policy: default-src 'none'` ഹെഡ്‍ർ അയയ്ക്കുക.
@@ -64,6 +71,7 @@
 - [ ] പൂർത്തിയാക്കിയ പ്രവർത്തനത്തിനനുസരിച്ച് ശരിയായ സ്റ്റാറ്റസ് കോഡ് തിരികെ നൽകുക. (ഉദാ: `200 OK`, `400 Bad Request`, `401 Unauthorized`, `405 Method Not Allowed`, മുതലായവ).
 
 ## CI & CD
+
 - [ ] unit/integration tests കോവേജ് ഉപയോഗിച്ച് നിങ്ങളുടെ ഡിസൈനും ഇമ്പലമെന്റാഷനും ഔഡിഡ് ചെയ്യുക.
 - [ ] ഒരു കോഡ് റിവ്യൂ പ്രക്രിയ ഉപയോഗിക്കുക, സ്വയം അംഗീകാരം അവഗണിക്കുക.
 - [ ] വെണ്ടർ ലൈബ്രറികളും മറ്റ് ഡിപൻഡൻസികളും ഉൾപ്പെടെ ഉൽപ്പാദനത്തിലേക്ക് നീങ്ങുന്നതിന് മുമ്പ് നിങ്ങളുടെ സേവനങ്ങളുടെ എല്ലാ ഘടകങ്ങളും എവി സോഫ്‌റ്റ്‌വെയർ സ്ഥിരമായി സ്കാൻ ചെയ്തിട്ടുണ്ടെന്ന് ഉറപ്പാക്കുക.
@@ -72,20 +80,21 @@
 - [ ] ഡിപ്ലോയ്‌മെന്റിനായി ഒരു റോൾബാക്ക് പരിഹാരം രൂപകൽപ്പന ചെയ്യുക.
 
 ## Monitoring
+
 - [ ] എല്ലാ സേവനങ്ങൾക്കും ഘടകങ്ങൾക്കുമായി കേന്ദ്രീകൃത ലോഗിനുകൾ ഉപയോഗിക്കുക.
 - [ ] എല്ലാ ട്രാഫിക്കും എററുകളും റിക്യുസ്റ്റുകളും റെസ്പോണ്ട്സുകളും നിരീക്ഷിക്കാൻ ഏജന്റ്സ് ഉപയോഗിക്കുക.
 - [ ] SMS, Slack, Email, Telegram, Kibana, Cloudwatch മുതലായവയ്‌ക്കായി അലേർട്ടുകൾ ഉപയോഗിക്കുക.
 - [ ] ക്രെഡിറ്റ് കാർഡുകൾ, പാസ്‌വേഡുകൾ, പിന്നുകൾ മുതലായവ പോലുള്ള സെൻസിറ്റീവ് ഡാറ്റയൊന്നും നിങ്ങൾ ലോഗ് ചെയ്യുന്നില്ലെന്ന് ഉറപ്പാക്കുക.
 - [ ] നിങ്ങളുടെ API റിക്യുസ്റ്റുകളും ഇൻസ്റ്റൻസുകളും നിരീക്ഷിക്കാൻ ഒരു IDS കൂടാതെ/അല്ലെങ്കിൽ IPS സിസ്റ്റം ഉപയോഗിക്കുക.
 
-
 ---
 
 ## ഇതും കാണുക:
-- [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) - RESTful HTTP+JSON API-കൾ നിർമ്മിക്കുന്നതിനുള്ള ഉപയോഗപ്രദമായ വിഭവങ്ങളുടെ ഒരു ശേഖരം.
 
+- [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) - RESTful HTTP+JSON API-കൾ നിർമ്മിക്കുന്നതിനുള്ള ഉപയോഗപ്രദമായ വിഭവങ്ങളുടെ ഒരു ശേഖരം.
 
 ---
 
 # സംഭാവന
+
 ഈ ശേഖരം ഫോർക്ക് ചെയ്തും ചില മാറ്റങ്ങൾ വരുത്തിയും പുൾ അഭ്യർത്ഥനകൾ സമർപ്പിച്ചും സംഭാവന ചെയ്യാൻ മടിക്കേണ്ടതില്ല. എന്തെങ്കിലും ചോദ്യങ്ങൾക്ക് ഞങ്ങൾക്ക് ഒരു ഇമെയിൽ അയയ്ക്കുക `team@shieldfy.io`.
diff --git a/README-mn.md b/README-mn.md
index 11fc331..a66ad97 100644
--- a/README-mn.md
+++ b/README-mn.md
@@ -1,18 +1,20 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # API Аюулгүйн жагсаалт
-API гаргах, загварчлах, тестлэхэд аюулгүйн талаас авах сөрөг арга хэмжээний жагсаалт.
 
+API гаргах, загварчлах, тестлэхэд аюулгүйн талаас авах сөрөг арга хэмжээний жагсаалт.
 
 ---
 
 ## Authentication
+
 - [ ] `Basic Auth` бүү ашигла, Стандарт authentication ашигла (Жнь. [JWT](https://jwt.io/), [OAuth](https://oauth.net/)).
 - [ ] `Authentication` -ын `token generation`, `password storage` зэргийг бүү дахин шинээр хий, стандарт ашигла.
 - [ ] Нэвтрэх(Login) үед `Max Retry` ашиглан хорилт хий.
 - [ ] Чухал өгөгдлүүдийг encrupt хий.
 
 ### JWT (JSON Web Token)
+
 - [ ] Санамсаргүй үүссэн түлхүүр (`JWT Secret`) ашиглаж token -ыг brute force -оос хамгаал.
 - [ ] Payload -аас алгоритмаа бүү задал. Backend дээрээ хий (`HS256` эсвэл `RS256`).
 - [ ] Токен дуусах хугацаа (`TTL`, `RTTL`) аль болох бага болго.
@@ -20,6 +22,7 @@ API гаргах, загварчлах, тестлэхэд аюулгүйн та
 - [ ] Хэт их мэдээлэл хадгалахаас зайлсхий. JWT нь ихэвчлэн headers хэсэгт хуваагддаг бөгөөд тэдгээр нь хэмжээ хязгаартай байдаг.
 
 ## Access
+
 - [ ] Хүсэлтийн тоог хязгаарлаж (Throttling) DDoS / brute-force дайралтаас хамгаална.
 - [ ] HTTPS ашиглаж сервер талдаа MITM (Man In The Middle Attack) дайралтаас хамгаална.
 - [ ] `HSTS` header -ыг SSL дээр ашиглаж SSL Strip дайралтаас хамгаална.
@@ -29,12 +32,14 @@ API гаргах, загварчлах, тестлэхэд аюулгүйн та
 ## Authorization
 
 ### OAuth
+
 - [ ] `redirect_uri` -ыг үргэлж сервер талд шалган зөвшөөрөгдсөн URL эсэхийг шалга.
 - [ ] Аль болох токен биш код солилц (`response_type=token` -ыг зөвшөөрч болохгүй).
 - [ ] OAuth authentication -ын үед `state` параметрийг санамсаргүй үүссэн hash ашиглан CSRF ээс сэргийлнэ.
 - [ ] Хувьсагчид анхны утга заавал оноож өг, утгыг байнга шалга.
 
 ## Input
+
 - [ ] Яг зөв HTTP хүсэлтийг ашигла: `GET (унших)`, `POST (үүсгэх)`, `PUT/PATCH (орлуулах/солих)`, мөн `DELETE (устгах)`, бас `405 Method Not Allowed` -ыг хүсэлтийн төрөл тодорхойгүй үед ашигла.
 - [ ] `content-type` -ыг хүсэлтийн header (Content Negotiation) дээр шалгаж зөвхөн дэмжигдсэн төрлийг зөвшөөр (Жнь. `application/xml`, `application/json`, гэх мэт) бас төрөл нь таарахгүй бол `406 Not Acceptable` хариу буцаа.
 - [ ] `content-type` -ыг post хийх өгөгдөл дээр шалга (Жнь. `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json`, г.м).
@@ -44,6 +49,7 @@ API гаргах, загварчлах, тестлэхэд аюулгүйн та
 - [ ] API Gateway үйлчилгээ ашиглан Rate Limit Policies (Жнь. `Quota`, `Spike Arrest`, `Concurrent Rate Limit`) болон cache хийх, мөн API deploy хийхэд ашигла.
 
 ## Processing
+
 - [ ] Нэвтрэх явцад алдаа гарахаас сэргийлж бүх endpoint -уудыг нэвтрэх шаардлагатай эсэхийг шалгах.
 - [ ] Хэрэглэгчийн ID ашиглахаас зайлсхийх. `/user/654321/orders` үүний оронд `/me/orders` ашиглах.
 - [ ] Автоматаар нэмэгдэх ID бүү ашигла. `UUID` ашигла.
@@ -55,6 +61,7 @@ API гаргах, загварчлах, тестлэхэд аюулгүйн та
 - [ ] Боломжтой үед гүйцэтгэх боломжгүй stack ашигла.
 
 ## Output
+
 - [ ] `X-Content-Type-Options: nosniff` header дээр явуул.
 - [ ] `X-Frame-Options: deny` header дээр явуул.
 - [ ] `Content-Security-Policy: default-src 'none'` header дээр явуул.
@@ -64,6 +71,7 @@ API гаргах, загварчлах, тестлэхэд аюулгүйн та
 - [ ] Тухайн ажилд тохирсон статус код илгээх. (Жнь. `200 OK`, `400 Bad Request`, `401 Unauthorized`, `405 Method Not Allowed`, г.м).
 
 ## CI & CD
+
 - [ ] unit/integration тест ашиглан системийн загварчлал, хэрэгжилтийг шалгах.
 - [ ] Код шалгалт ашигла, мөн өөрөө өөрийгөө ч шалга.
 - [ ] Бүх тусдаа хэсгүүд бүр vendor сан, бусад нэмэлт сангууд бүгдийг нь AV програмаар статикаар шалга.
@@ -72,20 +80,21 @@ API гаргах, загварчлах, тестлэхэд аюулгүйн та
 - [ ] Ямар ч үед deploy хийхэд амар шийдэл гаргах.
 
 ## Monitoring
+
 - [ ] Use centralized logins for all services and components.
 - [ ] Use agents to monitor all traffic, errors, requests, and responses.
 - [ ] Use alerts for SMS, Slack, Email, Telegram, Kibana, Cloudwatch, etc.
 - [ ] Ensure that you aren't logging any sensitive data like credit cards, passwords, PINs, etc.
 - [ ] Use an IDS and/or IPS system to monitor your API requests and instances.
 
-
 ---
 
 ## Мөн үзнэ үү:
-- [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) - RESTful HTTP+JSON API-г бүтээхэд хэрэгтэй нөөцүүдийн цуглуулга.
 
+- [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) - RESTful HTTP+JSON API-г бүтээхэд хэрэгтэй нөөцүүдийн цуглуулга.
 
 ---
 
 # Оролцоо
+
 Энэ рэпод оролцох бол fork хийж өөрчлөлтөө оруулаад pull request үүсгэнэ үү. Асуулт байвал бидэнтэй холбогдоорой `team@shieldfy.io`.
diff --git a/README-nl.md b/README-nl.md
index e98a11c..91a6d05 100644
--- a/README-nl.md
+++ b/README-nl.md
@@ -1,18 +1,20 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # API Security Checklist
-Checklist met de belangrijkste tegenmaatregelen bij het ontwerpen, testen en uitbrengen van een API.
 
+Checklist met de belangrijkste tegenmaatregelen bij het ontwerpen, testen en uitbrengen van een API.
 
 ---
 
 ## Authenticatie
+
 - [ ] Gebruik geen `Basic Auth` Gebruik industrie standaarden (v.b. JWT, OAuth).
 - [ ] Vind het wiel niet opnieuw uit voor `Authenticatie`, `Genereren van Tokens` en `Opslaan van Wachtwoorden`. Gebruik de standaarden.
 - [ ] Gebruik `Max Retry` en Jail features in de login.
 - [ ] Encrypt alle gevoelige data.
 
 ### JWT (JSON Web Token)
+
 - [ ] Gebruik random ingewikkelde keys (`JWT Secret`) om brute forcing lastiger te maken.
 - [ ] Haal het algoritme niet uit de payload. Dwing het algoritme af in de backend (`HS256` of `RS256`).
 - [ ] Zet de token vervaltijd (`TTL`, `RTTL`) zo kort mogelijk.
@@ -20,6 +22,7 @@ Checklist met de belangrijkste tegenmaatregelen bij het ontwerpen, testen en uit
 - [ ] Vermijd het opslaan van te veel gegevens. JWT wordt meestal gedeeld in headers en ze hebben een maximale grootte.
 
 ## Toegang
+
 - [ ] Limiteer het aantal requests om DDoS en/of Bruteforce aanvallen te ontkrachten.
 - [ ] Gebruik HTTPS aan de server zijde om MITM (Man In The Middle Attacks) tegen te gaan.
 - [ ] Gebruik de `HSTS` header i.c.m SSL om een SSL Strip attack te ontkrachten.
@@ -29,12 +32,14 @@ Checklist met de belangrijkste tegenmaatregelen bij het ontwerpen, testen en uit
 ## Authorization
 
 ### OAuth
+
 - [ ] Valideer **ALTIJD** de `redirect_uri` op de server om alleen toegestane URL te accepteren.
 - [ ] Probeer altijd een exchange voor code, niet voor tokens (sta `response_type=token` niet toe).
 - [ ] Gebruik de `state` parameter met een random hash om CSRF op een OAuth authentication process te voorkomen.
 - [ ] Definieer een standaard scope, en valideer deze scope parameter voor elke applicatie.
 
 ## Invoer
+
 - [ ] Gebruik de correcte HTTP methode voor de operatie, `GET (lezen)`, `POST (schrijven)`, `PUT (vervangen/updaten)` and `DELETE (verwijderen)`.
 - [ ] Valideer de `content-type` header bij een request Accept header (Content Negotiation) om alleen de ondersteunde formaten toe te staan (b.v. `application/xml`, `application/json` ... enz) en stuur een `406 Not Acceptable` response als de `content-type` niet ondersteund is.
 - [ ] Valideer de `content-type` header van gestuurde data (b.v. `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json` ... enz).
@@ -44,6 +49,7 @@ Checklist met de belangrijkste tegenmaatregelen bij het ontwerpen, testen en uit
 - [ ] Gebruik een API Gateway service voor caching, policies (b.v. `Quota`, `Spike Arrest`, `Concurrent Rate Limit`) en voor het dynamisch deployen van API middelen.
 
 ## Processing
+
 - [ ] Controleer dat alle endpoints zijn beschermd achter de authenticatie om het omzeilen van authenticatie te voorkomen.
 - [ ] Gebruik `/me/orders` i.p.v. `/user/654321/orders` om het 'lekken' van id's te voorkomen.
 - [ ] Gebruik geen auto increment id's. Maak gebruik van `UUID`.
@@ -55,6 +61,7 @@ Checklist met de belangrijkste tegenmaatregelen bij het ontwerpen, testen en uit
 - [ ] Gebruik niet-uitvoerbare stacks indien beschikbaar.
 
 ## Output
+
 - [ ] Stel de `X-Content-Type-Options: nosniff` header in.
 - [ ] Stel de `X-Frame-Options: deny` header in.
 - [ ] Stel de `Content-Security-Policy: default-src 'none'` header in.
@@ -64,6 +71,7 @@ Checklist met de belangrijkste tegenmaatregelen bij het ontwerpen, testen en uit
 - [ ] Geef de correcte HTTP antwoord code terug op basis van de uitgevoerde operatie (v.b. `200 OK`, `400 Bad Request`, `401 Unauthorized`, `405 Method Not Allowed` ... enz).
 
 ## CI & CD
+
 - [ ] Controleer het ontwerp en de implementatie met unit/integration test dekking.
 - [ ] Gebruik een code review traject en controleer niet zelf je eigen code.
 - [ ] Scan de API voor het naar productie zetten door AV software, niet alleen eigen code maar ook de libraries en andere gebruikte dependencies.
@@ -72,22 +80,23 @@ Checklist met de belangrijkste tegenmaatregelen bij het ontwerpen, testen en uit
 - [ ] Ontwikkel een terugrol oplossing.
 
 ## Monitoring
+
 - [ ] Gebruik gecentraliseerde aanmeldingen voor alle services en componenten.
 - [ ] Gebruik agents om al het verkeer, fouten, verzoeken en reacties te monitoren.
 - [ ] Gebruik waarschuwingen voor SMS, Slack, E-mail, Telegram, Kibana, Cloudwatch, etc.
 - [ ] Zorg ervoor dat u geen gevoelige gegevens registreert, zoals creditcards, wachtwoorden, pincodes, enz.
 - [ ] Gebruik een IDS- en/of IPS-systeem om uw API-verzoeken en instanties te monitoren.
 
-
 ---
 
 ## Zie ook:
-- [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) - Een verzameling nuttige bronnen voor het bouwen van RESTful HTTP+JSON API's.
 
+- [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) - Een verzameling nuttige bronnen voor het bouwen van RESTful HTTP+JSON API's.
 
 ---
 
 Translation by | Vertaling door :[S.Holzhauer](https://github.com/SHolzhauer)
 
 # Contribution
+
 Voel u vrij om bij te helpen door deze repository te fork, wijzigingen aan te brengen, en pull requests in te dienen. Voor vragen kunt u ons mailen op `team@shieldfy.io`.
diff --git a/README-pl.md b/README-pl.md
index 38ca2b0..b903ab8 100644
--- a/README-pl.md
+++ b/README-pl.md
@@ -1,18 +1,20 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # Lista kontrolna bezpieczeństwa API
-Lista kontrolna najważniejszych metod zabezpieczenia podczas projektowania, testowania oraz wypuszczania własnego API.
 
+Lista kontrolna najważniejszych metod zabezpieczenia podczas projektowania, testowania oraz wypuszczania własnego API.
 
 ---
 
 ## Uwierzytelnianie
+
 - [ ] Nie używaj `Basic Auth`. Użyj standardów uwierzytelniania (np. [JWT](https://jwt.io/), [OAuth](https://oauth.net/)).
 - [ ] Nie wynajduj koła na nowo podczas `Uwierzytelniania`, `generowanie tokenów`, `przechowywania haseł`. Użyj sprawdzonych standardów.
 - [ ] Dodaj `Maksymalną ilość prób` oraz inne opcje ograniczające podczas Logowania.
 - [ ] Szyfruj wszystkie wrażliwe (ważne) dane.
 
 ### JWT (JSON Web Token)
+
 - [ ] Użyj losowego, skomplikowanego klucza (`JWT Secret`) aby uczynić token bezpieczniejszym przeciw atakom typu `brute force`.
 - [ ] Algorytmy trzymaj w backendzie, nie upubliczniaj algorytmów.
 - [ ] Ustaw wygaszanie tokenów (`TTL`, `RTTL`) najkrótsze jak to możliwe.
@@ -20,6 +22,7 @@ Lista kontrolna najważniejszych metod zabezpieczenia podczas projektowania, tes
 - [ ] Unikaj przechowywania zbyt dużej ilości danych. JWT jest zwykle udostępniany w nagłówkach i ma limit rozmiaru.
 
 ## Dostęp
+
 - [ ] Ustaw limit zapytań (Throttling) aby uniknąć ataku DDoS / brute-force.
 - [ ] Użyj HTTPS aby uniknąć MITM (Man In The Middle Attack) - Ataku polegającego na pośrednictwie w wymianie informacji pomiędzy dwoma punktami np. klientem i serwerem.
 - [ ] Użyj nagłówka `HSTS` z SSL aby uniknąć SSL Strip attack.
@@ -29,12 +32,14 @@ Lista kontrolna najważniejszych metod zabezpieczenia podczas projektowania, tes
 ## Authorization
 
 ### OAuth
+
 - [ ] Zawsze waliduj `redirect_uri` po stronie serwera aby zezwolić tylko URL-om z dozwolonej listy (`whitelist`).
 - [ ] Zawsze próbuj wymienić kodem nie tokenami (nie zezwalaj na `response_type=token`).
 - [ ] Użyj parametru `state` z losowym hashem aby zabezpieczyć proces OAuth przed atakiem CSRF.
 - [ ] Zdefiniuj oraz waliduj zakres parametrów dla każdej aplikacji.
 
 ## Wejście
+
 - [ ] Użyj odpowiedniej metody protokołu HTTP dla danej operacji: `GET (odczyt)`, `POST (tworzenie)`, `PUT/PATCH (zmiana)`, and `DELETE (usuwanie)`, i odpowiadaj `405 Method Not Allowed` jeżeli metoda zapytania jest niepoprawna.
 - [ ] Waliduj `content-type` podczas zapytań i zezwalaj jedynie na wymagane typy danych (np. `application/xml`, `application/json`) oraz odpowiadaj `406 Not Acceptable` jeżeli nie pasują.
 - [ ] Waliduj `content-type` informacji przekazywanych metodą POST (np. `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json`).
@@ -44,6 +49,7 @@ Lista kontrolna najważniejszych metod zabezpieczenia podczas projektowania, tes
 - [ ] Użyj usługi API Gateway aby włączyć caching oraz np. `Quota`, `Spike Arrest`, `Concurrent Rate Limit`.
 
 ## Przetwarzanie
+
 - [ ] Sprawdź czy wszystkie endpointy są zabezpieczone uwierzytelnianiem aby uniknąć niautoryzowanego dostępu.
 - [ ] Unikaj ukazywania ID użytkownika. Użyj np. `/me/orders` zamiast `/users/654321/orders/`.
 - [ ] Nie używaj auto inkrementacji w polu ID. Zamiast tego użyj `UUID`.
@@ -54,6 +60,7 @@ Lista kontrolna najważniejszych metod zabezpieczenia podczas projektowania, tes
 - [ ] Użyj niewykonywalnych stacks jeśli są dostępne.
 
 ## Wyjście
+
 - [ ] Wyślij nagłówek `X-Content-Type-Options: nosniff`.
 - [ ] Wyślij nagłówek `X-Frame-Options: deny`.
 - [ ] Wyślij nagłówek `Content-Security-Policy: default-src 'none'`.
@@ -63,6 +70,7 @@ Lista kontrolna najważniejszych metod zabezpieczenia podczas projektowania, tes
 - [ ] Zwróc odpowiedni status w zależności od operacji. (np. `200 OK`, `400 Bad Request`, `401 Unauthorized`, `405 Method Not Allowed`).
 
 ## CI & CD
+
 - [ ] Przetestuj wszystkie rozwiązania stosując testy jednostkowe.
 - [ ] Oddaj kod do przejrzenia innym, poddaj go `code review`.
 - [ ] Upewnij się, że wszystkie komponenty twojej usługi są skanowane przez oprogramowanie antywirusowe przed wejściem na produkcje. Uwzględnij także zewnętrzne biblioteki.
@@ -71,20 +79,21 @@ Lista kontrolna najważniejszych metod zabezpieczenia podczas projektowania, tes
 - [ ] Stwórz możliwość szybkiego wycofania udostępnionego wdrożenia.
 
 ## Monitorowanie
+
 - [ ] Użyj ze scentralizowanych logowań dla wszystkich usług i komponentów.
 - [ ] Użyj agentów do monitorowania całego ruchu, błędów, żądań i odpowiedzi.
 - [ ] Użyj alertów dla SMS, Slack, Email, Telegram, Kibana, Cloudwatch, itp.
 - [ ] Upewnij się, że nie rejestrujesz żadnych poufnych danych, takich jak karty kredytowe, hasła, kody PIN, itp.
 - [ ] Użyj systemu IDS i/lub IPS do monitorowania żądań i instancji API.
 
-
 ---
 
 ## Zobacz także:
-- [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) - [ENG] Zbiór wartościowych narzędzi do tworzenia REST HTTP+JSON API.
 
+- [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) - [ENG] Zbiór wartościowych narzędzi do tworzenia REST HTTP+JSON API.
 
 ---
 
 # Contribution
+
 Możesz wnieść swój wkład, tworząc fork tego repozytorium, wprowadzając pewne zmiany i przesyłając pull request. W przypadku jakichkolwiek pytań napisz do nas email na adres `team@shieldfy.io`.
diff --git a/README-pt_BR.md b/README-pt_BR.md
index ddc41b7..cace2a2 100644
--- a/README-pt_BR.md
+++ b/README-pt_BR.md
@@ -1,18 +1,20 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # API Security Checklist
-Lista das mais importantes medidas de segurança para o desenvolvimento, teste e publicação da sua API.
 
+Lista das mais importantes medidas de segurança para o desenvolvimento, teste e publicação da sua API.
 
 ---
 
 ## Autenticação (_Authentication_)
+
 - [ ] Não use `Basic Auth`. Use padrões de autenticação (exemplo: JWT, OAuth).
 - [ ] Não reinvente a roda nos quesitos `Autenticação`, `geração de tokens` e `armazenamento de senhas`. Use os padrões recomendados para cada caso.
 - [ ] Implemente funcionalidades de limite (_`Max Retry`_) e bloqueio de tentativas de autenticação.
 - [ ] Use criptografia em todos os dados confidenciais.
 
 ### JWT (JSON Web Token)
+
 - [ ] Use uma chave de segurança aleatória e complicada (`JWT Secret`) para tornar ataques de força bruta menos eficientes.
 - [ ] Não utilize o algoritmo de criptografia informado no cabeçalho do payload. Force o uso de um algoritmo específico no _back-end_ (`HS256` ou `RS256`).
 - [ ] Defina o tempo de vida do _token_ (`TTL`, `RTTL`) o menor possível.
@@ -20,6 +22,7 @@ Lista das mais importantes medidas de segurança para o desenvolvimento, teste e
 - [ ] Evite armazenar muitos dados. JWT geralmente é compartilhado em headers e eles têm um limite de tamanho.
 
 ## Acesso (_Access_)
+
 - [ ] Limite a quantidade de requisições (_Throttling_) para evitar ataques DDoS e de força bruta.
 - [ ] Use HTTPS no seu servidor para evitar ataques MITM (_Man In The Middle Attack_).
 - [ ] Use cabeçalho `HSTS` com SSL para evitar ataques _SSL Strip_.
@@ -29,12 +32,14 @@ Lista das mais importantes medidas de segurança para o desenvolvimento, teste e
 ## Autorização (_Authorization_)
 
 ### OAuth
+
 - [ ] Sempre valide o `redirect_uri` no seu servidor através de uma lista de URLs conhecidas (previamente cadastradas).
 - [ ] Tente sempre retornar códigos de negociação, não o _token_ de acesso (não permita `response_type=token`).
 - [ ] Utilize o parâmetro `state` com um _hash_ aleatório para previnir CSRF no processo de autenticação OAuth.
 - [ ] Defina escopo de dados, e valide o parâmetro `scope` para cada aplicação.
 
 ## Requisição (_Input_)
+
 - [ ] Utilize o método HTTP apropriado para cada operação, `GET (obter)`, `POST (criar)`, `PUT/PATCH (trocar/atualizar)` e `DELETE (apagar)`.
 - [ ] Valide o tipo de conteúdo informado no cabeçalho `Accept` da requisição (_Content Negotiation_) para permitir apenas os formatos suportados pela sua API (ex. `application/xml`, `application/json` ... etc), respondendo com o status `406 Not Acceptable` se ele não for suportado.
 - [ ] Valide o tipo de conteúdo do conteúdo da requisição informado no cabeçalho `Content-Type` da requisição para permitir apenas os formatos suportados pela sua API (ex. `application/x-www-form-urlencoded`, `multipart/form-data, application/json` ... etc).
@@ -44,6 +49,7 @@ Lista das mais importantes medidas de segurança para o desenvolvimento, teste e
 - [ ] Use um serviço _gateway_ para a sua API para habilitar _cache_, limitar acessos sucessivos (ex. por quantidade máxima permitida (_Quota_), por limitar tráfego em situações de estresse (_spike arrest_) ou por limitar o número de conexões simultâneas na sua API (_Concurrent Rate Limit_)), e facilitar o _deploy_ de novas funcionalidades.
 
 ## Processamento (_Processing_)
+
 - [ ] Verifique continuamente os _endpoints_ protegidos por autenticação para evitar falhas na proteção de acesso aos dados.
 - [ ] Não utilize a identificação do próprio usuário. Use `/me/orders` no lugar de `/user/654321/orders`.
 - [ ] Não utilize ID's incrementais. Use UUID.
@@ -55,6 +61,7 @@ Lista das mais importantes medidas de segurança para o desenvolvimento, teste e
 - [ ] Use stacks não executáveis quando disponíveis.
 
 ## Resposta (_Output_)
+
 - [ ] Envie o cabeçalho `X-Content-Type-Options: nosniff`.
 - [ ] Envie o cabeçalho `X-Frame-Options: deny`.
 - [ ] Envie o cabeçalho `Content-Security-Policy: default-src 'none'`.
@@ -64,6 +71,7 @@ Lista das mais importantes medidas de segurança para o desenvolvimento, teste e
 - [ ] Utilize o código de resposta apropriado para cada operação. Ex. `200 OK` (respondido com sucesso), `201 Created` (novo recurso criado), `400 Bad Request` (requisição inválida), `401 Unauthorized` (não autenticado), `405 Method Not Allowed` (método HTTP não permitido) ... etc.
 
 ## CI & CD
+
 - [ ] Monitore a especificação e implementação do escopo da sua API através de testes unitários e de integração.
 - [ ] Use um processo de revisão de código, ignorando sistemas de auto-aprovação.
 - [ ] Certifique-se de que todos os componentes de seus serviços sejam validados por _softwares_ AV (anti-vírus, anti-_malware_) antes de enviar para produção, incluindo as dependências de terceiros utilizadas.
@@ -72,20 +80,21 @@ Lista das mais importantes medidas de segurança para o desenvolvimento, teste e
 - [ ] Implemente funcionalidade de reversão de _deploy_ (_rollback_).
 
 ## Monitoramento (_Monitoring_)
+
 - [ ] Use logins centralizados para todos os serviços e componentes.
 - [ ] Use agentes para monitorar todo o tráfego, erros, solicitações, e respostas.
 - [ ] Use alertas para SMS, Slack, Email, Telegram, Kibana, Cloudwatch, etc.
 - [ ] Verifique se você não está registrando dados confidenciais, como cartões de crédito, senhas, PINs, etc.
 - [ ] Use um sistema IDS e/ou IPS para monitorar as solicitações e instâncias de sua API.
 
-
 ---
 
 ## Veja também:
-- [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) - Uma coleção de recursos úteis para a construção de API RESTful HTTP+JSON.
 
+- [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) - Uma coleção de recursos úteis para a construção de API RESTful HTTP+JSON.
 
 ---
 
 # Contribuindo
+
 Sinta-se livre para contribuir, fazendo um fork deste repositório, fazendo algumas alterações e enviando um PR. Dúvidas, envie um e-mail para `team@shieldfy.io`.
diff --git a/README-ru.md b/README-ru.md
index 675ab86..5bbb4bf 100644
--- a/README-ru.md
+++ b/README-ru.md
@@ -1,18 +1,20 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # Контрольный список безопасности API
-Чеклист наиболее важных контрмер по безопасности при разработке, тестировании и выпуске вашего API.
 
+Чеклист наиболее важных контрмер по безопасности при разработке, тестировании и выпуске вашего API.
 
 ---
 
 ## Аутентификация
+
 - [ ] Не используйте `Basic Auth`. Используйте стандартную проверку подлинности (например: JWT, OAuth).
 - [ ] Не изобретайте велосипед для `аутентификации`, `создании токенов`, `хранения паролей`. Используйте стандарты, проверенные библиотеки.
 - [ ] Используйте `Max Retry` и функции jail во время аутентификации.
 - [ ] Используйте шифрование для всех конфиденциальных данных.
 
 ### JWT (JSON Web Token)
+
 - [ ] Используйте случайный сложный ключ (`JWT Secret`), чтобы сделать брут форс токена бесполезным.
 - [ ] Не полагайтесь на переданное в заголовках название алгоритма, лучше закрепите его константой на сервере (`HS256` или `RS256`).
 - [ ] Сделайте срок действия токена (`TTL`, `RTTL`) как можно короче.
@@ -20,6 +22,7 @@
 - [ ] Избегайте хранения слишком большого количества данных. JWT обычно используется в header, и они имеют ограничение по размеру.
 
 ## Доступ
+
 - [ ] Установите ограничение на кол-во запросов в минуту (Throttling, RPM-Limit), чтобы избежать DDoS / Brute Force атак.
 - [ ] Используйте HTTPS на стороне сервера, чтобы избежать [MITM](https://ru.wikipedia.org/wiki/Атака_посредника) (Man In The Middle Attack / атака "человек посередине").
 - [ ] Используйте заголовок `HSTS` (HTTP Strict Transport Security) с SSL, чтобы избежать атаки SSL Strip (перехват SSL соединений).
@@ -29,12 +32,14 @@
 ## Авторизация
 
 ### OAuth
+
 - [ ] Всегда проверяйте `redirect_uri` на стороне сервера, чтобы разрешать только URL-адреса из белых списков (whitelist).
 - [ ] Всегда старайтесь использовать одноразовый code, а не токены (не использовать `response_type=token`).
 - [ ] Используйте параметр `state` со случайным хешем, чтобы предотвратить CSRF в процессе аутентификации OAuth.
 - [ ] Определите scope по умолчанию, а также проверяйте параметры для каждого приложения.
 
 ## Запрос
+
 - [ ] Используйте соответствующий HTTP-метод в соответствии с операцией: `GET (чтение)`, `POST (создание)`, `PUT / PATCH (замена / обновление)` и `DELETE (удаление)`, а также ответьте `405 Method Not Allowed`, если запрошенный метод не подходит для запрашиваемого ресурса.
 - [ ] Проверяй тип данных в заголовке `Accept`, чтобы разрешить только поддерживаемые форматы (например, `application/xml`, `application/json` и т.д.) И отвечайте `406 Not Acceptable`, если тип не поддерживается.
 - [ ] Проверяйте, сможете ли вы обработать тип получаемых данных (например, `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json` и т.д.).
@@ -44,6 +49,7 @@
 - [ ] Используйте единый API-шлюз, чтобы можно было настроить кеширование, ограничение на кол-во запросов, Spike Arrest, а также динамическое развертывание API.
 
 ## Обработка
+
 - [ ] Проверьте, защищены ли все точки входа аутентификацией, чтобы не нарушить процедуру проверки подлинности.
 - [ ] Следует избегать ID собственного ресурса. Используйте `/me/orders` вместо `/user/654321/orders`.
 - [ ] Не используйте автоинкремент для ID. Вместо этого используйте `UUID`.
@@ -55,6 +61,7 @@
 - [ ] Используйте неисполняемые stack когда они доступны.
 
 ## Ответ
+
 - [ ] Отправляйте заголовок `X-Content-Type-Options: nosniff`.
 - [ ] Отправляйте заголовок `X-Frame-Options: deny`.
 - [ ] Отправляйте заголовок `Content-Security-Policy: default-src 'none'`.
@@ -64,6 +71,7 @@
 - [ ] Возвращайте код состояния в соответствии с итогами обработки. (Например: `200 OK`, `400 Bad Request`, `401 Unauthorized`, `405 Method Not Allowed` и т.д.).
 
 ## Непрерывная интеграция и Непрерывная доставка (CI & CD)
+
 - [ ] Проверяйте ваш проект во время CI/CD. Покрывайте код unit/интеграционными тестами.
 - [ ] Используйте процесс проверки кода (Code Review) коллегами. Не апрувьте сами себя (no Self-Approval).
 - [ ] Убедитесь, что ваше приложение сканируются с помощью антивирусов перед отправкой в прод, включая библиотеки и другие зависимости.
@@ -72,20 +80,21 @@
 - [ ] Сделайте возможным быстрый откат на предыдущую версию.
 
 ## Мониторинг
+
 - [ ] Используйте централизованные входы для всех служб и компонентов.
 - [ ] Используйте агенты для мониторинга всего трафика, ошибок, запросов, и ответов.
 - [ ] Используйте оповещения для SMS, Slack, электронной почты, Telegram, Kibana, Cloudwatch, и т.д.
 - [ ] Убедитесь, что вы не регистрируете какие-либо конфиденциальные данные, такие как кредитные карты, пароли, PIN-коды, и т.д.
 - [ ] Используйте систему IDS и/или IPS для мониторинга запросов и экземпляров API.
 
-
 ---
 
 ## Смотрите также:
-- [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) - Сбор полезных ресурсов для создания RESTful HTTP+JSON API.
 
+- [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) - Сбор полезных ресурсов для создания RESTful HTTP+JSON API.
 
 ---
 
 # Вклад
+
 Не стесняйтесь вносить вклад, открывая этот репозиторий, внося некоторые изменения и отправляя `Pull Requests`. По любым вопросам напишите нам письмо по адресу `team@shieldfy.io`.
diff --git a/README-th.md b/README-th.md
index 7175b3c..f7b9685 100644
--- a/README-th.md
+++ b/README-th.md
@@ -1,18 +1,20 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # API Security Checklist
-Checklist ที่ต้องให้ความสำคัญเมื่อมีการสร้าง API ในช่วงการออกแบบ ทดสอบระบบ และการปล่อยให้คนนอกใช้
 
+Checklist ที่ต้องให้ความสำคัญเมื่อมีการสร้าง API ในช่วงการออกแบบ ทดสอบระบบ และการปล่อยให้คนนอกใช้
 
 ---
 
 ## Authentication (การพิสูจน์ตัวตน)
+
 - [ ] ไม่ควรใช้ `Basic Auth` (การ authen ปกติด้วยusername password) สำหรับการพิสูจน์ตัวตน แต่ให้ใช้รูปแบบมาตรฐานสากลแทน(e.g. JWT, OAuth).
 - [ ] ไม่ต้องเสียเวลาสร้างวิธี Authentication ใหม่ขึ้นมา ให้ใช้ที่มีอยู่ในมาตรฐานไปเลย
 - [ ] ให้มีการจำกัดจำนวนครั้งในการพยายาม authen และสร้างระบบล็อคกรณีพยายามเกินกำหนด
 - [ ] ข้อมูลที่สำคัญควรมีการเข้ารหัสเสมอ
 
 ### JWT (JSON Web Token)
+
 - [ ] key ในการ generate token ควรมีความซับซ้อนสูง เพื่อป้องกันการ brute force หาตัวเข้ารหัส
 - [ ] ไม่ควรมีการแกะข้อมูลหรือขั้นตอนการถอดข้อมูลในฝั่ง client. ให้มีเฉพาะในฝั่ง server เท่านั้น โดยอาจใช้วิธีเข้ารหัสด้วย HS256 หรือ RS256 เอา
 - [ ] พยายามให้ token หมดอายุให้ไวที่สุดเท่าที่จะเป็นไปได้ (`TTL`, `RTTL`)
@@ -20,6 +22,7 @@ Checklist ที่ต้องให้ความสำคัญเมื่
 - [ ] หลีกเลี่ยงการจัดเก็บข้อมูลมากเกินไป. JWT มักใช้ร่วมกันใน header และมีขนาดจำกัด.
 
 ## Access
+
 - [ ] จำกัดจำนวนสูงสุดของ request เพื่อป้องกัน DDoS / Bruteforce.
 - [ ] ใช้ https เพื่อป้องกัน MITM (Man In The Middle Attack).
 - [ ] ใช้ `HSTS` header กับ SSL เพื่อป้องกัน SSL Strip attack.
@@ -29,12 +32,14 @@ Checklist ที่ต้องให้ความสำคัญเมื่
 ## Authorization
 
 ### OAuth
+
 - [ ] มีการ validate `redirect_uri` ในฝั่ง server โดยยอมรับuriเฉพาะที่มีอยู่ในลิสต์ที่เราเชื่อถือเท่านั้น (whitelist).
 - [ ] บังคับให้มีการใช้ response_type เป็น code เสมอ (พยายามเลี่ยง `response_type=token`).
 - [ ] ตัวแปร `state` ให้ใช้ random hash เพื่อป้องกัน CSRF (Cross Site Request Forgery) ในช่วง OAuth authentication.
 - [ ] กำหนด scope และมีการ validate scope ตัวแปรสำหรับแต่ละแอป.
 
 ## Input
+
 - [ ] ใช้คำสั่ง HTTP ตาม operation ที่ทำ เช่น `GET (read)`, `POST (create)`, `PUT/PATCH (replace/update)` and `DELETE (to delete a record)` และตอบกลับด้วย `405 Method Not Allowed` ถ้าไม่มีการรองรับ request ด้วย method นั้นในระบบ.
 - [ ] Validate `content-type` ใน header ขา request (Content Negotiation) โดยยอมให้ส่งมาเฉพาะ format ที่กำหนด (e.g. `application/xml`, `application/json`... และอื่นๆ) และตอบกลับด้วย `406 Not Acceptable` ถ้า format ที่ส่งมาไม่ถูก.
 - [ ] Validate `content-type` ของ data ที่รับมาทุกครั้ง(e.g. `application/x-www-form-urlencoded`, `multipart/form-data ,application/json`... ).
@@ -44,9 +49,11 @@ Checklist ที่ต้องให้ความสำคัญเมื่
 - [ ] ทำ API Gateway เพื่อให้สามารถทำ caching, Rate Limit, Spike Arrest, และการจัดสรรค์ทรัพยากรสำหรับ API ได้อย่างยืดหยุ่น.
 
 ## Processing
+
 - [ ] ตรวจดูว่า endpoints ทุกจุดอยู่ภายใต้ authentication เพื่อป้องกันช่องโหว่ที่ทำให้คนอื่นมาเรียกใช้โดยไม่จำเป็นต้องพิสูจน์ตัวตน.
 - [ ] ไม่ควรนำ resource ID ของ user ไปใช้ (`/user/654321/orders`) แต่ให้ไปใช้แบบ `/me/orders` แทน เพื่อป้องกัน user เปลี่ยนไปใช้ของคนอื่น.
 - [ ] เลข ID ของ user ไม่ควรมีการสร้างแบบไล่ลำดับเพิ่มไปเรื่อยๆ แต่ให้สร้าง UUID แทน.
+- [ ] If you are parsing XML data, make sure entity parsing is not enabled to avoid `XXE` (XML external entity attack).
 - [ ] ถ้ามีการ parsing ไฟล์ XML, ให้ปิดส่วนของ Entity parsing ไว้เพื่อเลี่ยงที่จะโดนช่องโหว่ต่างๆเช่น (XML external entity attack, Billion Laughs/XML bomb).
 - [ ] ใช้ CDN เมื่อจำเป็นต้องมีการ upload ไฟล์จาก client.
 - [ ] หากต้องเผชิญกับข้อมูลขนาดใหญ่ ให้ใช้ Workers กับ คิวในการจัดการเพื่อให้มีการตอบข้อมูลกลับได้อย่างรวดเร็วจะได้ไม่เกิดคอขวดขึ้น.
@@ -54,6 +61,7 @@ Checklist ที่ต้องให้ความสำคัญเมื่
 - [ ] ใช้ stack ที่ไม่สามารถเรียกใช้งานได้เมื่อมี.
 
 ## Output
+
 - [ ] ตั้ง `X-Content-Type-Options: nosniff` ใน header.
 - [ ] ตั้ง `X-Frame-Options: deny` ใน header.
 - [ ] ตั้ง `Content-Security-Policy: default-src 'none'` ในheader.
@@ -63,6 +71,7 @@ Checklist ที่ต้องให้ความสำคัญเมื่
 - [ ] ตอบ status code ที่ตรงกับ operation กลับไป (e.g. `200 OK`, `400 Bad Request`, `401 Unauthorized`, `405 Method Not Allowed` ... etc).
 
 ## CI & CD
+
 - [ ] ตรวจสอบ design กับ implementation ในขั้น unit/integration test อย่างครอบคลุม
 - [ ] ให้ใช้ code review process ไม่ใช่ว่าตัวเองพอใจก็โอเคแล้ว
 - [ ] มั่นใจว่าทุกอย่างใน service ปลอดไวรัสแล้วก่อนจะนำขึ้น production รวมถึง lib ของพวก vendor กับ dependencies อื่นๆด้วย
@@ -71,20 +80,21 @@ Checklist ที่ต้องให้ความสำคัญเมื่
 - [ ] ออกแบบวิธี rollback ไว้ด้วยก่อนจะนำขึ้นไป เพราะเวลาเกิดปัญหาจะได้ย้อนกลับมาใช้ version เก่าไปก่อนได้ (อาจพบได้บ่อยตอนพัฒนา feature ใหม่ๆ)
 
 ## Monitoring
+
 - [ ] Use centralized logins for all services and components.
 - [ ] Use agents to monitor all traffic, errors, requests, and responses.
 - [ ] Use alerts for SMS, Slack, Email, Telegram, Kibana, Cloudwatch, etc.
 - [ ] Ensure that you aren't logging any sensitive data like credit cards, passwords, PINs, etc.
 - [ ] Use an IDS and/or IPS system to monitor your API requests and instances.
 
-
 ---
 
 ## ดูสิ่งนี้ด้วย:
-- [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) - ชุดของแหล่งข้อมูลที่เป็นประโยชน์สำหรับการสร้าง API RESTful HTTP+JSON.
 
+- [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) - ชุดของแหล่งข้อมูลที่เป็นประโยชน์สำหรับการสร้าง API RESTful HTTP+JSON.
 
 ---
 
 # Contribution
+
 Feel free to contribute by forking this repository, making some changes, and submitting pull requests. For any questions drop us an email at `team@shieldfy.io`.
diff --git a/README-tr.md b/README-tr.md
index 7bad1a5..bc103fb 100644
--- a/README-tr.md
+++ b/README-tr.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # API Güvenlik Kontrol Listesi
 
@@ -7,12 +7,14 @@ API'nizi tasarlarken, test ederken ve yayınlarken en önemli güvenlik önlemle
 ---
 
 ## Kimlik Doğrulama
+
 - [ ] `Basic Auth` kullanmayın. Bunun yerine standardlaşmış kimlik doğrulama çözümlerini (örneğin [JWT](https://jwt.io/), [OAuth](https://oauth.net/) gibi) kullanmalısınız.
 - [ ] `Kimlik doğrulama`, `token oluşturma`, `şifreleri kaydetme` için tekerleği yeniden icat etmeye çalışmayın. Standartları kullanın.
 - [ ] `Deneme sayısını` sınırlayarak giriş hakkını kısıtlayın.
 - [ ] Tüm hassas verilerde şifreleme kullanın.
 
 ### JWT (JSON Web Token)
+
 - [ ] (`JWT Secret`) gibi rastgele, karmaşık ve zor bir anahtar kullanarak kaba kuvvet ile token çözmeyi olabildiğince zorlaştırın.
 - [ ] Algoritmayı gelen veri üzerinden belirlemeyin. Arka uçta olmasını sağlayın. (`HS256` veya `RS256`).
 - [ ] Token'in son kullanma tarihini (`TTL`, `RTTL`) olabildiğince kısa yapın.
@@ -20,6 +22,7 @@ API'nizi tasarlarken, test ederken ve yayınlarken en önemli güvenlik önlemle
 - [ ] Çok fazla veri depolamaktan kaçının. JWT genellikle header'larda paylaşılır ve bunların bir boyut sınırı vardır.
 
 ## Erişim
+
 - [ ] DDoS ya da kaba kuvvet saldırılarından korunmak için istekleri sınırlamalısınız.
 - [ ] MITM (Man In The Middle Attack) saldırılarında korunmak için sunucu tarafında HTTPS kullanın.
 - [ ] SSL Strip saldırılarından korunmak için `HSTS` header'ı SSL ile kullan.
@@ -29,12 +32,14 @@ API'nizi tasarlarken, test ederken ve yayınlarken en önemli güvenlik önlemle
 ## Yetki
 
 ### OAuth
+
 - [ ] Yalnızca beyaz listeye eklenen URL'lere izin vermek için sunucu tarafındaki `redirect_uri` bilgisini her zaman doğrulayın.
 - [ ] Her zaman code değiştirmeyi deneyin token değiştirmeyi değil (`response_type=token` kullanımına izin vermeyin).
 - [ ] OAuth kimlik doğrulama işlemi sırasında CSRF'yi önlemek için `state` parametresini rasgele hashleyerek kullanın.
 - [ ] Varsayılan kapsamı tanımlayın ve her uygulama için kapsam parametrelerini doğrulayın.
 
 ## Girdi
+
 - [ ] İşleme göre uygun HTTP yöntemini kullanın: `GET (okumak)`, `POST (oluşturmak)`, `PUT/PATCH (değiştirmek/güncellemk)`, ve `DELETE (bir kaydı silmek için)`, eğer istenen yöntem istenen kaynak için uygun değilse `405 Method Not Allowed` mesajı ile cevap verin.
 - [ ] Accept header gelen `content-type` beklediğiniz ve izin verdiğiniz formatta olup olmadığını kontrol edin. (ör. `application/xml`, `application/json`, v.b.) Format uyuşmuyorsa `406 Not Acceptable` mesajı ile cevap verin.
 - [ ] Gönderilen verileri doğrularken gelen verinin `content-type` değerini doğrulayın (ör. `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json`, v.b.).
@@ -44,6 +49,7 @@ API'nizi tasarlarken, test ederken ve yayınlarken en önemli güvenlik önlemle
 - [ ] Önbelleklemeyi ve hız sınır politikalarını (ör. `Quota`, `Spike Arrest`, `Concurrent Rate Limit`) etkinleştirmek için ve API kaynaklarını dinamik olarak dağıtmak için bir API Gateway hizmeti kullanın.
 
 ## İşleme
+
 - [ ] Kimlik doğrulama işleminin atlatılmasını önlemek için, tüm iştem uç noktalarının kimlik doğrulama arkasında korunup korunmadığını kontrol edin.
 - [ ] Kullanıcı için kendi kaynak ID'si kullanılmasından kaçınılmalıdır. `/me/orders` yerine `/user/654321/orders` kullanın.
 - [ ] Otomotik artan ID'ler kullanmayın. Yerine `UUID` kullanın.
@@ -55,6 +61,7 @@ API'nizi tasarlarken, test ederken ve yayınlarken en önemli güvenlik önlemle
 - [ ] Varsa yürütülemez yığınları kullanın.
 
 ## Çıktı
+
 - [ ] `X-Content-Type-Options: nosniff` header'ı gönderin.
 - [ ] `X-Frame-Options: deny` header'ı gönderin.
 - [ ] `Content-Security-Policy: default-src 'none'` header'ı gönderin.
@@ -64,6 +71,7 @@ API'nizi tasarlarken, test ederken ve yayınlarken en önemli güvenlik önlemle
 - [ ] İşlem tamamlandıktan sonra uygun durum kodunu döndürün. (ör. `200 OK`, `400 Bad Request`, `401 Unauthorized`, `405 Method Not Allowed`, v.b.).
 
 ## CI & CD
+
 - [ ] unit/integration testi kapsamı ölçümleri ile tasarımınızı ve uygulamanızı denetleyin.
 - [ ] Bir kod inceleme süreci kullanın ve kendi onayınızı dikkate almayın.
 - [ ] Kodunuzu canlıya göndemreden önce harici kitaplıkları ve diğer bağımlılıklar da dahil olmak üzere hizmetlerinizin tüm bileşenlerinin AntiVirus yazılımıyla statik olarak tarandığından emin olun.
@@ -72,6 +80,7 @@ API'nizi tasarlarken, test ederken ve yayınlarken en önemli güvenlik önlemle
 - [ ] Dağıtımlar için bir geriye dönme çözümü tasarlayın.
 
 ## İzleme
+
 - [ ] Tüm hizmetler ve bileşenler için merkezi login kullanın.
 - [ ] Tüm trafiği, hataları, istekleri ve yanıtları izlemek için aracıları kullanın.
 - [ ] SMS, Slack, E-posta, Telegram, Kibana, Cloudwatch, vb. için uyarıları kullanın.
@@ -81,9 +90,11 @@ API'nizi tasarlarken, test ederken ve yayınlarken en önemli güvenlik önlemle
 ---
 
 ## Ek kaynaklar:
+
 - [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) - RESTful HTTP+JSON API'leri oluşturmak için kullanışlı kaynakların bir koleksiyonu.
 
 ---
 
 # Katkı
+
 Bu depoyu forklayarak, bazı değişiklikler yaparak ve pull requests göndererek katkıda bulunmaktan çekinmeyin. Herhangi bir sorunuz için bize bir e-posta bırakın: `team@shieldfy.io`.
diff --git a/README-tw.md b/README-tw.md
index c14c25c..17a9573 100644
--- a/README-tw.md
+++ b/README-tw.md
@@ -1,18 +1,20 @@
-[English](./README.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # 開發安全的 API 所需要核對的清單
-以下是當你在設計, 測試以及發佈你的 API 的時候所需要核對的重要安全措施.
 
+以下是當你在設計, 測試以及發佈你的 API 的時候所需要核對的重要安全措施.
 
 ---
 
 ## 身份認證
+
 - [ ] 不要使用 `Basic Auth`, 使用標準的認證協議取而代之 (如 JWT, OAuth).
 - [ ] 不要再造 `Authentication`, `token generating`, `password storing` 這些輪子, 使用標準的.
 - [ ] 在登錄中使用 `Max Retry` 和自動封禁功能.
 - [ ] 加密所有的敏感數據.
 
 ### JWT (JSON Web Token)
+
 - [ ] 使用隨機複雜的密鑰 (`JWT Secret`) 以增加暴力破解的難度.
 - [ ] 不要在請求體中直接提取數據, 要對數據進行加密 (`HS256` 或 `RS256`).
 - [ ] 使 token 的過期時間儘量的短 (`TTL`, `RTTL`).
@@ -20,6 +22,7 @@
 - [ ] 避免存儲過多的數據。 JWT 通常在標頭中共享，並且它們有大小限制。
 
 ## 訪問
+
 - [ ] 限制流量來防止 DDoS 攻擊和暴力攻擊.
 - [ ] 在服務端使用 HTTPS 協議來防止 MITM 攻擊.
 - [ ] 使用 `HSTS` 協議防止 SSLStrip 攻擊.
@@ -29,12 +32,14 @@
 ## Authorization
 
 ### OAuth 授權或認證協議
+
 - [ ] 始終在後台驗證 `redirect_uri`, 只允許白名單的 URL.
 - [ ] 每次交換令牌的時候不要加 token (不允許 `response_type=token`).
 - [ ] 使用 `state` 參數並填充隨機的哈希數來防止跨站請求偽造(CSRF).
 - [ ] 對不同的應用分別定義默認的作用域和各自有效的作用域參數.
 
 ## 輸入
+
 - [ ] 使用與操作相符的 HTTP 操作函數, `GET (讀取)`, `POST (創建)`, `PUT (替換/更新)` 以及 `DELETE (刪除記錄)`, 如果請求的方法不適用於請求的資源則返回 `405 Method Not Allowed`.
 - [ ] 在請求頭中的 `content-type` 欄位使用內容驗證來只允許支持的格式 (如 `application/xml`, `application/json` 等等) 並在不滿足條件的時候返回 `406 Not Acceptable`.
 - [ ] 驗證 `content-type` 的發佈數據和你收到的一樣 (如 `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json` 等等).
@@ -44,6 +49,7 @@
 - [ ] 使用一個 API Gateway 服務來啟用緩存、訪問速率限制 (如 `Quota`, `Spike Arrest`, `Concurrent Rate Limit`) 以及動態地部署 APIs resources.
 
 ## 處理
+
 - [ ] 檢查是否所有的終端都在身份認證之後, 以避免被破壞了的認證體系.
 - [ ] 避免使用特有的資源 id. 使用 `/me/orders` 替代 `/user/654321/orders`
 - [ ] 使用 `UUID` 代替自增長的 id.
@@ -55,6 +61,7 @@
 - [ ] 可用時使用不可執行的堆棧。
 
 ## 輸出
+
 - [ ] 發送 `X-Content-Type-Options: nosniff` 頭.
 - [ ] 發送 `X-Frame-Options: deny` 頭.
 - [ ] 發送 `Content-Security-Policy: default-src 'none'` 頭.
@@ -64,6 +71,7 @@
 - [ ] 在操作結束時返回恰當的狀態碼. (如 `200 OK`, `400 Bad Request`, `401 Unauthorized`, `405 Method Not Allowed` 等等).
 
 ## 持續整合和持續部署
+
 - [ ] 使用單元測試和整合測試來審計你的設計和實現.
 - [ ] 引入代碼審查流程, 不要自行批准更改.
 - [ ] 在推送到生產環境之前確保服務的所有組件都用殺毒軟件靜態地掃瞄過, 包括第三方庫和其它依賴.
@@ -72,20 +80,21 @@
 - [ ] 為部署設計一個回滾方案.
 
 ## Monitoring
+
 - [ ] Use centralized logins for all services and components.
 - [ ] Use agents to monitor all traffic, errors, requests, and responses.
 - [ ] Use alerts for SMS, Slack, Email, Telegram, Kibana, Cloudwatch, etc.
 - [ ] Ensure that you aren't logging any sensitive data like credit cards, passwords, PINs, etc.
 - [ ] Use an IDS and/or IPS system to monitor your API requests and instances.
 
-
 ---
 
 ## 也可以看看：
-- [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) - 用於構建RESTful HTTP+JSON API的有用資源集合。
 
+- [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) - 用於構建RESTful HTTP+JSON API的有用資源集合。
 
 ---
 
 # 貢獻
+
 為此存儲庫創建一個 fork, 進行修改, 並提交 pull request 來貢獻. 如果您有任何問題, 請發送郵件至 `team@shieldfy.io`.
diff --git a/README-uk.md b/README-uk.md
index eb96b5f..810db80 100644
--- a/README-uk.md
+++ b/README-uk.md
@@ -1,18 +1,20 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md)
 
 # Контрольний список безпеки API
-Контрольний список найбільш важливих контрзаходів безпеки при розробці, тестуванні та випуску вашого API.
 
+Контрольний список найбільш важливих контрзаходів безпеки при розробці, тестуванні та випуску вашого API.
 
 ---
 
 ## Аутентифікація
+
 - [ ] Не використовуйте `Basic Auth` Використовуйте стандартну перевірку справжності (наприклад: JWT, OAuth).
 - [ ] Не "винаходьте колесо" в `аутентіфікаціі`, `створенні токенів`, `зберіганні паролей`. Використовуйте стандарти.
 - [ ] Використовуйте `Max Retry` і функції jail в Login.
 - [ ] Користуйтеся шифруванням для всіх конфіденційних даних.
 
 ### JWT (JSON Web Token)
+
 - [ ] Використовуйте випадковий складний ключ (`JWT Secret`), щоб зробити брут форс токена дуже складним.
 - [ ] Не виймайте алгоритм з корисного навантаження. Внесіть алгоритм в бекенда (`HS256` або` RS256`).
 - [ ] Зробіть термін дії токена (`TTL`, `RTTL`) якомога коротшим.
@@ -20,6 +22,7 @@
 - [ ] Уникайте зберігання занадто великої кількості даних. JWT зазвичай спільно використовується в header, і вони мають обмеження на розмір.
 
 ## Доступ
+
 - [ ] Обмежте запити (Throttling), щоб уникнути DDoS атак / грубої сили (Brute Force).
 - [ ] Використовуйте HTTPS на стороні сервера, щоб уникнути MITM (Man In The Middle Attack / Атака посередника).
 - [ ] Використовуйте заголовок `HSTS` (HTTP Strict Transport Security) з SSL, щоб уникнути атаки SSL Strip (перехоплення SSL з'єднань).
@@ -29,12 +32,14 @@
 ## Авторизація
 
 ### OAuth
+
 - [ ] Завжди перевіряйте `redirect_uri` на стороні сервера, щоб дозволяти тільки URL-адреси з білими списками.
 - [ ] Завжди намагайтеся обмінювати код, а не токени (не дозволяти `response_type = token`).
 - [ ] Використовуйте параметр `стану` з випадковим хешем, щоб запобігти CSRF в процесі аутентифікації OAuth.
 - [ ] Визначте область за замовчуванням і перевірте параметри області для кожної програми.
 
 ## Введення
+
 - [ ] Використовуйте відповідний HTTP-метод відповідно до операції: `GET (читання),` POST (створення) `,` PUT / PATCH (заміна / оновлення) `і` DELETE (для видалення запису) `, а також дайте відповідь` 405 Method Not Allowed`, якщо запитаний метод не підходить для запитуваного ресурсу.
 - [ ] Підтвердіть `тип вмісту` за запитом "Прийняти заголовок" (Консолідація контенту), щоб дозволити тільки підтримуваний формат (наприклад: `application/xml`, `application/json` і т.д.) І відповідайте з неприпустимим відповіддю 406, якщо він не узгоджений.
 - [ ] Перевіряйте вміст опублікованих даних `типу контенту` в міру їх прийняття (наприклад,` application/x-www-form-urlencoded`, `multipart/form-data`, `application/json` і т.д.).
@@ -44,6 +49,7 @@
 - [ ] Використовуйте службу шлюзу API, щоб активувати кешування, обмеження швидкості, спайк-арешт і динамічне розгортання ресурсів API.
 
 ## Обробка
+
 - [ ] Перевірте, чи захищені всі кінцеві точки за аутентифікацією, щоб не порушити процедуру перевірки автентичності.
 - [ ] Слід уникати ідентифікатора користувача власного ресурсу. Використовуйте `/me/orders` замість `/user/654321/orders`.
 - [ ] Не використовуйте автоінкремент для ID. Замість цього використовуйте `UUID`.
@@ -55,6 +61,7 @@
 - [ ] Використовуйте невиконувані stack якщо вони доступні.
 
 ## Виведення
+
 - [ ] Надсилайте заголовок `X-Content-Type-Options: nosniff`.
 - [ ] Надсилайте заголовок `X-Frame-Options: deny`.
 - [ ] Надсилайте заголовок `Content-Security-Policy: default-src 'none'`.
@@ -64,6 +71,7 @@
 - [ ] Завжди повертайте код стану відповідно до завершеною роботою. (Наприклад: `200 OK`, `400 Bad Request`, `401 Unauthorized`, `405 Method Not Allowed` і т.д.).
 
 ## Безперервна інтеграція і Безперервне постачання (CI & CD)
+
 - [ ] Аудит вашого дизайну і реалізації з охопленням модулів / інтеграційних тестів.
 - [ ] Використовуйте процес перевірки коду і ігноруйте самоокупність.
 - [ ] Переконайтеся, що всі компоненти ваших служб статично скануються за допомогою антивірусів перед відправкою на виробництво, включаючи бібліотеки постачальників та інші залежності.
@@ -72,20 +80,21 @@
 - [ ] Створіть рішення відкату для розгортання.
 
 ## Моніторинг
+
 - [ ] Використовуйте централізований вхід для всіх служб і компонентів.
 - [ ] Використовуйте агентів для моніторингу всього трафіку, помилок, запитів і відповідей.
 - [ ] Використовуйте сповіщення для SMS, Slack, Email, Telegram, Kibana, Cloudwatch, тощо.
 - [ ] Переконайтеся, що ви не реєструєте жодних конфіденційних даних, таких як кредитні картки, паролі, PIN-коди, тощо.
 - [ ] Використовуйте систему IDS та/або IPS для моніторингу запитів і екземплярів API.
 
-
 ---
 
 ## Дивись також:
-- [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) - Набір корисних ресурсів для створення RESTful HTTP+JSON API.
 
+- [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) - Набір корисних ресурсів для створення RESTful HTTP+JSON API.
 
 ---
 
 # Вклад
+
 Не соромтеся робити внесок, відкриваючи цей репозиторій, вносячи деякі зміни і відправляючи `Pull Requests`. З будь-яких питань напишіть нам лист за адресою `team@shieldfy.io`.
diff --git a/README-vi.md b/README-vi.md
index 93a90a9..303a24f 100644
--- a/README-vi.md
+++ b/README-vi.md
@@ -1,18 +1,20 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md)
 
 # Danh sách các giải pháp an toàn cho API
-Những giải pháp an toàn và cách khắc phục khi thiết kế, kiểm tra và phát hành API cho ứng dụng của bạn.
 
+Những giải pháp an toàn và cách khắc phục khi thiết kế, kiểm tra và phát hành API cho ứng dụng của bạn.
 
 ---
 
 ## Xác thực (Authentication)
+
 - [ ] Không sử dụng `Basic Auth`. Sử dụng giao thức xác thực tiêu chuẩn (chẳng hạn [JWT](https://jwt.io/) hay [OAuth](https://oauth.net/)).
 - [ ] Không tự thiết kế lại các giải pháp `Authentication`, `token generation`, `password storage`. Hãy sử dụng các giải pháp tiêu chuẩn.
 - [ ] Sử dụng `Max Retry` và chức năng Auto Block ở trang Login.
 - [ ] Mã hóa các dữ liệu nhạy cảm.
 
 ### JWT (JSON Web Token)
+
 - [ ] Sử dụng khóa ngẫu nhiên (`JWT Secret`) để tăng sự khó khăn của việc tấn công Brute Force.
 - [ ] Không sử dụng các thuật toán có trong `Payload` của người dùng. Bắt buộc sử dụng thuật toán phía backend (`HS256` hoặc `RS256`).
 - [ ] Đặt thời hạn token (`TTL`, `RTTL`) càng ngắn càng tốt.
@@ -20,6 +22,7 @@ Những giải pháp an toàn và cách khắc phục khi thiết kế, kiểm t
 - [ ] Tránh lưu trữ quá nhiều dữ liệu. JWT thường được chia sẻ trong header và chúng có giới hạn về kích thước.
 
 ## Quyền
+
 - [ ] Giới hạn request (Throttling) để phòng tránh các tấn công DDoS / brute-force.
 - [ ] Sử dụng giao thức HTTPS ở phía server để tránh MITM (Man In The Middle Attack).
 - [ ] Sử dụng `HSTS` header với SSL để tránh tấn công SSL Strip.
@@ -29,12 +32,14 @@ Những giải pháp an toàn và cách khắc phục khi thiết kế, kiểm t
 ## Ủy quyền (Authorization)
 
 ### OAuth Ủy quyền hoặc chứng thực giao thức
+
 - [ ] Luôn xác nhận `redirect_uri` phía server để chỉ cho phép redirect đến các URL tin cậy.
 - [ ] Ưu tiên sử dụng `response_type=code` thay vì `response_type=token`).
 - [ ] Sử dụng tham số `state` cùng một giá trị hash ngẫu nhiên để chống lại tấn công CSRF trong quá trình xác thực OAuth.
 - [ ] Định nghĩa phạm vi mặc định, và xác nhận các tham số phạm vi cho mỗi ứng dụng.
 
 ## Input
+
 - [ ] Sử dụng các HTTP method phù hợp với từng hành động: `GET (đọc)`, `POST (tạo mới)`, `PUT/PATCH (cập nhật/sửa)`, `DELETE (để xóa bản ghi)`, và phản hồi `405 Method Not Allowed` nếu HTTP method không phù hợp với tài nguyên được request.
 - [ ] Xác nhận dữ liệu `content-type` ở mỗi tiêu đề (Content Negotiation) chỉ cho phép những định dạng được hỗ trợ (chẳng hạn như. `application/xml`, `application/json`, vv) và phản hồi `406 Not Acceptable` nếu không khớp.
 - [ ] Xác nhận dữ liệu `content-type` được chấp nhận khi gửi lên (chẳng hạn như. `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json`...).
@@ -44,6 +49,7 @@ Những giải pháp an toàn và cách khắc phục khi thiết kế, kiểm t
 - [ ] Sử dụng API Gateway để kích hoạt cache, Rate Limit policies (chẳng hạng như. `Quota`, `Spike Arrest`, `Concurrent Rate Limit`) và deploy APIs resources linh động hơn.
 
 ## Processing
+
 - [ ] Đảm bảo rằng các endpoint chỉ xử lý dữ liệu sau khi đã qua bước xác thực.
 - [ ] Nên tránh việc sử dụng ID của tài nguyên. Sử dụng `/me/orders` thay vì `/user/654321/orders`.
 - [ ] Không nên thiết kế ID dạng tự động tăng. Sử dụng UUID để thay thế.
@@ -55,6 +61,7 @@ Những giải pháp an toàn và cách khắc phục khi thiết kế, kiểm t
 - [ ] Sử dụng stack không thực thi khi có sẵn.
 
 ## Output
+
 - [ ] Thêm `X-Content-Type-Options: nosniff` vào response headers.
 - [ ] Thêm `X-Frame-Options: deny` vào response headers.
 - [ ] Thêm `Content-Security-Policy: default-src 'none'` vào response headers.
@@ -64,6 +71,7 @@ Những giải pháp an toàn và cách khắc phục khi thiết kế, kiểm t
 - [ ] Trả về status code tương ứng với hành động đã hoàn thành. (chẳng hạn. `200 OK`, `400 Bad Request`, `401 Unauthorized`, `405 Method Not Allowed`...).
 
 ## CI & CD (Tích hợp và triển khai liên tục)
+
 - [ ] Kiểm tra thiết kế và thực hiện đầy đủ việc test với unit/integration.
 - [ ] Áp dụng quy trình đánh giá code và bỏ qua việc tự phê duyệt.
 - [ ] Đảm bảo các thành phần của dịch vụ được quét với các anti virus trước khi đưa ra phiên bản production, bao gồm các thư viện và các gói khác.
@@ -72,20 +80,21 @@ Những giải pháp an toàn và cách khắc phục khi thiết kế, kiểm t
 - [ ] Thiết kế một giải pháp rollback cho việc triển khai.
 
 ## Giám sát (Monitoring)
+
 - [ ] Sử dụng đăng nhập tập trung cho tất cả các dịch vụ và thành phần.
 - [ ] Sử dụng các tác nhân để giám sát tất cả lưu lượng truy cập, lỗi, yêu cầu, và phản hồi.
 - [ ] Sử dụng cảnh báo cho SMS, Slack, Email, Telegram, Kibana, Cloudwatch, vv.
 - [ ] Đảm bảo rằng bạn không ghi nhật ký bất kỳ dữ liệu nhạy cảm nào thẻ tín dụng, mật khẩu, mã PIN, vv.
 - [ ] Sử dụng hệ thống IDS và/hoặc IPS để giám sát các yêu cầu và phản hồi của API của bạn.
 
-
 ---
 
 ## Xem thêm:
-- [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) - Tập hợp các tài nguyên hữu ích để xây dựng API RESTful HTTP+JSON.
 
+- [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) - Tập hợp các tài nguyên hữu ích để xây dựng API RESTful HTTP+JSON.
 
 ---
 
 # Đóng góp
+
 Hãy đóng góp bằng cách forking kho này, thực hiện một số thay đổi và gửi yêu cầu kéo. Đối với bất kỳ câu hỏi nào, hãy gửi email cho chúng tôi theo địa chỉ `team@shieldfy.io`.
diff --git a/README-zh.md b/README-zh.md
index 411f23d..550f45d 100644
--- a/README-zh.md
+++ b/README-zh.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # 开发安全的 API 所需要核对的清单
 
diff --git a/README.md b/README.md
index bc72bd3..23e7d4e 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,4 @@
-[繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md) | [Azerbaijan](./README-az.md)
+[繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # API Security Checklist
 

From c410aa7eca33e8e0dd9ee70d69958a266e9097b7 Mon Sep 17 00:00:00 2001
From: Blood_Pupil <47860204+BloodPupil@users.noreply.github.com>
Date: Thu, 14 Dec 2023 14:27:12 +0800
Subject: [PATCH 135/149] =?UTF-8?q?=E5=A2=9E=E5=8A=A0=E4=B8=AA=E4=BA=BA?=
 =?UTF-8?q?=E5=B7=A5=E4=BD=9C=E4=B8=AD=E9=81=87=E5=88=B0=E7=9A=84=E4=B8=80?=
 =?UTF-8?q?=E4=BA=9B=E6=A3=80=E6=9F=A5=E9=A1=B9?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 README-zh.md | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/README-zh.md b/README-zh.md
index 550f45d..9ef2d17 100644
--- a/README-zh.md
+++ b/README-zh.md
@@ -11,7 +11,10 @@
 - [ ] 不要使用 `Basic Auth` ，请使用标准的认证协议（如 [JWT](https://jwt.io/)，[OAuth](https://oauth.net/)）。
 - [ ] 不要重新实现 `Authentication`、`token generating` 和 `password storing`，请使用标准库。
 - [ ] 限制密码错误尝试次数，并且增加账号冻结功能。
+- [ ] 密码或账号登录失败时返回模糊的提示信息，防止暴力破解攻击。
 - [ ] 加密所有的敏感数据。
+- [ ] 不要将API Key，云组件Key等硬编码到前端页面或APP中。
+- [ ] 使用Shiro框架时避免使用默认Key进行加密。
 
 ### JWT（JSON Web Token）
 
@@ -27,7 +30,11 @@
 - [ ] 在服务端使用 HTTPS 协议来防止 MITM （中间人攻击）。
 - [ ] 使用 `HSTS` 协议防止 SSL Strip 攻击。
 - [ ] 关闭目录列表。
+- [ ] 禁止公开存储文件列表可未授权访问。
 - [ ] 对于私有 API，仅允许从列入白名单的 IP/主机进行访问。
+- [ ] 禁止将内部组件接口、登录管理接口暴露于公网中。
+- [ ] 禁止将SourceMap文件暴露到公网中。
+- [ ] 禁止将API接口描述文档暴露到公网中。
 
 ## Authorization
 
@@ -53,12 +60,14 @@
 - [ ] 检查是否所有的接口都包含必要都身份认证，以避免被破坏了的认证体系。
 - [ ] 避免使用特有的资源 id。使用 `/me/orders` 替代 `/user/654321/orders`。
 - [ ] 使用 `UUID` 代替自增长的 id。
+- [ ] 对于访问资源进行权限检查，防止横向越权。
 - [ ] 如果需要解析 XML 文件，确保实体解析（entity parsing）是关闭的以避免 `XXE` 攻击。
 - [ ] 如果需要解析 XML 文件，确保实体扩展（entity expansion）是关闭的以避免通过指数实体扩展攻击实现的 `Billion Laughs/XML bomb`。
 - [ ] 在文件上传中使用 CDN。
 - [ ] 如果数据处理量很大，尽可能使用队列或者 Workers 在后台处理来避免阻塞请求，从而快速响应客户端。
 - [ ] 不要忘了把 DEBUG 模式关掉。
 - [ ] 可用时使用不可执行的堆栈。
+- [ ] 禁止使用类似于PHP extract函数将接口输入参数转换为变量。
 
 ## 输出
 
@@ -69,6 +78,10 @@
 - [ ] 在响应中遵循请求的 `content-type`，如果你的请求类型是 `application/json` 那么你返回的 `content-type` 就是 `application/json`。
 - [ ] 不要返回敏感的数据，如 `credentials`，`Passwords`，`security tokens`。
 - [ ] 给请求返回使用合理的 HTTP 响应代码。（如 `200 OK`，`400 Bad Request`，`401 Unauthorized`，`405 Method Not Allowed` 等等）。
+- [ ] 返回统一的错误页面，误将调用堆栈等信息在错误页面中展示。
+- [ ] 仅返回前端需要的业务数据，禁止返回过多类型敏感数据。
+- [ ] 前端对敏感业务数据使用时应结合业务需求对敏感数据进行脱敏。
+- [ ] 禁止在前端对数据进行脱敏，数据返回时在后端进行脱敏。
 
 ## 持续集成和持续部署
 
@@ -86,6 +99,7 @@
 - [ ] 使用短信，Slack，电子邮件，电报，Kibana, Cloudwatch等提醒。
 - [ ] 确保你没有记录任何敏感数据，如信用卡、密码、pin等。
 - [ ] 使用IDS和/或IPS系统监视您的API请求和实例。
+- [ ] 使用API检测设备进行API资产梳理、日志审计。
 
 ---
 

From e7a229d7b83c860a8353a7aff30848a03a059f27 Mon Sep 17 00:00:00 2001
From: Blood_Pupil <47860204+BloodPupil@users.noreply.github.com>
Date: Thu, 14 Dec 2023 14:35:47 +0800
Subject: [PATCH 136/149] =?UTF-8?q?=E5=A2=9E=E5=8A=A0=E4=B8=AA=E4=BA=BA?=
 =?UTF-8?q?=E5=B7=A5=E4=BD=9C=E4=B8=AD=E9=81=87=E5=88=B0=E7=9A=84=E4=B8=80?=
 =?UTF-8?q?=E4=BA=9B=E6=A3=80=E6=9F=A5=E9=A1=B9?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 README-zh.md | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/README-zh.md b/README-zh.md
index 9ef2d17..1532f96 100644
--- a/README-zh.md
+++ b/README-zh.md
@@ -14,7 +14,7 @@
 - [ ] 密码或账号登录失败时返回模糊的提示信息，防止暴力破解攻击。
 - [ ] 加密所有的敏感数据。
 - [ ] 不要将API Key，云组件Key等硬编码到前端页面或APP中。
-- [ ] 使用Shiro框架时避免使用默认Key进行加密。
+- [ ] 使用开源框架时禁止使用默认Key，比如Shiro。
 
 ### JWT（JSON Web Token）
 
@@ -27,6 +27,7 @@
 ## 访问
 
 - [ ] 限制流量来防止 DDoS 攻击和暴力攻击。
+- [ ] 对API接口访问进行速率限制防止业务数据被批量爬取。
 - [ ] 在服务端使用 HTTPS 协议来防止 MITM （中间人攻击）。
 - [ ] 使用 `HSTS` 协议防止 SSL Strip 攻击。
 - [ ] 关闭目录列表。
@@ -67,7 +68,7 @@
 - [ ] 如果数据处理量很大，尽可能使用队列或者 Workers 在后台处理来避免阻塞请求，从而快速响应客户端。
 - [ ] 不要忘了把 DEBUG 模式关掉。
 - [ ] 可用时使用不可执行的堆栈。
-- [ ] 禁止使用类似于PHP extract函数将接口输入参数转换为变量。
+- [ ] 禁止使用类似于PHP `extract`函数将接口输入参数转换为变量。
 
 ## 输出
 

From 45527c776b59338a76d1367a965e1af86b02b956 Mon Sep 17 00:00:00 2001
From: Pere Garriga <pere@additioapp.com>
Date: Fri, 9 Feb 2024 21:03:47 +0100
Subject: [PATCH 137/149] Created README-ca.md

---
 README-ca.md | 99 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 99 insertions(+)
 create mode 100644 README-ca.md

diff --git a/README-ca.md b/README-ca.md
new file mode 100644
index 0000000..63115ba
--- /dev/null
+++ b/README-ca.md
@@ -0,0 +1,99 @@
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+
+# Llista de verificació de seguretat per a APIs
+
+Llista de comprovació de les contramesures de seguretat més importants a l'hora de dissenyar, provar i llançar la vostra API.
+---
+
+## Autenticació
+
+- [ ] No utilitzeu `Basic Auth`. Utilitzeu l'autenticació estàndard en el seu lloc (per exemple, [JWT](https://jwt.io/)).
+- [ ] No reinventeu la roda en `Autenticació`, `generació de tokens`, `emmagatzematge de contrasenyes`. Utilitzeu els estàndards.
+- [ ] Utilitzeu polítiques de límit de reintents (`Max Retry`) i funcionalitats de jailing al Login.
+- [ ] Utilitzeu el xifratge en totes les dades sensibles.
+
+### JWT (JSON Web Token)
+
+- [ ] Utilitzeu una clau complicada aleatòria (`JWT Secret`) per fer que forçar el token sigui molt difícil.
+- [ ] No extregueu l'algorisme de l'encapçalament. Forci l'algorisme al backend (`HS256` o `RS256`).
+- [ ] Feu l'expiració del token (`TTL`, `RTTL`) el més curt possible.
+- [ ] No emmagatzemeu dades sensibles en la càrrega útil del JWT, es pot descodificar [fàcilment](https://jwt.io/#debugger-io).
+- [ ] Eviteu emmagatzemar massa dades. El JWT normalment es comparteix en encapçalaments i tenen un límit de mida.
+
+## Accés
+
+- [ ] Limiteu les sol·licituds (`Throttling`) per evitar atacs de DDoS / força bruta.
+- [ ] Utilitzeu HTTPS al servidor amb TLS 1.2+ i xifrats segurs per evitar atacs MITM (Man In The Middle Attack).
+- [ ] Utilitzeu l'encapçalament `HSTS` amb SSL per evitar atacs d'extracció SSL.
+- [ ] Desactiveu les llistes de directoris.
+- [ ] Per a les API privades, permeteu l'accés només des de IPs/hosts autoritzats.
+
+## Autorització
+
+### OAuth
+
+- [ ] Valideu sempre `redirect_uri` al servidor per permetre només URL autoritzades.
+- [ ] Intenteu canviar sempre per codi i no per tokens (no permeteu `response_type=token`).
+- [ ] Utilitzeu el paràmetre `state` amb un hash aleatori per evitar CSRF en el procés d'autorització d'OAuth.
+- [ ] Definiu l'scope per defecte i valideu els paràmetres d'scope per a cada aplicació.
+
+## Entrada
+
+- [ ] Utilitza el mètode HTTP adequat segons l'operació: `GET (llegir)`, `POST (crear)`, `PUT/PATCH (reemplaçar/actualitzar)`, i `DELETE (eliminar)`, i respon amb `405 Method Not Allowed` si el mètode sol·licitat no és adequat per al recurs sol·licitat.
+- [ ] Valida el `content-type` a l'encapçalament Accept de la sol·licitud (Content Negotiation) per permetre només el teu format compatible (per exemple, `application/xml`, `application/json`, etc.) i respon amb una resposta `406 Not Acceptable` si no coincideix.
+- [ ] Valida el `content-type` de les dades enviades com accepteu (per exemple, `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json`, etc.).
+- [ ] Valida l'entrada de l'usuari per evitar vulnerabilitats comunes (per exemple, `XSS`, `Injecció SQL`, `Execució de codi remot`, etc.).
+- [ ] No utilitzis cap dada sensible (`credentials`, `passwords`, `security tokens`, or `API keys`) a l'URL, sinó que utilitza l'encapçalament d'autorització estàndard.
+- [ ] Utilitza només el xifratge al servidor.
+- [ ] Utilitza un servei d'API Gateway per habilitar polítiques de memòria cau, polítiques de límit de taxa (per exemple, `Quota`, `Spike Arrest` o `Concurrent Rate Limit`) i desplegar recursos d'API dinàmicament.
+
+## Processament
+
+- [ ] Comprova si tots els endpoints estan protegits darrere de l'autenticació per evitar el procés d'autenticació trencat.
+- [ ] S'hauria d'evitar l'ID de recurs propi de l'usuari. Utilitza `/me/orders` en lloc de `/user/654321/orders`.
+- [ ] No utilitzis IDs autoicrementals. Utilitza `UUID` en lloc d'això.
+- [ ] Si estàs analitzant dades XML, assegura't que l'anàlisi d'entitats no estigui habilitat per evitar `XXE` (XML external entity attack).
+- [ ] Si estàs analitzant XML, YAML o qualsevol altre llenguatge amb àncores i referències, assegura't que l'expansió d'entitats no estigui habilitada per evitar `Billion Laughs/XML bomb` a través d'un atac d'expansió d'entitats exponencial.
+- [ ] Utilitza un CDN per carregar fitxers.
+- [ ] Si estàs tractant amb una gran quantitat de dades, utilitza Workers i Queues per processar el màxim possible en segon pla i retornar una resposta ràpida per evitar el bloqueig HTTP.
+- [ ] No oblidis desactivar el mode DEBUG.
+- [ ] Utilitza stacks no executables quan estiguin disponibles.
+
+## Sortida
+
+- [ ] Envia l'encapçalament `X-Content-Type-Options: nosniff`.
+- [ ] Envia l'encapçalament `X-Frame-Options: deny`.
+- [ ] Envia l'encapçalament `Content-Security-Policy: default-src 'none'`.
+- [ ] Elimina els encapçalaments d'identificació - `X-Powered-By`, `Server`, `X-AspNet-Version`, etc.
+- [ ] Força `content-type` per a la teva resposta. Si tornes `application/json`, llavors la teva resposta de `content-type` és `application/json`.
+- [ ] No retornis dades sensibles com `credencials`, `contrasenyes` o `tokens de seguretat`.
+- [ ] Retorna el codi d'estat adequat segons l'operació completada. (per exemple, `200 OK`, `400 Bad Request`, `401 Unauthorized`, `405 Method Not Allowed`, etc.).
+
+## CI & CD
+
+- [ ] Auditora el teu disseny i implementació amb cobertura de tests unitàris i d'integració.
+- [ ] Utilitza un procés de revisió de codi i ignora l'autoaprovació.
+- [ ] Assegura't que tots els components dels teus serveis siguin escanejats estàticament per un programari AV abans de desplegar-los a producció, incloent biblioteques de tercers i altres dependències.
+- [ ] Executa contínuament tests de seguretat (anàlisi estàtica/dinàmica) en el teu codi.
+- [ ] Comprova les teves dependències (tant el programari com el sistema operatiu) per a vulnerabilitats conegudes.
+- [ ] Dissenyar una solució de reversió per a desplegaments.
+
+## Monitoratge
+
+- [ ] Utilitza inicis de sessió centralitzats per a tots els serveis i components.
+- [ ] Utilitza agents per monitorar tot el tràfic, errors, sol·licituds i respostes.
+- [ ] Utilitza alertes per SMS, Slack, correu electrònic, Telegram, Kibana, Cloudwatch, etc.
+- [ ] Assegura't de no registrar cap dada sensible com ara targetes de crèdit, contrasenyes, PINs, etc.
+- [ ] Utilitza un sistema IDS i/o IPS per monitorar les teves sol·licituds d'API i instàncies.
+
+---
+
+## També podeu veure:
+
+- [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) - Una col·lecció de recursos útils per a la construcció de RESTful HTTP+JSON APIs.
+
+---
+
+# Contribució
+
+No dubteu a contribuir fent un fork d'aquest repositori, fent alguns canvis i enviant pull requests. Per a qualsevol pregunta envia'ns un correu electrònic a `team@shieldfy.io`.
\ No newline at end of file

From 306efe47b950aed4727d90bfd136b55113aead59 Mon Sep 17 00:00:00 2001
From: Pere Garriga <pere@additioapp.com>
Date: Fri, 9 Feb 2024 21:06:08 +0100
Subject: [PATCH 138/149] =?UTF-8?q?Adding=20Catal=C3=A0=20into=20README.md?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 23e7d4e..51d5804 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,4 @@
-[繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Català](./README-ca.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # API Security Checklist
 

From 149b4b582d5db289e507cabb57471f6d4359c126 Mon Sep 17 00:00:00 2001
From: Caleb Mazalevskis <maikuolan@gmail.com>
Date: Sat, 10 Feb 2024 11:21:13 +0800
Subject: [PATCH 139/149] Sync.

---
 README-ar.md    |  2 +-
 README-az.md    |  2 +-
 README-bn.md    | 10 +++++-----
 README-ca.md    |  3 ++-
 README-cs.md    |  2 +-
 README-de.md    |  2 +-
 README-el.md    |  2 +-
 README-es.md    |  2 +-
 README-fa.md    |  2 +-
 README-fr.md    |  2 +-
 README-hi.md    |  2 +-
 README-id.md    |  2 +-
 README-it.md    |  2 +-
 README-ja.md    |  2 +-
 README-ko.md    |  2 +-
 README-lo.md    |  2 +-
 README-mk.md    |  2 +-
 README-ml.md    |  2 +-
 README-mn.md    |  2 +-
 README-nl.md    |  2 +-
 README-pl.md    |  2 +-
 README-pt_BR.md |  2 +-
 README-ru.md    |  2 +-
 README-th.md    |  2 +-
 README-tr.md    |  2 +-
 README-tw.md    |  2 +-
 README-uk.md    |  2 +-
 README-vi.md    |  2 +-
 README-zh.md    |  2 +-
 29 files changed, 34 insertions(+), 33 deletions(-)

diff --git a/README-ar.md b/README-ar.md
index c606032..bc45ecf 100644
--- a/README-ar.md
+++ b/README-ar.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Català](./README-ca.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 <div dir="rtl">
 
diff --git a/README-az.md b/README-az.md
index 2b67fcd..e9e2159 100644
--- a/README-az.md
+++ b/README-az.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Català](./README-ca.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # API təhlükəsizlik yoxlama siyahısı
 
diff --git a/README-bn.md b/README-bn.md
index 92cff29..5456dba 100644
--- a/README-bn.md
+++ b/README-bn.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [Català](./README-ca.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # API নিরাপত্তা তালিকা
 
@@ -56,7 +56,7 @@
 - [ ] যদি আপনি XML তথ্য parsing করছেন, তাহলে নিশ্চিত হয়ে নিন যেন entity parsing চালু না থাকে `XXE` (XML external entity attack) আক্রমণ এড়ানোর জন্য।
 - [ ] যদি আপনি XML, YAML অথবা অন্য কোন ভাষা anchors এবং refs দিয়ে parsing করছেন, তাহলে নিশ্চিত হয়ে নিন যেন entity expansion চালু না থাকে `Billion Laughs/XML bomb` via exponential entity expansion আক্রমণ এড়ানোর জন্য।
 - [ ] CDN ব্যাবহার করুন ফাইল আপলোড এর জন্য।
-- [ ] যদি আপনি অনেক গুলো তথ্য নিয়ে কাজ করেন তাহলে, Workers এবং Queues পটভূমিতে যত সম্ভব  ব্যবহার করুন এবং তাড়াতাড়ি প্রতিক্রিয়া জানান HTTP Blocking না করার জন্য।
+- [ ] যদি আপনি অনেক গুলো তথ্য নিয়ে কাজ করেন তাহলে, Workers এবং Queues পটভূমিতে যত সম্ভব ব্যবহার করুন এবং তাড়াতাড়ি প্রতিক্রিয়া জানান HTTP Blocking না করার জন্য।
 - [ ] DEBUG মোড বন্ধ করতে ভুলবেন না।
 - [ ] non-executable stacks ব্যবহার করবেন যখন সম্ভব।
 
@@ -65,7 +65,7 @@
 - [ ] `X-Content-Type-Options: nosniff` header পাঠান।
 - [ ] `X-Frame-Options: deny` header পাঠান।
 - [ ] `Content-Security-Policy: default-src 'none'` পাঠান।
-- [ ] Fingerprinting headers গুলো সরিয়ে দিন  - `X-Powered-By`, `Server`, `X-AspNet-Version`, ইত্যাদি।
+- [ ] Fingerprinting headers গুলো সরিয়ে দিন - `X-Powered-By`, `Server`, `X-AspNet-Version`, ইত্যাদি।
 - [ ] আপনার প্রতিক্রিয়ায় `content-type` থাকতে বাধ্য করুন. যদি আপনি `application/json` পাঠান, তাহলে আপনার `content-type` প্রতিক্রিয়া হবে `application/json`।
 - [ ] সংবেদনশীল তথ্য পাঠাবেন না যেমন `credentials`, `passwords`, or `security tokens`।
 - [ ] অপারেশন অনুযায়ী যথাযথ status code পাঠাবেন (যেমন, `200 OK`, `400 Bad Request`, `401 Unauthorized`, `405 Method Not Allowed`, ইত্যাদি)।
@@ -85,13 +85,13 @@
 - [ ] ট্র্যাফিক, ত্রুটি, অনুরোধ এবং প্রতিক্রিয়াগুলো নিরীক্ষণ করতে এজেন্ট ব্যবহার করুন।
 - [ ] SMS, Slack, Email, Telegram, Kibana, Cloudwatch, ইত্যাদির জন্য সতর্কতা ব্যবহার করুন।
 - [ ] আপনি কোন সংবেদনশীল তথ্য লগ করছেন না তা নিশ্চিত করুন যেমন credit cards, passwords, PINs, ইত্যাদি।
-- [ ] IDS অথবা IPS পদ্ধতি ব্যবহার করুন  API requests এবং instances মূল্যায়ন করতে।
+- [ ] IDS অথবা IPS পদ্ধতি ব্যবহার করুন API requests এবং instances মূল্যায়ন করতে।
 
 ---
 
 ## আরও দেখুন:
 
-- [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) -  RESTful HTTP+JSON APIs নির্মাণ করার একটি দরকারী সংগ্রহ।
+- [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) - RESTful HTTP+JSON APIs নির্মাণ করার একটি দরকারী সংগ্রহ।
 
 ---
 
diff --git a/README-ca.md b/README-ca.md
index 63115ba..53ab369 100644
--- a/README-ca.md
+++ b/README-ca.md
@@ -3,6 +3,7 @@
 # Llista de verificació de seguretat per a APIs
 
 Llista de comprovació de les contramesures de seguretat més importants a l'hora de dissenyar, provar i llançar la vostra API.
+
 ---
 
 ## Autenticació
@@ -96,4 +97,4 @@ Llista de comprovació de les contramesures de seguretat més importants a l'hor
 
 # Contribució
 
-No dubteu a contribuir fent un fork d'aquest repositori, fent alguns canvis i enviant pull requests. Per a qualsevol pregunta envia'ns un correu electrònic a `team@shieldfy.io`.
\ No newline at end of file
+No dubteu a contribuir fent un fork d'aquest repositori, fent alguns canvis i enviant pull requests. Per a qualsevol pregunta envia'ns un correu electrònic a `team@shieldfy.io`.
diff --git a/README-cs.md b/README-cs.md
index 463b8c7..bdfd205 100644
--- a/README-cs.md
+++ b/README-cs.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Català](./README-ca.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # Seznam API zabezpečení
 
diff --git a/README-de.md b/README-de.md
index 32e4885..4031b18 100644
--- a/README-de.md
+++ b/README-de.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Català](./README-ca.md) | [Čeština](./README-cs.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # API Security Checkliste
 
diff --git a/README-el.md b/README-el.md
index cf53c1b..1b29ddf 100644
--- a/README-el.md
+++ b/README-el.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Català](./README-ca.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # API λίστα ελέγχου ασφαλείας
 
diff --git a/README-es.md b/README-es.md
index 82a7276..667ddab 100644
--- a/README-es.md
+++ b/README-es.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Català](./README-ca.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # Lista de seguridad en APIs
 
diff --git a/README-fa.md b/README-fa.md
index f727676..a0b7727 100644
--- a/README-fa.md
+++ b/README-fa.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Català](./README-ca.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 <div dir="rtl">
 
diff --git a/README-fr.md b/README-fr.md
index 0d7f9e7..e55aa0f 100644
--- a/README-fr.md
+++ b/README-fr.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Català](./README-ca.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # API Security Checklist
 
diff --git a/README-hi.md b/README-hi.md
index 26634f7..0432a9c 100644
--- a/README-hi.md
+++ b/README-hi.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Català](./README-ca.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # API सुरक्षा जांच-सूची
 
diff --git a/README-id.md b/README-id.md
index e5e9047..a14547b 100644
--- a/README-id.md
+++ b/README-id.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Català](./README-ca.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # Checklist Keamanan API
 
diff --git a/README-it.md b/README-it.md
index 6155225..913071e 100644
--- a/README-it.md
+++ b/README-it.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Català](./README-ca.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # Checklist per la sicurezza delle API
 
diff --git a/README-ja.md b/README-ja.md
index d357594..34006ec 100644
--- a/README-ja.md
+++ b/README-ja.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Català](./README-ca.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # APIセキュリティチェックリスト
 
diff --git a/README-ko.md b/README-ko.md
index 01a9c22..36863a8 100644
--- a/README-ko.md
+++ b/README-ko.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Català](./README-ca.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # API 보안 점검표
 
diff --git a/README-lo.md b/README-lo.md
index 6d9a01f..4a8d3b5 100644
--- a/README-lo.md
+++ b/README-lo.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Català](./README-ca.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # API Security Checklist
 
diff --git a/README-mk.md b/README-mk.md
index acd95b4..487793f 100644
--- a/README-mk.md
+++ b/README-mk.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Català](./README-ca.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # API Безбедносна контролна листа
 
diff --git a/README-ml.md b/README-ml.md
index 9b4c889..b2eccc5 100644
--- a/README-ml.md
+++ b/README-ml.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Català](./README-ca.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # API സുരക്ഷാ ചെക്ക്‌ലിസ്റ്റ്
 
diff --git a/README-mn.md b/README-mn.md
index a66ad97..3163102 100644
--- a/README-mn.md
+++ b/README-mn.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Català](./README-ca.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # API Аюулгүйн жагсаалт
 
diff --git a/README-nl.md b/README-nl.md
index 91a6d05..71a1c43 100644
--- a/README-nl.md
+++ b/README-nl.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Català](./README-ca.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # API Security Checklist
 
diff --git a/README-pl.md b/README-pl.md
index b903ab8..ad52763 100644
--- a/README-pl.md
+++ b/README-pl.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Català](./README-ca.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # Lista kontrolna bezpieczeństwa API
 
diff --git a/README-pt_BR.md b/README-pt_BR.md
index cace2a2..db24fc6 100644
--- a/README-pt_BR.md
+++ b/README-pt_BR.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Català](./README-ca.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # API Security Checklist
 
diff --git a/README-ru.md b/README-ru.md
index 5bbb4bf..050c43b 100644
--- a/README-ru.md
+++ b/README-ru.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Català](./README-ca.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # Контрольный список безопасности API
 
diff --git a/README-th.md b/README-th.md
index f7b9685..46e320d 100644
--- a/README-th.md
+++ b/README-th.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Català](./README-ca.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # API Security Checklist
 
diff --git a/README-tr.md b/README-tr.md
index bc103fb..b85f4fa 100644
--- a/README-tr.md
+++ b/README-tr.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Català](./README-ca.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # API Güvenlik Kontrol Listesi
 
diff --git a/README-tw.md b/README-tw.md
index 17a9573..3256eb2 100644
--- a/README-tw.md
+++ b/README-tw.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Català](./README-ca.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # 開發安全的 API 所需要核對的清單
 
diff --git a/README-uk.md b/README-uk.md
index 810db80..0e18109 100644
--- a/README-uk.md
+++ b/README-uk.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Català](./README-ca.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md)
 
 # Контрольний список безпеки API
 
diff --git a/README-vi.md b/README-vi.md
index 303a24f..c6591df 100644
--- a/README-vi.md
+++ b/README-vi.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Català](./README-ca.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md)
 
 # Danh sách các giải pháp an toàn cho API
 
diff --git a/README-zh.md b/README-zh.md
index 1532f96..929ebdd 100644
--- a/README-zh.md
+++ b/README-zh.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Català](./README-ca.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # 开发安全的 API 所需要核对的清单
 

From 14e469ccfb2a72de104edf541a7aaf719f279c67 Mon Sep 17 00:00:00 2001
From: yuankeqiang <379395979@qq.com>
Date: Tue, 16 Apr 2024 10:13:00 +0800
Subject: [PATCH 140/149] fix README-zh.md word error

---
 README-zh.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README-zh.md b/README-zh.md
index 929ebdd..8497389 100644
--- a/README-zh.md
+++ b/README-zh.md
@@ -9,7 +9,7 @@
 ## 身份认证
 
 - [ ] 不要使用 `Basic Auth` ，请使用标准的认证协议（如 [JWT](https://jwt.io/)，[OAuth](https://oauth.net/)）。
-- [ ] 不要重新实现 `Authentication`、`token generating` 和 `password storing`，请使用标准库。
+- [ ] 不要重新实现 `Authentication`、`token generating` 和 `password storage`，请使用标准库。
 - [ ] 限制密码错误尝试次数，并且增加账号冻结功能。
 - [ ] 密码或账号登录失败时返回模糊的提示信息，防止暴力破解攻击。
 - [ ] 加密所有的敏感数据。

From 03461ebcfb0b4a1de7603d8879c78c6cbace995f Mon Sep 17 00:00:00 2001
From: Lyubomir Radkov <lyubomirradkov@gmail.com>
Date: Fri, 15 Nov 2024 12:22:54 +0200
Subject: [PATCH 141/149] Added README-bg.md

---
 README-bg.md | 100 +++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 100 insertions(+)
 create mode 100644 README-bg.md

diff --git a/README-bg.md b/README-bg.md
new file mode 100644
index 0000000..06b0ac5
--- /dev/null
+++ b/README-bg.md
@@ -0,0 +1,100 @@
+[繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Català](./README-ca.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md) | [Български](./README-bg.md)
+
+# Контролен списък за сигурност на API
+
+Контролен списък с най-важните контрамерки за сигурност при проектиране, тестване и пускане на вашето API.
+
+---
+
+## Удостоверяване
+
+- [ ] Не използвайте `Basic Auth`. Използвайте стандартно удостоверяване ( например: [JWT](https://jwt.io/), OAuth).
+- [ ] Не преоткривайте нови начини за `удостоверяване`, `генериране на токени`, `съхранение на пароли`. Придържайте се към стандартите.
+- [ ] Използвайте `Max Retry` и jail функции по време на удостоверяване.
+- [ ] Използвайте криптиране на всички чувствителни данни.
+
+### JWT (JSON Web Token)
+
+- [ ] Използвайте произволен сложен ключ (`JWT Secret`), за да направите грубото форсиране на токена по- трудно.
+- [ ] Не извличайте алгоритъма от заглавката. Принудете алгоритъма в бекенда (`HS256` or `RS256`).
+- [ ] Направете токена, така че да изтече (`TTL`, `RTTL`), за възможно най-кратко време.
+- [ ] Не съхранявайте чувствителни данни в JWT, те могат да бъдат декодирани [лесно](https://jwt.io/#debugger-io).
+- [ ] Избягвайте да съхранявате твърде много данни. JWT обикновено се споделя в заглавки, а те имат ограничение на размера.
+
+## Достъп
+
+- [ ] Задайте ограничение за броя на заявките в минута (Throttling, RPM-Limit), за да избегнете DDoS / Brute Force атаки.
+- [ ] Използвайте HTTPS, от страната на сървъра, с TLS 1.2+ и сигурни шифри, за да избегнете MITM (Man in the Middle атака).
+- [ ] Използвайте заглавката `HSTS` (HTTP Strict Transport Security) със SSL, за да избегнете SSL Strip атаки.
+- [ ] Изключете списъците с директории.
+- [ ] За частни API, разрешете достъп само от IP адреси/хостове в белия списък.
+
+## Упълномощаване
+
+### OAuth
+
+- [ ] Винаги проверявайте `redirect_uri`, от страната на сървъра, за да разрешите само URL адреси от белия списък.
+- [ ] Винаги се опитвайте да използвате еднократен код вместо токени (не използвайте `response_type=token`).
+- [ ] Използвайте параметъра `state` с произволен хеш, за да предотвратите CSRF в процеса на OAuth удостоверяване.
+- [ ] Определете обхват по подразбиране и проверете настройките за всяко приложение.
+
+## Заявка
+
+- [ ] Използвайте подходящият HTTP метод според операцията: `GET (четене)`, `POST (създаване)`, `PUT/PATCH (замяна/актуализация)` и `DELETE (изтриване)` и също отговорете с `405 Method Not Allowed` ако заявеният метод не е подходящ за искания ресурс.
+- [ ] Валидирайте `типа данни (content-type)` в заглавката `Accept` (Content Negotiation), за да позволите само поддържани формати (например: `application/xml`, `application/json` и т.н.) и отговорете с `406 Not Acceptable`, ако типът не се поддържа.
+- [ ] Валидирайте `типа данни (content-type)`, които получавате (например: `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json` и т.н.).
+- [ ] Валидирайте въведеното от потребителя, за да избегнете често срещани уязвимости (например: `XSS`, `SQL-Injection`, `Remote Code Execution`и т.н.).
+- [ ] Не споделяйте чувствителни данни (`идентификационни данни`, `пароли`, `токени` или `API ключове`) в URL адреса, вместо това използвайте стандартната заглавка `Authorization`.
+- [ ] Използвайте само криптиране от страна на сървъра.
+- [ ] Използвайте API шлюз за ​​да конфигурирате кеширане, ограничаване на заявките (например: `Quota`, `Spike Arrest` или `Concurrent Rate Limit`) и динамично внедряване на API.
+
+## Обработка
+
+- [ ] Проверете, дали всички крайни точки са защитени чрез удостоверяване, за да избегнете прекъсване на процеса на удостоверяване.
+- [ ] Идентификаторът на собствен ресурс на потребителя, трябва да се избягва. Използвайте `/me/orders`, вместо `/user/654321/orders`
+- [ ] Не използвайте автоматично нарастване за ID. Вместо това използвайте `UUID`.
+- [ ] Ако анализирате XML файлове, уверете се, че анализът на обект е изключен, за да избегнете `XXE` (XML external entity).
+- [ ] Ако анализирате XML, YAML или друг език с котви и препратки, уверете се, че разширяването на обекта е изключено, за да избегнете `Billion Laughs/XML bomb` чрез атака с експоненциално разширяване на обект.
+- [ ] Използвайте CDN за качване на файлове.
+- [ ] Ако имате работа с огромно количество данни, използвайте Workers и Queues, за да обработите колкото е възможно повече, във фонов режим, и да върнете отговор бързо, за да избегнете HTTP блокиране.
+- [ ] Не забравяйте да изключите режима DEBUG.
+- [ ] Използвайте неизпълними стекове, когато има такива.
+
+## Отговор
+
+- [ ] Изпратете заглавката `X-Content-Type-Options: nosniff`.
+- [ ] Изпратете заглавката `X-Frame-Options: deny`.
+- [ ] Изпратете заглавката `Content-Security-Policy: default-src 'none'`.
+- [ ] Премахнете заглавките, които биха могли да помогнат на атакуващ да провери вашия ресурс за уязвимости - `X-Powered-By`, `Server`, `X-AspNet-Version`и т.н.
+- [ ] Фиксирайте `content-type` за вашия отговор. Ако изпращате отговор `application/json`, то тогава заявката трябва да бъде в `application/json`
+- [ ] Не изпращайте в отговорите чувствителни данни като `идентификационни данни`, `пароли` или `токени`.
+- [ ] Върнете правилния код на състоянието въз основа на резултатите от операцията. (например: `200 OK`, `400 Bad Request`, `401 Unauthorized`, `405 Method Not Allowed` и т.н.).
+
+## Непрекъсната интеграция и непрекъсната доставка (CI & CD)
+
+- [ ] Одитирайте вашия дизайн и внедрете модулни/интеграционни тестове.
+- [ ] Използвайте процес за преглед на кода (Code Review). Не се самоодобрявайте (no Self-Approval).
+- [ ] Уверете се, че вашето приложение е сканирано с антивирусен софтуер, преди да бъде пуснато в производство, включително библиотеки и други зависимости.
+- [ ] Непрекъснато провеждайте тестове за сигурност (статичен/динамичен анализ) на вашия код.
+- [ ] Проверете вашите зависимости (както софтуер, така и операционна система) за известни уязвимости.
+- [ ] Проектирайте решение за бързо връщане към предишната версия.
+
+## Мониторинг
+
+- [ ] Използвайте централизирани входове за всички услуги и компоненти.
+- [ ] Използвайте агенти, за да наблюдавате целия трафик, грешки, заявки и отговори.
+- [ ] Използвайте известия за SMS, Slack, имейл, Telegram, Kibana, Cloudwatch и др.
+- [ ] Уверете се, че не регистрирате чувствителни данни като кредитни карти, пароли, ПИН кодове и др.
+- [ ] Използвайте IDS и/или IPS система за наблюдение на заявки и екземпляри на API.
+
+---
+
+## Вижте също:
+
+- [yosriady/api-development-tools](https://github.com/yosriady/api-development-tools) - Колекция от полезни ресурси за създаване на RESTful HTTP+JSON API.
+
+---
+
+# Принос
+
+Чувствайте се свободни да допринесете, като отворите това хранилище, направите някои промени и изпратите `Pull Requests`. За всякакви въпроси, моля, пишете ни на `team@shieldfy.io`.

From 9097696aa66af2ea11174932025ab25533933f32 Mon Sep 17 00:00:00 2001
From: Lyubomir Radkov <lyubomirradkov@gmail.com>
Date: Fri, 15 Nov 2024 12:23:34 +0200
Subject: [PATCH 142/149] Added Bulgarian to the list of translations

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 51d5804..a5eaa9c 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,4 @@
-[繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Català](./README-ca.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Català](./README-ca.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md) | [Български](./README-bg.md)
 
 # API Security Checklist
 

From d4a873093b3ff63b6bd7d156a1e650bf0199f9fa Mon Sep 17 00:00:00 2001
From: Caleb Mazalevskis <maikuolan@gmail.com>
Date: Fri, 22 Nov 2024 10:52:38 +0800
Subject: [PATCH 143/149] Sync.

---
 README-ar.md    | 2 +-
 README-az.md    | 6 +++---
 README-bg.md    | 2 +-
 README-bn.md    | 2 +-
 README-ca.md    | 2 +-
 README-cs.md    | 2 +-
 README-de.md    | 2 +-
 README-el.md    | 4 ++--
 README-es.md    | 2 +-
 README-fa.md    | 4 ++--
 README-fr.md    | 2 +-
 README-hi.md    | 2 +-
 README-id.md    | 2 +-
 README-it.md    | 2 +-
 README-ja.md    | 2 +-
 README-ko.md    | 2 +-
 README-lo.md    | 2 +-
 README-mk.md    | 2 +-
 README-ml.md    | 2 +-
 README-mn.md    | 2 +-
 README-nl.md    | 2 +-
 README-pl.md    | 2 +-
 README-pt_BR.md | 2 +-
 README-ru.md    | 2 +-
 README-th.md    | 2 +-
 README-tr.md    | 4 ++--
 README-tw.md    | 4 ++--
 README-uk.md    | 2 +-
 README-vi.md    | 2 +-
 README-zh.md    | 2 +-
 README.md       | 2 +-
 31 files changed, 37 insertions(+), 37 deletions(-)

diff --git a/README-ar.md b/README-ar.md
index bc45ecf..970faf6 100644
--- a/README-ar.md
+++ b/README-ar.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Català](./README-ca.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [Azərbaycan](./README-az.md) | [Български](./README-bg.md) | [বাংলা](./README-bn.md) | [Català](./README-ca.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 <div dir="rtl">
 
diff --git a/README-az.md b/README-az.md
index e9e2159..5b56d63 100644
--- a/README-az.md
+++ b/README-az.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [বাংলা](./README-bn.md) | [Català](./README-ca.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Български](./README-bg.md) | [বাংলা](./README-bn.md) | [Català](./README-ca.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # API təhlükəsizlik yoxlama siyahısı
 
@@ -70,7 +70,7 @@ API-nizi tərtib edərkən, sınaqdan keçirərkən və dərc edərkən ən vaci
 - [ ] Nəticədə "etimadnamələr", "parollar" və ya "təhlükəsizlik nişanları" kimi həssas məlumatları göndərməyin.
 - [ ] Əməliyyat başa çatdıqdan sonra müvafiq status kodunu qaytarın. (məsələn, `200 OK`, `400 Bad Sorğu`, `401 İcazəsiz`, `405 Metod İcazə Verilmir` və s.).
 
-## CI&CD
+## CI & CD
 
 - [ ] Vahid/inteqrasiya testi əhatə ölçüləri ilə dizayn və tətbiqinizi yoxlayın.
 - [ ] Kodun nəzərdən keçirilməsi prosesindən istifadə edin və öz təsdiqinizə məhəl qoymayın.
@@ -97,4 +97,4 @@ API-nizi tərtib edərkən, sınaqdan keçirərkən və dərc edərkən ən vaci
 
 # Töhfə
 
-Bu deponu budaqlamaq, bəzi dəyişikliklər etmək və pull requests göndərməklə töhfə verməkdən çəkinməyin. Hər hansı bir sual üçün bizə bir e-poçt yazın: `team@shieldfy.io `.
+Bu deponu budaqlamaq, bəzi dəyişikliklər etmək və pull requests göndərməklə töhfə verməkdən çəkinməyin. Hər hansı bir sual üçün bizə bir e-poçt yazın: `team@shieldfy.io`.
diff --git a/README-bg.md b/README-bg.md
index 06b0ac5..49e9af2 100644
--- a/README-bg.md
+++ b/README-bg.md
@@ -1,4 +1,4 @@
-[繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Català](./README-ca.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md) | [Български](./README-bg.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Català](./README-ca.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # Контролен списък за сигурност на API
 
diff --git a/README-bn.md b/README-bn.md
index 5456dba..da0357e 100644
--- a/README-bn.md
+++ b/README-bn.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [Català](./README-ca.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [Български](./README-bg.md) | [Català](./README-ca.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # API নিরাপত্তা তালিকা
 
diff --git a/README-ca.md b/README-ca.md
index 53ab369..b024c25 100644
--- a/README-ca.md
+++ b/README-ca.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [Български](./README-bg.md) | [বাংলা](./README-bn.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # Llista de verificació de seguretat per a APIs
 
diff --git a/README-cs.md b/README-cs.md
index bdfd205..7e05701 100644
--- a/README-cs.md
+++ b/README-cs.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Català](./README-ca.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [Български](./README-bg.md) | [বাংলা](./README-bn.md) | [Català](./README-ca.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # Seznam API zabezpečení
 
diff --git a/README-de.md b/README-de.md
index 4031b18..beb8a7d 100644
--- a/README-de.md
+++ b/README-de.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Català](./README-ca.md) | [Čeština](./README-cs.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [Български](./README-bg.md) | [বাংলা](./README-bn.md) | [Català](./README-ca.md) | [Čeština](./README-cs.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # API Security Checkliste
 
diff --git a/README-el.md b/README-el.md
index 1b29ddf..9abc403 100644
--- a/README-el.md
+++ b/README-el.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Català](./README-ca.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [Български](./README-bg.md) | [বাংলা](./README-bn.md) | [Català](./README-ca.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # API λίστα ελέγχου ασφαλείας
 
@@ -79,7 +79,7 @@
 - [ ] Ελέγξτε τις εξαρτήσεις σας (τόσο το λογισμικό όσο και το λειτουργικό σύστημα) για γνωστά τρωτά σημεία.
 - [ ] Σχεδιάστε rollback διαδικασίες για deployments.
 
-## Monitoring
+## Παρακολούθηση
 
 - [ ] Use centralized logins for all services and components.
 - [ ] Use agents to monitor all traffic, errors, requests, and responses.
diff --git a/README-es.md b/README-es.md
index 667ddab..bb09946 100644
--- a/README-es.md
+++ b/README-es.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Català](./README-ca.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [Български](./README-bg.md) | [বাংলা](./README-bn.md) | [Català](./README-ca.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # Lista de seguridad en APIs
 
diff --git a/README-fa.md b/README-fa.md
index a0b7727..e95a8e7 100644
--- a/README-fa.md
+++ b/README-fa.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Català](./README-ca.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [Български](./README-bg.md) | [বাংলা](./README-bn.md) | [Català](./README-ca.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 <div dir="rtl">
 
@@ -12,7 +12,7 @@
 
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;از `Basic Auth` یا همان `اصالت‌سنجی برای دسترسی‌های اولیه` استفاده نکنید. به جای آن از روش‌های استاندارد احراز هویت استفاده کنید (مثلا [JWT](https://jwt.io/) یا [OAuth](https://oauth.net/)).
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;برای کارهایی مثل `احراز هویت`، `تولید توکن` و `ذخیره پسوورد` چرخ را دوباره اختراع نکنید. از استانداردها استفاده کنید.
-- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;برای لاگین محدودیت‌های `تعداد ماکسیمم تلاش مجدد`  و تعداد دفعات ورود را قرار بدید.
+- [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;برای لاگین محدودیت‌های `تعداد ماکسیمم تلاش مجدد` و تعداد دفعات ورود را قرار بدید.
 - [ ] &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;همه‌ی داده‌های حساس را رمزگذاری کنید.
 
 ### JWT (JSON Web Token)
diff --git a/README-fr.md b/README-fr.md
index e55aa0f..907cd21 100644
--- a/README-fr.md
+++ b/README-fr.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Català](./README-ca.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [Български](./README-bg.md) | [বাংলা](./README-bn.md) | [Català](./README-ca.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # API Security Checklist
 
diff --git a/README-hi.md b/README-hi.md
index 0432a9c..e2d6255 100644
--- a/README-hi.md
+++ b/README-hi.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Català](./README-ca.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [Български](./README-bg.md) | [বাংলা](./README-bn.md) | [Català](./README-ca.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # API सुरक्षा जांच-सूची
 
diff --git a/README-id.md b/README-id.md
index a14547b..e602ee1 100644
--- a/README-id.md
+++ b/README-id.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Català](./README-ca.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [Български](./README-bg.md) | [বাংলা](./README-bn.md) | [Català](./README-ca.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # Checklist Keamanan API
 
diff --git a/README-it.md b/README-it.md
index 913071e..2562ae3 100644
--- a/README-it.md
+++ b/README-it.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Català](./README-ca.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [Български](./README-bg.md) | [বাংলা](./README-bn.md) | [Català](./README-ca.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # Checklist per la sicurezza delle API
 
diff --git a/README-ja.md b/README-ja.md
index 34006ec..a2d91c5 100644
--- a/README-ja.md
+++ b/README-ja.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Català](./README-ca.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [Български](./README-bg.md) | [বাংলা](./README-bn.md) | [Català](./README-ca.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # APIセキュリティチェックリスト
 
diff --git a/README-ko.md b/README-ko.md
index 36863a8..7209ec5 100644
--- a/README-ko.md
+++ b/README-ko.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Català](./README-ca.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [Български](./README-bg.md) | [বাংলা](./README-bn.md) | [Català](./README-ca.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # API 보안 점검표
 
diff --git a/README-lo.md b/README-lo.md
index 4a8d3b5..60d09d7 100644
--- a/README-lo.md
+++ b/README-lo.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Català](./README-ca.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [Български](./README-bg.md) | [বাংলা](./README-bn.md) | [Català](./README-ca.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # API Security Checklist
 
diff --git a/README-mk.md b/README-mk.md
index 487793f..87e6d48 100644
--- a/README-mk.md
+++ b/README-mk.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Català](./README-ca.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [Български](./README-bg.md) | [বাংলা](./README-bn.md) | [Català](./README-ca.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # API Безбедносна контролна листа
 
diff --git a/README-ml.md b/README-ml.md
index b2eccc5..16897c2 100644
--- a/README-ml.md
+++ b/README-ml.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Català](./README-ca.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [Български](./README-bg.md) | [বাংলা](./README-bn.md) | [Català](./README-ca.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # API സുരക്ഷാ ചെക്ക്‌ലിസ്റ്റ്
 
diff --git a/README-mn.md b/README-mn.md
index 3163102..ab9a14c 100644
--- a/README-mn.md
+++ b/README-mn.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Català](./README-ca.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [Български](./README-bg.md) | [বাংলা](./README-bn.md) | [Català](./README-ca.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # API Аюулгүйн жагсаалт
 
diff --git a/README-nl.md b/README-nl.md
index 71a1c43..d1eb266 100644
--- a/README-nl.md
+++ b/README-nl.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Català](./README-ca.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [Български](./README-bg.md) | [বাংলা](./README-bn.md) | [Català](./README-ca.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # API Security Checklist
 
diff --git a/README-pl.md b/README-pl.md
index ad52763..b57487a 100644
--- a/README-pl.md
+++ b/README-pl.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Català](./README-ca.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [Български](./README-bg.md) | [বাংলা](./README-bn.md) | [Català](./README-ca.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # Lista kontrolna bezpieczeństwa API
 
diff --git a/README-pt_BR.md b/README-pt_BR.md
index db24fc6..82f9727 100644
--- a/README-pt_BR.md
+++ b/README-pt_BR.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Català](./README-ca.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [Български](./README-bg.md) | [বাংলা](./README-bn.md) | [Català](./README-ca.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # API Security Checklist
 
diff --git a/README-ru.md b/README-ru.md
index 050c43b..cb56bda 100644
--- a/README-ru.md
+++ b/README-ru.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Català](./README-ca.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [Български](./README-bg.md) | [বাংলা](./README-bn.md) | [Català](./README-ca.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # Контрольный список безопасности API
 
diff --git a/README-th.md b/README-th.md
index 46e320d..a0d9e8c 100644
--- a/README-th.md
+++ b/README-th.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Català](./README-ca.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [Български](./README-bg.md) | [বাংলা](./README-bn.md) | [Català](./README-ca.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # API Security Checklist
 
diff --git a/README-tr.md b/README-tr.md
index b85f4fa..8c0eef9 100644
--- a/README-tr.md
+++ b/README-tr.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Català](./README-ca.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [Български](./README-bg.md) | [বাংলা](./README-bn.md) | [Català](./README-ca.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # API Güvenlik Kontrol Listesi
 
@@ -67,7 +67,7 @@ API'nizi tasarlarken, test ederken ve yayınlarken en önemli güvenlik önlemle
 - [ ] `Content-Security-Policy: default-src 'none'` header'ı gönderin.
 - [ ] Parmak izi header'larını kaldırın - `X-Powered-By`, `Server`, `X-AspNet-Version` v.b.
 - [ ] İsteğe verilen cevapta `content-type` kullanmaya zorlayın, eğer veriyi `application/json` olarak döndürürseniz, `content-type` karşılığı `application/json` olmalı.
-- [ ] `kimlik bilgileri` , `şifreleri` veya `güvenlik token'ları` gibi hassas verileri sonuç içinde göndermeyin.
+- [ ] `kimlik bilgileri`, `şifreleri` veya `güvenlik token'ları` gibi hassas verileri sonuç içinde göndermeyin.
 - [ ] İşlem tamamlandıktan sonra uygun durum kodunu döndürün. (ör. `200 OK`, `400 Bad Request`, `401 Unauthorized`, `405 Method Not Allowed`, v.b.).
 
 ## CI & CD
diff --git a/README-tw.md b/README-tw.md
index 3256eb2..570ed1a 100644
--- a/README-tw.md
+++ b/README-tw.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Català](./README-ca.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [Български](./README-bg.md) | [বাংলা](./README-bn.md) | [Català](./README-ca.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # 開發安全的 API 所需要核對的清單
 
@@ -79,7 +79,7 @@
 - [ ] 檢查您的依賴項（軟件和操作系統）是否存在已知漏洞。
 - [ ] 為部署設計一個回滾方案.
 
-## Monitoring
+## 監控
 
 - [ ] Use centralized logins for all services and components.
 - [ ] Use agents to monitor all traffic, errors, requests, and responses.
diff --git a/README-uk.md b/README-uk.md
index 0e18109..e975332 100644
--- a/README-uk.md
+++ b/README-uk.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Català](./README-ca.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [Български](./README-bg.md) | [বাংলা](./README-bn.md) | [Català](./README-ca.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Tiếng Việt](./README-vi.md)
 
 # Контрольний список безпеки API
 
diff --git a/README-vi.md b/README-vi.md
index c6591df..9a2490b 100644
--- a/README-vi.md
+++ b/README-vi.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Català](./README-ca.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [Български](./README-bg.md) | [বাংলা](./README-bn.md) | [Català](./README-ca.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md)
 
 # Danh sách các giải pháp an toàn cho API
 
diff --git a/README-zh.md b/README-zh.md
index 8497389..cc80bfd 100644
--- a/README-zh.md
+++ b/README-zh.md
@@ -1,4 +1,4 @@
-[English](./README.md) | [繁中版](./README-tw.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Català](./README-ca.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
+[English](./README.md) | [繁中版](./README-tw.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [Български](./README-bg.md) | [বাংলা](./README-bn.md) | [Català](./README-ca.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # 开发安全的 API 所需要核对的清单
 
diff --git a/README.md b/README.md
index a5eaa9c..f2214e8 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,4 @@
-[繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [বাংলা](./README-bn.md) | [Català](./README-ca.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md) | [Български](./README-bg.md)
+[繁中版](./README-tw.md) | [简中版](./README-zh.md) | [العربية](./README-ar.md) | [Azərbaycan](./README-az.md) | [Български](./README-bg.md) | [বাংলা](./README-bn.md) | [Català](./README-ca.md) | [Čeština](./README-cs.md) | [Deutsch](./README-de.md) | [Ελληνικά](./README-el.md) | [Español](./README-es.md) | [فارسی](./README-fa.md) | [Français](./README-fr.md) | [हिंदी](./README-hi.md) | [Indonesia](./README-id.md) | [Italiano](./README-it.md) | [日本語](./README-ja.md) | [한국어](./README-ko.md) | [ພາສາລາວ](./README-lo.md) | [Македонски](./README-mk.md) | [മലയാളം](./README-ml.md) | [Монгол](./README-mn.md) | [Nederlands](./README-nl.md) | [Polski](./README-pl.md) | [Português (Brasil)](./README-pt_BR.md) | [Русский](./README-ru.md) | [ไทย](./README-th.md) | [Türkçe](./README-tr.md) | [Українська](./README-uk.md) | [Tiếng Việt](./README-vi.md)
 
 # API Security Checklist
 

From 793e1034fdfeb603b35f968eb70a602f6f149163 Mon Sep 17 00:00:00 2001
From: Ayushman Chhabra <14110965+ayushmanchhabra@users.noreply.github.com>
Date: Mon, 27 Jan 2025 19:00:02 +0530
Subject: [PATCH 144/149] Validate Host header

---
 README.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/README.md b/README.md
index f2214e8..e26fd0a 100644
--- a/README.md
+++ b/README.md
@@ -42,6 +42,7 @@ Checklist of the most important security countermeasures when designing, testing
 
 - [ ] Use the proper HTTP method according to the operation: `GET (read)`, `POST (create)`, `PUT/PATCH (replace/update)`, and `DELETE (to delete a record)`, and respond with `405 Method Not Allowed` if the requested method isn't appropriate for the requested resource.
 - [ ] Validate `content-type` on request Accept header (Content Negotiation) to allow only your supported format (e.g., `application/xml`, `application/json`, etc.) and respond with `406 Not Acceptable` response if not matched.
+- [ ] Validate `Host` header on request and return a `400 Bad Request` or `421 Misdirected Request` response when invalid, to prevent host header injection.
 - [ ] Validate `content-type` of posted data as you accept (e.g., `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json`, etc.).
 - [ ] Validate user input to avoid common vulnerabilities (e.g., `XSS`, `SQL-Injection`, `Remote Code Execution`, etc.).
 - [ ] Don't use any sensitive data (`credentials`, `Passwords`, `security tokens`, or `API keys`) in the URL, but use standard Authorization header.

From 9627eca7912748f9b3837a07bc836e2c9b31f1b4 Mon Sep 17 00:00:00 2001
From: Ayushman Chhabra <14110965+ayushmanchhabra@users.noreply.github.com>
Date: Wed, 7 May 2025 01:30:30 +0530
Subject: [PATCH 145/149] Move under Access

---
 README.md | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/README.md b/README.md
index e26fd0a..81762fe 100644
--- a/README.md
+++ b/README.md
@@ -24,7 +24,7 @@ Checklist of the most important security countermeasures when designing, testing
 ## Access
 
 - [ ] Limit requests (Throttling) to avoid DDoS / brute-force attacks.
-- [ ] Use HTTPS on server side with TLS 1.2+ and secure ciphers to avoid MITM (Man in the Middle Attack).
+- [ ] Use HTTPS on server side with TLS 1.2+ and secure ciphers to avoid MITM (Man in the Middle Attack) and ensure `Host` header matches the SNI.
 - [ ] Use `HSTS` header with SSL to avoid SSL Strip attacks.
 - [ ] Turn off directory listings.
 - [ ] For private APIs, allow access only from safelisted IPs/hosts.
@@ -42,7 +42,6 @@ Checklist of the most important security countermeasures when designing, testing
 
 - [ ] Use the proper HTTP method according to the operation: `GET (read)`, `POST (create)`, `PUT/PATCH (replace/update)`, and `DELETE (to delete a record)`, and respond with `405 Method Not Allowed` if the requested method isn't appropriate for the requested resource.
 - [ ] Validate `content-type` on request Accept header (Content Negotiation) to allow only your supported format (e.g., `application/xml`, `application/json`, etc.) and respond with `406 Not Acceptable` response if not matched.
-- [ ] Validate `Host` header on request and return a `400 Bad Request` or `421 Misdirected Request` response when invalid, to prevent host header injection.
 - [ ] Validate `content-type` of posted data as you accept (e.g., `application/x-www-form-urlencoded`, `multipart/form-data`, `application/json`, etc.).
 - [ ] Validate user input to avoid common vulnerabilities (e.g., `XSS`, `SQL-Injection`, `Remote Code Execution`, etc.).
 - [ ] Don't use any sensitive data (`credentials`, `Passwords`, `security tokens`, or `API keys`) in the URL, but use standard Authorization header.

From 70d36ce0ebdf323bb6e7605e0744311e61635ba8 Mon Sep 17 00:00:00 2001
From: andrealungh1 <andrea.lunghi.2005@gmail.com>
Date: Tue, 12 Aug 2025 19:32:58 -0400
Subject: [PATCH 146/149] added generic error handling to prevent detail leaks

---
 README.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/README.md b/README.md
index 81762fe..63b4124 100644
--- a/README.md
+++ b/README.md
@@ -67,6 +67,7 @@ Checklist of the most important security countermeasures when designing, testing
 - [ ] Send `Content-Security-Policy: default-src 'none'` header.
 - [ ] Remove fingerprinting headers - `X-Powered-By`, `Server`, `X-AspNet-Version`, etc.
 - [ ] Force `content-type` for your response. If you return `application/json`, then your `content-type` response is `application/json`.
+- [ ] Do not return overly specific error messages to the client that could reveal implementation details, use generic messages instead, and log detailed information only on the server side.
 - [ ] Don't return sensitive data like `credentials`, `passwords`, or `security tokens`.
 - [ ] Return the proper status code according to the operation completed. (e.g., `200 OK`, `400 Bad Request`, `401 Unauthorized`, `405 Method Not Allowed`, etc.).
 

From e89243aab403b4dad5e7c9f45e8a120780281b6d Mon Sep 17 00:00:00 2001
From: bad-antics <bad-antics@proton.me>
Date: Mon, 26 Jan 2026 11:19:30 -0800
Subject: [PATCH 147/149] Add advanced API security best practices

---
 README.md | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/README.md b/README.md
index 63b4124..f8340d7 100644
--- a/README.md
+++ b/README.md
@@ -99,3 +99,29 @@ Checklist of the most important security countermeasures when designing, testing
 # Contribution
 
 Feel free to contribute by forking this repository, making some changes, and submitting pull requests. For any questions drop us an email at `team@shieldfy.io`.
+
+## API Security Best Practices (Advanced)
+
+### Rate Limiting & Abuse Prevention
+- [ ] Implement sliding window rate limiting per API key and IP.
+- [ ] Use exponential backoff for repeated failed authentication attempts.
+- [ ] Implement CAPTCHA or proof-of-work challenges after suspicious activity.
+- [ ] Monitor and alert on unusual API usage patterns (time, volume, endpoints).
+
+### GraphQL-Specific Security
+- [ ] Disable introspection in production environments.
+- [ ] Implement query depth limiting to prevent nested query attacks.
+- [ ] Use query cost analysis to prevent resource exhaustion.
+- [ ] Whitelist allowed queries in production when possible.
+
+### Secrets Management
+- [ ] Rotate API keys and secrets on a regular schedule.
+- [ ] Use hardware security modules (HSM) for signing operations.
+- [ ] Implement secret scanning in CI/CD pipelines.
+- [ ] Never commit secrets to version control - use environment variables or secret managers.
+
+### Zero Trust Architecture
+- [ ] Implement mutual TLS (mTLS) for service-to-service communication.
+- [ ] Validate all requests even from internal services.
+- [ ] Use short-lived tokens with automatic refresh.
+- [ ] Implement request signing for sensitive operations.

From 3ef3ff9c30ae328e7d254ca8a550e9af02a860ae Mon Sep 17 00:00:00 2001
From: bad-antics <bad-antics@proton.me>
Date: Mon, 26 Jan 2026 11:19:52 -0800
Subject: [PATCH 148/149] Add advanced API security best practices

---
 README.md | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/README.md b/README.md
index f8340d7..03b094c 100644
--- a/README.md
+++ b/README.md
@@ -125,3 +125,25 @@ Feel free to contribute by forking this repository, making some changes, and sub
 - [ ] Validate all requests even from internal services.
 - [ ] Use short-lived tokens with automatic refresh.
 - [ ] Implement request signing for sensitive operations.
+
+## API Security Best Practices (Advanced)
+
+### Rate Limiting & Abuse Prevention
+- [ ] Implement sliding window rate limiting per API key and IP.
+- [ ] Use exponential backoff for repeated failed authentication attempts.
+- [ ] Implement CAPTCHA or proof-of-work challenges after suspicious activity.
+
+### GraphQL-Specific Security
+- [ ] Disable introspection in production environments.
+- [ ] Implement query depth limiting to prevent nested query attacks.
+- [ ] Use query cost analysis to prevent resource exhaustion.
+
+### Secrets Management
+- [ ] Rotate API keys and secrets on a regular schedule.
+- [ ] Use hardware security modules (HSM) for signing operations.
+- [ ] Implement secret scanning in CI/CD pipelines.
+
+### Zero Trust Architecture
+- [ ] Implement mutual TLS (mTLS) for service-to-service communication.
+- [ ] Validate all requests even from internal services.
+- [ ] Use short-lived tokens with automatic refresh.

From 882f8e75e753d95c3a8495c322fcee20b1d48eb4 Mon Sep 17 00:00:00 2001
From: bad-antics <160459796+bad-antics@users.noreply.github.com>
Date: Wed, 28 Jan 2026 13:51:13 -0800
Subject: [PATCH 149/149] fix: Remove duplicate API Security Best Practices
 section

Removed duplicate section as requested by maintainer @Maikuolan.
The advanced security tips are now in a single, properly placed section.
---
 README.md | 26 +++-----------------------
 1 file changed, 3 insertions(+), 23 deletions(-)

diff --git a/README.md b/README.md
index 03b094c..c23a6e8 100644
--- a/README.md
+++ b/README.md
@@ -96,10 +96,6 @@ Checklist of the most important security countermeasures when designing, testing
 
 ---
 
-# Contribution
-
-Feel free to contribute by forking this repository, making some changes, and submitting pull requests. For any questions drop us an email at `team@shieldfy.io`.
-
 ## API Security Best Practices (Advanced)
 
 ### Rate Limiting & Abuse Prevention
@@ -126,24 +122,8 @@ Feel free to contribute by forking this repository, making some changes, and sub
 - [ ] Use short-lived tokens with automatic refresh.
 - [ ] Implement request signing for sensitive operations.
 
-## API Security Best Practices (Advanced)
-
-### Rate Limiting & Abuse Prevention
-- [ ] Implement sliding window rate limiting per API key and IP.
-- [ ] Use exponential backoff for repeated failed authentication attempts.
-- [ ] Implement CAPTCHA or proof-of-work challenges after suspicious activity.
-
-### GraphQL-Specific Security
-- [ ] Disable introspection in production environments.
-- [ ] Implement query depth limiting to prevent nested query attacks.
-- [ ] Use query cost analysis to prevent resource exhaustion.
+---
 
-### Secrets Management
-- [ ] Rotate API keys and secrets on a regular schedule.
-- [ ] Use hardware security modules (HSM) for signing operations.
-- [ ] Implement secret scanning in CI/CD pipelines.
+# Contribution
 
-### Zero Trust Architecture
-- [ ] Implement mutual TLS (mTLS) for service-to-service communication.
-- [ ] Validate all requests even from internal services.
-- [ ] Use short-lived tokens with automatic refresh.
+Feel free to contribute by forking this repository, making some changes, and submitting pull requests. For any questions drop us an email at `team@shieldfy.io`.