OWASP API security – 8: Injection
Injection vulnerability is caused by not validating user input, where that input is later used verbatim without any protection mechanisms.
OWASP API security – 7: Security misconfiguration
The security misconfiguration vulnerabilities cover a range of common security mistakes made when exposing services over the internet.
OWASP API security – 6: Mass assignment
The API mass assignment vulnerability that allows an attacker to modify data or elevate privileges by manipulating payload data.
OWASP API security – 5: Broken function level authorization
BFLA can occur when client requests are authorised incorrectly, allowing clients access to levels of resources they shouldn’t have.
OWASP API security – 4: Lack of resources & rate limiting
When APIs face excessive requests, service availability, performance, & security suffer. Explore OWASP rate limiting.
OWASP API security – 3: Excessive data exposure
Protect your API from excessive data exposure by structuring responses so that sensitive data is either not returned or is redacted. Read our guide!
OWASP API security – 2: Broken user authentication
User Authentication is dedicated to identifying, rating and highlighting vulnerabilities associated with the ability to correctly authenticate users.
OWASP API security – 1: Broken object level authorization
In this introductory blog on API security, we’ll be exploring how to avoid broken object level authorization (BOLA) in your APIs.
OWASP API security – Intro
This is the first in a series of blog posts which looks at the OWASP API Security top 10 threats in the context of API Management. Read our guide!
Full lifecycle API management for Kubernetes, courtesy of Tyk Operator
Kubernetes is simple, powerful, and flexible; the platform by which all container orchestration frameworks are measured. See how Tyk can help.