Skip to content

dparedes-sec/bio-api-secure

BranchesTags

Repository files navigation

Bio API — Secure Biological Data API

Security Pipeline

REST API for querying genomic sequence data with JWT authentication, role-based access control, and OWASP API Security Top 10 compliance.

Security Features

Control Implementation
Authentication JWT Bearer tokens (HS256, configurable expiry)
Authorization RBAC — Admin / Lab Technician / Researcher
Input Validation Pydantic v2 with DNA sequence whitelist (A/C/G/T/N)
Rate Limiting 100 req/min global · 10 req/min on /auth/token
Audit Logging All CRUD events logged — no PII stored
Security Headers CSP · X-Frame-Options · Referrer-Policy · Permissions-Policy
Container Security Non-root user · minimal base image (python:3.12-slim)

Quick Start

git clone https://github.com/dparedes-sec/bio-api-secure
cd bio-api-secure
cp .env.example .env
# Set SECRET_KEY in .env
docker-compose up --build

API: http://localhost:8000 Docs: http://localhost:8000/docs

OWASP API Security Top 10

See OWASP_API_CHECKLIST.md for full coverage.

Tech Stack

FastAPI PostgreSQL Docker Python

Author

Daniel Paredes — Developer transitioning into AppSec & DevSecOps | Bioinformatics Security

About

No description or website provided.

Topics

python docker jwt bioinformatics rate-limiting rbac devsecops api-security fastapi owasp-api-top10

Resources

Readme

Security policy

Security policy
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 1

v1.0.0 — Initial Release Latest
May 22, 2026

Packages

 
 
 

Contributors

Languages