API Security and OWASP Top 10 security details

In last five years, using of technology made a big shift. One example is arising of API. Using API is now almost everywhere and it took place very fast because of it's flexibility, easy creation as well as implementation using a few clicks. World accepted API. 

However, every good side has a hidden side and the same is true while we go with API implementation. Vulnerability is a nigh risk here. Creating API with proper validation, ensuring business logic properly meet all hidden loophole checks, and configuring API with right policies while implementing is BIG task and it requires right skills and experiences.

Here is an easy diagram why attacker target API first.


For standard web/mobile app development scenario, we are going through a standard process along with required tools and techniques which help us to test app and its implementation thoroughly and make vulnerability safe. However, for API implementation the same in false. We still running with lack of tools and implementation approach to take care of vulnerability attack.



The challenges is mainly in three major areas – security, privacy, and accessibility.


The Open Worldwide ApplicationSecurity Project (OWASP) is an open community dedicated to enabling organizations to develop, purchase, and maintain applications and APIs that can be trusted.

OWASP API Security Project published and maintain a Top 10 API Security Risks. Below the list for 2023.


Here the details of OWASP Top 10 security details - https://owasp.org/API-Security/editions/2023/en/0x11-t10/


Comments

Post a Comment

Popular posts from this blog

How to fix Azure DevOps error MSB4126

Image
Setting up build and release pipeline always tedious and we face many build related issues. Here is one common error I face couple of times while setting app Web or windows apps in Azure DevOps After placing the code in repos, and creating the build pipeline and run it, you can face the following error ##[error]D:\a\8\s\<your solution file>.sln.metaproj(0,0): Error MSB4126: The specified solution configuration "release|$(BuildPlatform)" is invalid. Please specify a valid solution configuration using the Configuration and Platform properties (e.g. MSBuild.exe Solution.sln /p:Configuration=Debug /p:Platform="Any CPU") or leave those properties blank to use the default solution configuration. To understand what is target platform defined in your project you need to visit or open the solution(.sln) file and review the following sections. In my case, this has been defined as x86 as target platform.                   GlobalSecti
Read more

SharePoint Admin Center

Image
 SharePoint Admin Center allows you to view your organization's SharePoint site including communication sites, channel sites, and sites that belong to Microsoft 365 group. This is same like Site Admin in earlier days of SharePoint versions. You can search organizational site, sort them or filter sites the way you want. Easy way to find and apply/change site settings. Under Policies, click on Sharing - This will allow you to create rules/ set control sharing at the organization level in SharePoint and OneDrive Here, in this page, you can apply settings to restrict how users are allowed to access content in SharePoint and OneDrive. Term store, the word getting populated from SharePoint 2010. You can feed metadata of metadata information of your organization level, program level, project level in Term store. helps your organization's knowledge better.  AI soon will play a vital role here and using AI, you can acyually find collect and process and finally yoour organization's d
Read more

How to create Custom Visuals in Power BI – Initial few Steps

Image
This post will help you to know the steps to create custom visuals in PowerBI. Microsoft defined them as well at https://docs.microsoft.com/en-us/power-bi/service-custom-visuals-getting-started-with-developer-tools . First things first, and you need to download and install NodeJS , in case if you do not have npm setup in your machine.  Second step is to run couple of npm commands to install Power BI Visual Tools and create & publish the cert. Finally, create your own package and upload with the help of npm. 1.       npm install -g powerbi-visuals-tools 2.       pbiviz --create-cert pbiviz --install-cert 3.       pbiviz new My Visual name – This will create the file under the name of your visual file. 4.      pbiviz start – You need to go to the folder where your custom visual  resides, and run this command. You can change a few things in your pbiviz.json file, like author, display name, icon, style etc. Finally, package your
Read more