A10 - Underprotected APIs

Modern applications often involve rich client applications and APIs, such as JavaScript in the browser and mobile apps, that connect to an API of some kind (SOAP/XML, REST/JSON, RPC, GWT, etc.). These APIs are often unprotected and contain numerous vulnerabilities.



The new Owasp Top 2017 introduces this new category; this Working Session presents an opportunity to challenge or support it.


  • Review data behind this new category
  • Review current description and text
  • What are the pros and cons of this category
  • Is this category important enough to be added to the new Top 10?


  • Security Professionals
  • AppSec teams
  • Tool vendors

Back to list of all Working Sessions and Tracks

Edit this page here