API-Security
API-Security copied to clipboard
OWASP API Security Project
"Does not properly validate and sanitize data gathered from other APIs prior to processing it or passing it to downstream components;" Performing validation on input from a third party may...
on API8 "how to prevent" section rate limiting should be specified, there 2 kinds of rate limiting in practice : - appliance / proxy / load balancer rate limit (network...
Hi @PauloASilva , I was going through the 0xa8-lack-of-protection-from-automated-threats.md in the How To Prevent section I thought we could add the Geolocation restrictions. For example, if I am providing my...
In prevention it states - "If possible, avoid using functions that automatically bind a client's input into code variables, ..." If a schema is used for incoming data then using...
> Why is this a separate item? Assuming an API consumes data from an untrusted API, isn't it only an issue if one of the other problems occurs? Put another...
> At a minimum, I would love to know why the following categories from the main OWASP T10 don't apply to APIs: > > * Injection > * Cryptographic Failures...
Scenario #1 - This category shows a JNDI injection issue. I don't believe a JNDI injection is a good example of a "security misconfiguration" issue. sure, sometimes there might be...
I have added new Scenario based on the description of the A7. Please disregard the closed PR initially made to master branch
www.socialnetwork.com is a real website, should we have a fictional site instead? owasp.org? example.com?
We are excited to announce that after months of efforts the Greek translation of this project is now ready. We are happy we are contributing to this project and we...