OWASP Top Ten is a widely recognized list of the ten most pressing security issues in web applications worldwide. The list has first been published in 2003 and is based on data from hundreds of organizations. It describes each vulnerability and possible countermeasures in detail.

Over the years, OWASP has included vulnerabilities for APIs (Application Programming Interfaces), as they have become widely used in software development. Unlike ten years ago, the prevalent paradigm for developing web applications is to integrate APIs in single-page applications (SPA). The SPA is usually concerned with user interaction and client logic, while the APIs encapsulate separate aspects of business logic in a modular way. Often, these APIs are based on RESTful web services. Unfortunately, APIs tend to exhibit the same or similar vulnerabilities as traditional web applications, while being even closer to sensitive data. OWASP has addressed this trend by using the term "an application or API" instead of just "an application" in their vulnerability descriptions. Some vulnerabilities have also been dedicated to API-specific issues, such as "A4 - XML External Entities" in the 2017 edition.

OWASP now takes a further step and releases a separate list of Top Ten vulnerabilities for APIs, emphasizing the increasing importance of API security. Version 1 is scheduled to be available in Q4 2019. We at Airlock share OWASP's sense of urgency when it comes to API security and couldn't wait reading through the draft documents. Our comments on the upcoming OWASP API Security Top Ten list and recommendations on how to address the specific issues with Airlock API Gateway are attached to this blog. Please be aware that the final release of the new Top Ten list may differ from the commented draft version (July 2019). We'll stay tuned and post relevant updates in this blog.

Download

Airlock API Gateway 

Blognews directly to your inbox

The Airlock Newsletter informs you continuously about new blog articles.

Subscribe blognews

Comments 0

More interesting articles

Protect APIs & Reduce Security Risks
API

Protect APIs & Reduce Security Risks

5 security challenges in an open banking ecosystem
Banking

5 security challenges in an open banking ecosystem

Airlock Secure Access Hub - more than the sum of its parts
API

Airlock Secure Access Hub - more than the sum of its parts

Information for you

-Our whitepaper-

IT-security solutions

Digitalisation is presenting businesses with new challenges which go far beyond information technology. This primarily relates to an aspect which is becoming increasingly important: IT security.

Read our whitepaper to find out how IT-Security will become the pioneer of degitalization.

Request free of charge

Accelerate digitisation

To stay technically viable in this digital transformation, you must increasingly switch to hybrid cloud environments. This requires new security approaches as well as coordinated identity and access management.

Find out more in our whitepaper in collaboration with Deloitte, eperi and SHE.

Request free of charge

OWASP Top 10 for API Security

OWASP has created a new Top10 list for API Security. The top 10 listed reflect a broad consensus on what the most important API security issues are at the moment.

In our whitepaper you will learn how our Airlock API addresses the OWASP Top 10.

Request free of charge