API-Security icon indicating copy to clipboard operation
API-Security copied to clipboard

OWASP API Security Project

Results 59 API-Security issues
Sort by recently updated
recently updated
newest added

"Does not properly validate and sanitize data gathered from other APIs prior to processing it or passing it to downstream components;" Performing validation on input from a third party may...

2023RC

on API8 "how to prevent" section rate limiting should be specified, there 2 kinds of rate limiting in practice : - appliance / proxy / load balancer rate limit (network...

enhancement
2023RC

Hi @PauloASilva , I was going through the 0xa8-lack-of-protection-from-automated-threats.md in the How To Prevent section I thought we could add the Geolocation restrictions. For example, if I am providing my...

enhancement
pending community feedback
2023RC

In prevention it states - "If possible, avoid using functions that automatically bind a client's input into code variables, ..." If a schema is used for incoming data then using...

2023RC

> Why is this a separate item? Assuming an API consumes data from an untrusted API, isn't it only an issue if one of the other problems occurs? Put another...

2023RC

> At a minimum, I would love to know why the following categories from the main OWASP T10 don't apply to APIs: > > * Injection > * Cryptographic Failures...

2023RC

Scenario #1 - This category shows a JNDI injection issue. I don't believe a JNDI injection is a good example of a "security misconfiguration" issue. sure, sometimes there might be...

2023RC

I have added new Scenario based on the description of the A7. Please disregard the closed PR initially made to master branch

2023RC

www.socialnetwork.com is a real website, should we have a fictional site instead? owasp.org? example.com?

enhancement
2023RC

We are excited to announce that after months of efforts the Greek translation of this project is now ready. We are happy we are contributing to this project and we...