owasp-api-top10 Archives

OWASP API Security Top 10 – Lack of Resources & Rate Limiting

Leave a Comment / API Threat Protection / By Sekhar Chintaginjala

OWASP API Security Top 10 – Lack of Resources & Rate Limiting Welcome back to the OWASP API Security Top 10 series, this week we go through number 4 in the OWASP API top 10 list: Lack of Resources & Rate Limiting. For other blogs in this series, please refer to the below link: https://www.cloudvector.com/apis-underpinning-modern-technologies-to-popular-data-breaches/ …

OWASP API Security Top 10 – Lack of Resources & Rate Limiting Read More »

OWASP API Security Top 10 – Excessive Data Exposure

Leave a Comment / API Threat Protection / By Sekhar Chintaginjala

OWASP API Security Top 10 – Excessive Data Exposure This week we look at the third item in the list of OWASP API security top 10 Excessive Data Exposure. Descriptions of other OWASP API top 10 can be accessed from the introductory blog available here. APIs retrieve necessary data from back end systems when client …

OWASP API Security Top 10 – Excessive Data Exposure Read More »

API Security Checklist: Cheatsheet

Leave a Comment / API Threat Protection / By Sandeep Yadav

API Security Checklist: Cheatsheet Over the last few weeks we presented a series of blogs [1][2][3] outlining 15 best practices for strengthening API security at the design stage. Here are three cheat sheets that break down the 15 best practices for quick reference: As APIs become the fabric for applications, the cyber security threats exploiting …

API Security Checklist: Cheatsheet Read More »

OWASP API Security Top 10 – Broken Authentication

Leave a Comment / API Threat Protection / By Sekhar Chintaginjala

OWASP API Security Top 10 – Broken Authentication Let us dive into the second item in the OWASP API Top 10 list: Broken Authentication. In this article, we look at a couple of attacks that fall into this category and also review the protection mechanisms. If you missed the first article in this series which …

OWASP API Security Top 10 – Broken Authentication Read More »

API Security Checklist: Part 3

Leave a Comment / API Threat Protection / By Sandeep Yadav

API Security Checklist: Part 3 This is the final blog in the series outlining 15 best practices for strengthening API security with a shift-left approach. If you haven’t had a chance to read the API Security Checklist: Secure API Design (first) and API Security Checklist: Part 2 (second) article in this series, now is a …

API Security Checklist: Part 3 Read More »

APIs – Underpinning Modern Technologies to Popular Data Breaches

Leave a Comment / API Threat Protection / By Sekhar Chintaginjala

APIs – Underpinning Modern Technologies to Popular Data Breaches In today’s world software is an essential piece driving digital transformation and also business value for every enterprise. Microsoft CEO Satya Nadella not long ago said, “every company is a software company, every company is a digital organization”. At the crux of this transformation is the …

APIs – Underpinning Modern Technologies to Popular Data Breaches Read More »

OWASP API Security Top 10 – Broken Object Level Authorization

Leave a Comment / API Threat Protection / By Sekhar Chintaginjala

OWASP API Security Top 10 – Broken Object Level Authorization Broken Object Level Authorization (BOLA) is the top most in the list of OWASP Top 10 API Security threats because of its ease of exploitation combined with its potential for impact as well as the difficulty to defend this threat in an organized way. …

OWASP API Security Top 10 – Broken Object Level Authorization Read More »

API Security Checklist: Part 2

Leave a Comment / API Threat Protection / By Sandeep Yadav

API Security Checklist: Part 2 We continue the journey on understanding the best practices applicable towards secure application development, enforced through an API specification. In the first article in this 3-part series, we learned about five best practices specific to how the security field as well as arrays should be managed in an API request …

API Security Checklist: Part 2 Read More »

How a Trusted Client Hides API Vulnerability?

Leave a Comment / API Threat Protection / By Lebin Cheng

How a Trusted Client Hides API Vulnerability? A Case for Service Side Monitoring/Testing A critical vulnerability in Apple “Sign Me In” feature was reported last week (Reference) that would allow a bad actor to first login through the Apple Client using their own credentials, then abuse the same login session to request a JSON Web …

How a Trusted Client Hides API Vulnerability? Read More »

API Security Checklist: Secure API Design

Leave a Comment / API Threat Protection / By Sandeep Yadav

API Security Checklist: Secure API Design Adopting a Shift-left Approach Securing API Endpoints is critical for securing applications. This requires security products to monitor a diverse and comprehensive set of components supporting the application. Some security products evaluate the behavior of application traffic, some focus on the post-development application code, and others look to embed …

API Security Checklist: Secure API Design Read More »