API Security and OWASP Top 10 security details

In last five years, using of technology made a big shift. One example is arising of API. Using API is now almost everywhere and it took place very fast because of it's flexibility, easy creation as well as implementation using a few clicks. World accepted API. 

However, every good side has a hidden side and the same is true while we go with API implementation. Vulnerability is a nigh risk here. Creating API with proper validation, ensuring business logic properly meet all hidden loophole checks, and configuring API with right policies while implementing is BIG task and it requires right skills and experiences.

Here is an easy diagram why attacker target API first.


For standard web/mobile app development scenario, we are going through a standard process along with required tools and techniques which help us to test app and its implementation thoroughly and make vulnerability safe. However, for API implementation the same in false. We still running with lack of tools and implementation approach to take care of vulnerability attack.



The challenges is mainly in three major areas – security, privacy, and accessibility.


The Open Worldwide ApplicationSecurity Project (OWASP) is an open community dedicated to enabling organizations to develop, purchase, and maintain applications and APIs that can be trusted.

OWASP API Security Project published and maintain a Top 10 API Security Risks. Below the list for 2023.


Here the details of OWASP Top 10 security details - https://owasp.org/API-Security/editions/2023/en/0x11-t10/


Comments

Popular posts from this blog

How to fix Azure DevOps error MSB4126

How to create Custom Visuals in Power BI – Initial few Steps

SharePoint Admin Center