OWASP Top Ten is a widely recognized list of the ten most pressing security issues in web applications worldwide. The list has first been published in 2003 and is based on data from hundreds of organizations. It describes each vulnerability and possible countermeasures in detail.

Over the years, OWASP has included vulnerabilities for APIs (Application Programming Interfaces), as they have become widely used in software development. Unlike ten years ago, the prevalent paradigm for developing web applications is to integrate APIs in single-page applications (SPA). The SPA is usually concerned with user interaction and client logic, while the APIs encapsulate separate aspects of business logic in a modular way. Often, these APIs are based on RESTful web services. Unfortunately, APIs tend to exhibit the same or similar vulnerabilities as traditional web applications, while being even closer to sensitive data. OWASP has addressed this trend by using the term "an application or API" instead of just "an application" in their vulnerability descriptions. Some vulnerabilities have also been dedicated to API-specific issues, such as "A4 - XML External Entities" in the 2017 edition.

OWASP now takes a further step and releases a separate list of Top Ten vulnerabilities for APIs, emphasizing the increasing importance of API security. Version 1 is scheduled to be available in Q4 2019. We at Airlock share OWASP's sense of urgency when it comes to API security and couldn't wait reading through the draft documents. Our comments on the upcoming OWASP API Security Top Ten list and recommendations on how to address the specific issues with Airlock API Gateway are attached to this blog. Please be aware that the final release of the new Top Ten list may differ from the commented draft version (July 2019). We'll stay tuned and post relevant updates in this blog.


Airlock API Gateway 

Blognews directly to your inbox

The Airlock Newsletter informs you continuously about new blog articles.

Subscribe blognews

Comments 0

More interesting articles

Protect APIs & Reduce Security Risks

Protect APIs & Reduce Security Risks

5 security challenges in an open banking ecosystem

5 security challenges in an open banking ecosystem

Airlock Secure Access Hub - more than the sum of its parts

Airlock Secure Access Hub - more than the sum of its parts

Information for you

-Our whitepapers-

Zero Trust is a journey

The digital transformation of the world continues to progress, and it is profoundly affecting private life and job profiles in a manner that was hard to imagine just a few years ago.

This whitepaper covers the effects of continuous digitization and its implications.

Request free of charge

Toward DevSecOps

In this whitepaper, you will learn the most important insights into how you can successfully and efficiently implement DevSecOps, which security components are required for this, and what benefits a microgateway architecture brings.

Request free of charge

Airlock 2FA - Strong Authentication. Easy.

The two-factor authentication in the area of IT security offers double the security.

Find out more about strong authentication and the possibilities that Airlock offers in our whitepaper.

Request free of charge

Further whitepapers

We provide whitepapers on these and other topics free of charge:

  • successful IAM projects
  • Compliance
  • Data protection (GDPR)
  • Introduction of PSD2
  • PCI DSS requirements
Request free of charge