Inon Shkedy

icon company @Traceableai icon location Head of Security Research @ Traceable.ai

Results 6 comments of Inon Shkedy

Authorization issues should be under the same umbrella

We do not consider API#4 (Unrestricted Resource Consumption), API#8 (Lack of Protection From Automated Threats) and API#10 (Unsafe Consumption of APIs) authorization issues. Authorization issues are defined as problems in...

Authorization issues should be under the same umbrella

Before replying to the rest of the comments, I just want to mention that on the new list, "Mass Assignment" is combined with "Excessive Data Exposure". It is not an...

OWASP 2021 categories don’t apply to the new list

While the flagship OWASP Top 10 is relevant for every application, and is very generic, the OWASP **API** Top 10 tries to address issues that are more specific to APIs....

2023RC API8 - Human Detection prevention recommendation - believe not viable

Thanks for the feedback, it is deeply appreciated. The goal of this category is to address bot-related attacks like "scalping", "spamming" and others listed in the OWASP [Automated Threats ](https://owasp.org/www-project-automated-threats-to-web-applications/)....

2023RC API8 - Human Detection prevention recommendation - believe not viable

@Tatsuya-hasegawa thank you for your feedback. Your point makes sense. The idea of rate limiting (under #8), isn't to implement a generic solution. On top of the generic rate limiting...

Business Logic Flaws

Please provide specific examples to what you consider as “business logic flaws”