API security risk has dramatically evolved in the last two years. Jason Kent, Hacker-in-Residence at Cequence Security, discusses the top API security concerns today and how to address them.
As a long-time OWASP member and application security practitioner, I wanted to share my thoughts on how the newly released OWASP Web App Top 10 might impact or influence the updates to the API Security Top 10, last released back in December 2019.
These lists cover the most common causes for security events. Web App Top 10 was recently updated to reflect the ever-changing application and threat landscape. You can read more about the categories that were added, changed or expanded in scope here.
In its current form, the API Security Top 10 has roughly a 60 percent overlap with the 2017 Web App Top 10. This made sense at the time, given that application programming interface (API) usage was just beginning to explode and there was a definite need for guidance on how best to address the security requirements for APIs.
Since the release of the API Top 10, both API usage and related security concerns have changed. Even so, many parallels can be drawn from