Redocly · themattwilliams · Aug 22, 2025 · Aug 22, 2025 · Aug 26, 2025 · Aug 26, 2025
diff --git a/learn/security/api-input-validation-injection-prevention.md b/learn/security/api-input-validation-injection-prevention.md
@@ -0,0 +1,24 @@
+---
+title: Input Validation and Injection Prevention
+description: Prevent API injection attacks and mass assignment vulnerabilities using OpenAPI schema validation and automated governance.
+seo:
+  title: Input Validation and Injection Prevention
+  description: Prevent API injection attacks and mass assignment vulnerabilities using OpenAPI schema validation and automated governance.
+---
+
+# Input validation and injection prevention
+
+*This comprehensive guide is coming soon and will cover:*
+
+## What you'll learn
+
+- **SQL Injection Prevention**: Parameterized queries and input sanitization
+- **Mass Assignment Protection**: Schema-based validation and field filtering
+- **OpenAPI Validation**: Schema constraints and automated enforcement
+- **OWASP API Security**: Addressing Top 10 injection vulnerabilities
+- **Real-World Examples**: Code samples in Node.js with security patterns
+- **Automated Governance**: CI/CD validation rules and policy enforcement
+
+---
+
+*This article is currently under review and will be available soon. Return to the [API Security Framework and Fundamentals](.) to explore other security topics.*
diff --git a/learn/security/api-rate-limiting-abuse-prevention.md b/learn/security/api-rate-limiting-abuse-prevention.md
@@ -0,0 +1,24 @@
+---
+title: Rate Limiting and Abuse Prevention
+description: Implement API rate limiting strategies to prevent DoS attacks, brute force attempts, and business logic abuse.
+seo:
+  title: Rate Limiting and Abuse Prevention
+  description: Implement API rate limiting strategies to prevent DoS attacks, brute force attempts, and business logic abuse.
+---
+
+# Rate limiting and abuse prevention for APIs
+
+*This comprehensive guide is coming soon and will cover:*
+
+## What you'll learn
+
+- **Rate Limiting Algorithms**: Token bucket, sliding window, and fixed window approaches
+- **OpenAPI Documentation**: x-rateLimit extensions and client communication
+- **Multi-Tier Protection**: Global, per-endpoint, and per-client rate limiting
+- **Abuse Detection**: Pattern recognition and automated response strategies
+- **Real-World Examples**: Implementation patterns in Node.js and Redis
+- **Monitoring & Observability**: Metrics collection and alerting strategies
+
+---
+
+*This article is currently under review and will be available soon. Return to the [API Security Framework and Fundamentals](.) to explore other security topics.*
diff --git a/learn/security/api-tls-encryption-https-best-practices.md b/learn/security/api-tls-encryption-https-best-practices.md
@@ -0,0 +1,24 @@
+---
+title: TLS Encryption and HTTPS Best Practices for APIs
+description: Protect data in transit with proper TLS configuration, certificate management, and HTTPS enforcement using OpenAPI security contracts.
+seo:
+  title: TLS Encryption and HTTPS Best Practices for APIs
+  description: Protect data in transit with proper TLS configuration, certificate management, and HTTPS enforcement using OpenAPI security contracts.
+---
+
+# TLS encryption and HTTPS best practices for APIs
+
+*This comprehensive guide is coming soon and will cover:*
+
+## What you'll learn
+
+- **TLS 1.3 Configuration**: Modern encryption standards and cipher suite selection
+- **Certificate Management**: Best practices for SSL/TLS certificate lifecycle
+- **OpenAPI Security Contracts**: Enforcing HTTPS-only APIs through specifications
+- **Mutual TLS (mTLS)**: Service-to-service cryptographic authentication
+- **Real-World Examples**: Configuration examples for Nginx and Express.js
+- **Automated Governance**: CI/CD integration for transport security validation
+
+---
+
+*This article is currently under review and will be available soon. Return to the [API Security Framework and Fundamentals](.) to explore other security topics.*