OWASP Top 10 API Security Risks.
Below are Top 10 OWASP API Security Risks. For pre context, OWASP (The Open WorldWide Application Security Project) is a nonprofit foundation that is aimed at improving the security of Softwares.
Broken Object Level Authorization- APIs tend to expose endpoints that handle object identifiers, creating a wide attack surface of Object Level Access Control issues.
Broken Authentication- Authentication mechanisms are often implemented incorrectly, allowing attackers to compromise the authentication tokens or to exploit implementation flaws to assume other user's identities temporarily or permanently.
Broken Object Property Level Authorization- The lack of or improper authorization validation at the Object property Level.
Unrestricted Resource Consumption- Satisfying the API requests require resources such as Network Bandwidth, CPU, memory, and Storage.
Broken Function Level Authorization- Complex access control policies with different hierarchies, groups, and roles and unclear separation between administrative and regular functions, tend to lead to Authorization flows.
Unrestricted Access to Sensitive Business Flows- APIs vulnerable to this risk expose a business flow- such as posting a comment- without compensating for how the functionality could harm the business if used excessively in an automated manner.
Server side Request Forgery- Can occur when an API fetches a remote resource without validating the user-supplied URI.
Security Misconfiguration- APIs and the Systems supporting them typically contain Complex configurations, meant to make the APIs more customizable.
Improper Inventory Management- APIs expose more endpoints than traditional web applications, making proper and updated documentation important.
Unsafe consumption of APIs- Developers tend to trust data received from third-party APIs more than User input and adopt weaker security Standards.
Thank you and see you in the next one.