You've probably heard of the OWASP top ten or the top ten vulnerabilities that threaten web applications. OWASP also periodically selects a list of top ten vulnerabilities that threaten APIs, called the OWASP API top ten. The current API top ten are Broken Object Level Authorization, Broken User Authentication, Excessive Data Exposure, Lack of Resources and Rate Limiting, Broken Function Level Authorization, Mass Assignment, Security Misconfiguration, Injection, Improper Assets Management, and Insufficient Logging and Monitoring.
Many of these vulnerabilities affect application components besides APIs as well, but they tend to manifest themselves in APIs. Last time, we talked about a vulnerability that I consistently find in API-centric applications: OWASP API #3, Excessive Data Exposure. Today, let's talk about something that will turn excessive data exposures into data breaches: OWASP API #4, Lack of Resources & Rate Limiting.
Source : https://dzone.com/articles/api-security-101-lack-of-resources-and-rate-limiting
No comments:
Post a Comment