Defence in Depth

Also known as the Swiss Cheese Model - multiple independent security layers protect the system. If one layer is breached, the others catch the attack.

The 4 Layers of Signando REST

Layer 1: Frontend Validation

First line of defense: Incoming HTTP requests are checked at protocol level. Header validation, Content-Type checking, and basic syntax validation. Malicious or malformed requests are stopped here.

Layer 2: Request Validation

Schema-based validation: Every request is validated against the OpenAPI specification. Only explicitly allowed endpoints, parameters, and body structures are accepted. SQL injection, XSS, and other injection attacks are detected and blocked.

Layer 3: Backend Proxy

Controlled forwarding: Only validated requests are forwarded to the backend. The proxy adds security headers and removes potentially dangerous headers. The backend is completely isolated from the internet.

Layer 4: Response Validation

Output control: Even if the backend is compromised, responses are validated before delivery. Unexpected fields are blocked, data exfiltration is prevented, and only schema-compliant responses reach the client.

Implement Defence in Depth

Learn how Signando REST implements multi-layer security in your API infrastructure.

Request Consultation