OWASP API security – 8: Injection
Injection vulnerability is caused by not validating user input, where that input is later used verbatim without any protection mechanisms.
OWASP API security – 7: Security misconfiguration
The security misconfiguration vulnerabilities cover a range of common security mistakes made when exposing services over the internet.
OWASP API security – 6: Mass assignment
The API mass assignment vulnerability that allows an attacker to modify data or elevate privileges by manipulating payload data.
OWASP API security – 5: Broken function level authorization
BFLA can occur when client requests are authorised incorrectly, allowing clients access to levels of resources they shouldn’t have.
OWASP API security – 4: Lack of resources & rate limiting
When APIs face excessive requests, service availability, performance, & security suffer. Explore OWASP rate limiting.
OWASP API security – 3: Excessive data exposure
Protect your API from excessive data exposure by structuring responses so that sensitive data is either not returned or is redacted. Read our guide!
OWASP API security – 2: Broken user authentication
User Authentication is dedicated to identifying, rating and highlighting vulnerabilities associated with the ability to correctly authenticate users.
OWASP API security – 1: Broken object level authorization
In this introductory blog on API security, we’ll be exploring how to avoid broken object level authorization (BOLA) in your APIs.
OWASP API security – Intro
This is the first in a series of blog posts which looks at the OWASP API Security top 10 threats in the context of API Management. Read our guide!
OWASP API security – 10: Insufficient logging & monitoring
Insufficient logging & monitoring can be costly and difficult to maintain, but for good security and forensics, it is necessary to have.