security-fastapi

Security audit patterns for FastAPI applications covering authentication dependencies, CORS configuration, and middleware security.

Core Risks to Check

Missing Auth on Routes

FastAPI expects authentication/authorization via dependencies on routes or routers. If no Depends()/Security() usage exists, review every route for unintended public access.

from fastapi import Depends, Security