Posts

Showing posts from September, 2023

API Security and OWASP Top 10 security details

Image
In last five years, using of technology made a big shift. One example is arising of API. Using API is now almost everywhere and it took place very fast because of it's flexibility, easy creation as well as implementation using a few clicks. World accepted API.  However, every good side has a hidden side and the same is true while we go with API implementation. Vulnerability is a nigh risk here. Creating API with proper validation, ensuring business logic properly meet all hidden loophole checks, and configuring API with right policies while implementing is BIG task and it requires right skills and experiences. Here is an easy diagram why attacker target API first. For standard web/mobile app development scenario, we are going through a standard process along with required tools and techniques which help us to test app and its implementation thoroughly and make vulnerability safe. However, for API implementation the same in false. We still running with lack of tools and implemen