OWASP API Security Top 10 - A Beginner's Guide to Mitigation

APIs present new vulnerabilities and require specific security measures to protect data

• APIs have changed the way we write applications and moved security controls to the client side, leaving data vulnerable
• APIs create new vulnerabilities and require specific security measures
• Data protection is a critical issue for APIs, and validation of data inputs is necessary
• Parlor is an example of a social network that suffered a data breach due to zero authentication, no rate limiting, and sequential IDs

Parlor suffered a data breach due to several vulnerabilities, including zero authentication, no rate limiting, and sequential IDs. This breach exposed 70 terabytes of data, including sensitive information such as location data of users who posted on the social network. This highlights the need for specific security measures to protect data in APIs.

Abstract:​In recent years, large reputable companies such as Facebook, Google and Equifax have suffered major data breaches that combined exposed the personal information of hundreds of millions of people worldwide. The common vector linking these breaches – APIs. The scale and magnitude of these breaches are the reason API security has been launched into the forefront of enterprise security concerns – now forcing us to rethink the way we approach API security as a whole.OWASP Top 10 project has for a long time been the standard list of top vulnerabilities to look for and mitigate in the world of web applications.APIs represent a significantly different set of threats, attack vectors, and security best practices. This caused the OWASP community to launch OWASP API Security project in 2019.In this session we’ll discuss:· What risks are associated with each of the OWASP Top 10 for API Security· Solutions you can implement to mitigate these risks·       Strategies for implementing API security across the entire lifecycle​​​