A10 - Underprotected APIs
Built using well-known techniques and being able to leverage existing infrastructures, the popularity of APIs is on a constant rise. Still, being fundamentally different, APIs come with a completely new risk profile.
It is important to recognize that unprotected APIs bring new and unique threats that need to be addressed. Many application developers tend not to treat API development and API security implementation as two separate work items. As a result, the security is often done last and in many cases (due to short deadlines) not done at all, leaving APIs vulnerable to attack.
The OWASP Top 2017 introduces Underprotected APIs as a new Top 10 category, and this Working Session will present an opportunity to challenge or support its addition to the new Top 10.
- Review data behind this new category
- Review current description and text
- What are the pros and cons of this category?
- Is this category important enough to be added to the new Top 10?
This Working Session will decide whether the Underprotected APIs category will be added to the Top 10.
The target audience for this Working Session is:
- Security professionals
- AppSec teams
- Tool vendors
- Application developers
- Application architects
Draft proposal whether or not to add Underprotected APIs category to the Top 10
… Add content …
Related Working Session(s)
Back to list of all Working Sessions and Tracks
Edit this page here