General Archives

OWASP API security – 7: Security misconfiguration

The security misconfiguration vulnerabilities cover a range of common security mistakes made when exposing services over the internet.

The API mass assignment vulnerability that allows an attacker to modify data or elevate privileges by manipulating payload data.

BFLA can occur when client requests are authorised incorrectly, allowing clients access to levels of resources they shouldn’t have.

When APIs face excessive requests, service availability, performance, & security suffer. Explore OWASP rate limiting.

Protect your API from excessive data exposure by structuring responses so that sensitive data is either not returned or is redacted. Read our guide!

User Authentication is dedicated to identifying, rating and highlighting vulnerabilities associated with the ability to correctly authenticate users.

In this introductory blog on API security, we’ll be exploring how to avoid broken object level authorization (BOLA) in your APIs.

This is the first in a series of blog posts which looks at the OWASP API Security top 10 threats in the context of API Management. Read our guide!

Looking at different architectural deployment patterns for API Management and assess the merits of each, along with any potential drawbacks.

We’re celebrating the week by answering the most popular questions we get asked about being a multigenerational organisation.