OWASP - User contributions [en]

Santa Barbara

2015-12-29T17:43:14Z

David Shaw: /* November 19th, 2015 Meeting */

<div style="width:100%;height:140px;border:0,margin:0;overflow: hidden;">[[File:Owasp_santa_barbara.png|link=]]</div>


=OWASP Santa Barbara=
Welcome to the wiki page of the OWASP Chapter in beautiful '''Santa Barbara, California!''' We're excited to have a dedicated core group of application security professionals and enthusiasts, and we'd love to have you attend a meeting -- they're all free, and there's (almost) always pizza!

The first step to becoming involved is to '''join our [http://lists.owasp.org/mailman/listinfo/owasp-santa_barbara mailing list].''' This is a very low-volume list, so you don't need to worry about your inbox getting overloaded. It's important to join because meetings are planned and discussed on the list, and it's an easy way to stay informed. In addition to the mailing list, we're posting each of our meetings on our '''[http://www.meetup.com/Santa-Barbara-OWASP-Chapter/ MeetUp group]'''.

OWASP Santa Barbara meetings will also be listed on this wiki page. Whenever talks are recorded, they'll be posted here; upcoming meetings will always be listed on this page, as well as summaries of previous meetings.

We hope to see you soon!

=Upcoming Events=

== January, 2016 Meeting ==

Details TBD

=Previous Events=

'''November 19th, 2015 Meeting'''

'''When:''' 6pm on Thursday, November 19th, 2015

'''Where:''' AppFolio (new office): 90 Castilian Drive, Goleta, CA 93117

'''Speaker/Discussion:''' Jason Haddix, followed by open discussion

'''Notes:''' Parking is available in the (large) AppFolio parking lot, so no need to worry about that. Meeting is inside the building, upstairs.
----

'''October 2015 Meeting'''

'''When:''' Thursday, October 8, 2015

'''Where:''' Invoca Offices (upstairs) - 1025 Chapala Street Santa Barbara, CA 93101

----
'''April 2013 Meeting'''

'''When:''' Monday, April 22th, from 5:00pm - 7:00pm

'''Where:''' PayJunction , 11903 State St, Santa Barbara, CA

'''Speaker #1:''' [http://www.slideshare.net/jasonhaddix/pentesting-ios-applications Pentesting iOS Applications] by Jason Haddix

'''Speaker #2:''' Demo of the Newest Google XSS by Jimmy Mesta?

'''Our Sponsor:''' PayJunction!

'''Remote Webinar Link:''' Not Recorded

----

Events prior to this wiki layout are neither archived nor noted on this page.

=Presentation Archives=

The following presentations have been given at local chapter meetings:

* April 2013 - [http://www.slideshare.net/jasonhaddix/pentesting-ios-applications Pentesting iOS Applications] by Jason Haddix

* April 2013 - Demo of the Newest Google XSS by Jimmy Mesta?

----

Events prior to this wiki layout are neither archived nor noted on this page.

=SB OWASP Chapter Leaders=

The chapter leaders are [mailto:david.shaw@owasp.org David Shaw] , [mailto:jimmy.mesta@owasp.org Jimmy Mesta], and [mailto:jason.haddix@owasp.org Jason Haddix]

__NOTOC__ <headertabs />

Santa Barbara

2015-12-29T17:42:59Z

David Shaw: /* Previous Events */

<div style="width:100%;height:140px;border:0,margin:0;overflow: hidden;">[[File:Owasp_santa_barbara.png|link=]]</div>


=OWASP Santa Barbara=
Welcome to the wiki page of the OWASP Chapter in beautiful '''Santa Barbara, California!''' We're excited to have a dedicated core group of application security professionals and enthusiasts, and we'd love to have you attend a meeting -- they're all free, and there's (almost) always pizza!

The first step to becoming involved is to '''join our [http://lists.owasp.org/mailman/listinfo/owasp-santa_barbara mailing list].''' This is a very low-volume list, so you don't need to worry about your inbox getting overloaded. It's important to join because meetings are planned and discussed on the list, and it's an easy way to stay informed. In addition to the mailing list, we're posting each of our meetings on our '''[http://www.meetup.com/Santa-Barbara-OWASP-Chapter/ MeetUp group]'''.

OWASP Santa Barbara meetings will also be listed on this wiki page. Whenever talks are recorded, they'll be posted here; upcoming meetings will always be listed on this page, as well as summaries of previous meetings.

We hope to see you soon!

=Upcoming Events=

== January, 2016 Meeting ==

Details TBD

=Previous Events=

== November 19th, 2015 Meeting ==

'''When:''' 6pm on Thursday, November 19th, 2015

'''Where:''' AppFolio (new office): 90 Castilian Drive, Goleta, CA 93117

'''Speaker/Discussion:''' Jason Haddix, followed by open discussion

'''Notes:''' Parking is available in the (large) AppFolio parking lot, so no need to worry about that. Meeting is inside the building, upstairs.
----

'''October 2015 Meeting'''

'''When:''' Thursday, October 8, 2015

'''Where:''' Invoca Offices (upstairs) - 1025 Chapala Street Santa Barbara, CA 93101

----
'''April 2013 Meeting'''

'''When:''' Monday, April 22th, from 5:00pm - 7:00pm

'''Where:''' PayJunction , 11903 State St, Santa Barbara, CA

'''Speaker #1:''' [http://www.slideshare.net/jasonhaddix/pentesting-ios-applications Pentesting iOS Applications] by Jason Haddix

'''Speaker #2:''' Demo of the Newest Google XSS by Jimmy Mesta?

'''Our Sponsor:''' PayJunction!

'''Remote Webinar Link:''' Not Recorded

----

Events prior to this wiki layout are neither archived nor noted on this page.

=Presentation Archives=

The following presentations have been given at local chapter meetings:

* April 2013 - [http://www.slideshare.net/jasonhaddix/pentesting-ios-applications Pentesting iOS Applications] by Jason Haddix

* April 2013 - Demo of the Newest Google XSS by Jimmy Mesta?

----

Events prior to this wiki layout are neither archived nor noted on this page.

=SB OWASP Chapter Leaders=

The chapter leaders are [mailto:david.shaw@owasp.org David Shaw] , [mailto:jimmy.mesta@owasp.org Jimmy Mesta], and [mailto:jason.haddix@owasp.org Jason Haddix]

__NOTOC__ <headertabs />

Santa Barbara

2015-12-29T17:42:42Z

David Shaw: /* Upcoming Events */

<div style="width:100%;height:140px;border:0,margin:0;overflow: hidden;">[[File:Owasp_santa_barbara.png|link=]]</div>


=OWASP Santa Barbara=
Welcome to the wiki page of the OWASP Chapter in beautiful '''Santa Barbara, California!''' We're excited to have a dedicated core group of application security professionals and enthusiasts, and we'd love to have you attend a meeting -- they're all free, and there's (almost) always pizza!

The first step to becoming involved is to '''join our [http://lists.owasp.org/mailman/listinfo/owasp-santa_barbara mailing list].''' This is a very low-volume list, so you don't need to worry about your inbox getting overloaded. It's important to join because meetings are planned and discussed on the list, and it's an easy way to stay informed. In addition to the mailing list, we're posting each of our meetings on our '''[http://www.meetup.com/Santa-Barbara-OWASP-Chapter/ MeetUp group]'''.

OWASP Santa Barbara meetings will also be listed on this wiki page. Whenever talks are recorded, they'll be posted here; upcoming meetings will always be listed on this page, as well as summaries of previous meetings.

We hope to see you soon!

=Upcoming Events=

== January, 2016 Meeting ==

Details TBD

=Previous Events=

'''October 2015 Meeting'''

'''When:''' Thursday, October 8, 2015

'''Where:''' Invoca Offices (upstairs) - 1025 Chapala Street Santa Barbara, CA 93101

----
'''April 2013 Meeting'''

'''When:''' Monday, April 22th, from 5:00pm - 7:00pm

'''Where:''' PayJunction , 11903 State St, Santa Barbara, CA

'''Speaker #1:''' [http://www.slideshare.net/jasonhaddix/pentesting-ios-applications Pentesting iOS Applications] by Jason Haddix

'''Speaker #2:''' Demo of the Newest Google XSS by Jimmy Mesta?

'''Our Sponsor:''' PayJunction!

'''Remote Webinar Link:''' Not Recorded

----

Events prior to this wiki layout are neither archived nor noted on this page.

=Presentation Archives=

The following presentations have been given at local chapter meetings:

* April 2013 - [http://www.slideshare.net/jasonhaddix/pentesting-ios-applications Pentesting iOS Applications] by Jason Haddix

* April 2013 - Demo of the Newest Google XSS by Jimmy Mesta?

----

Events prior to this wiki layout are neither archived nor noted on this page.

=SB OWASP Chapter Leaders=

The chapter leaders are [mailto:david.shaw@owasp.org David Shaw] , [mailto:jimmy.mesta@owasp.org Jimmy Mesta], and [mailto:jason.haddix@owasp.org Jason Haddix]

__NOTOC__ <headertabs />

OWASP API Security Project

2015-12-03T17:58:23Z

David Shaw: /* Road Map and Getting Involved */

OWASP API Security Project

2015-11-18T22:05:17Z

David Shaw: /* Project About */

Santa Barbara

2015-11-17T00:19:34Z

David Shaw:

<div style="width:100%;height:140px;border:0,margin:0;overflow: hidden;">[[File:Owasp_santa_barbara.png|link=]]</div>


=OWASP Santa Barbara=
Welcome to the wiki page of the OWASP Chapter in beautiful '''Santa Barbara, California!''' We're excited to have a dedicated core group of application security professionals and enthusiasts, and we'd love to have you attend a meeting -- they're all free, and there's (almost) always pizza!

The first step to becoming involved is to '''join our [http://lists.owasp.org/mailman/listinfo/owasp-santa_barbara mailing list].''' This is a very low-volume list, so you don't need to worry about your inbox getting overloaded. It's important to join because meetings are planned and discussed on the list, and it's an easy way to stay informed. In addition to the mailing list, we're posting each of our meetings on our '''[http://www.meetup.com/Santa-Barbara-OWASP-Chapter/ MeetUp group]'''.

OWASP Santa Barbara meetings will also be listed on this wiki page. Whenever talks are recorded, they'll be posted here; upcoming meetings will always be listed on this page, as well as summaries of previous meetings.

We hope to see you soon!

=Upcoming Events=

== November 19th, 2015 Meeting ==

'''When:''' 6pm on Thursday, November 19th, 2015

'''Where:''' AppFolio (new office): 90 Castilian Drive, Goleta, CA 93117

'''Speaker/Discussion:''' Jason Haddix, followed by open discussion

'''Notes:''' Parking is available in the (large) AppFolio parking lot, so no need to worry about that. Meeting is inside the building, upstairs.

=Previous Events=

'''October 2015 Meeting'''

'''When:''' Thursday, October 8, 2015

'''Where:''' Invoca Offices (upstairs) - 1025 Chapala Street Santa Barbara, CA 93101

----
'''April 2013 Meeting'''

'''When:''' Monday, April 22th, from 5:00pm - 7:00pm

'''Where:''' PayJunction , 11903 State St, Santa Barbara, CA

'''Speaker #1:''' [http://www.slideshare.net/jasonhaddix/pentesting-ios-applications Pentesting iOS Applications] by Jason Haddix

'''Speaker #2:''' Demo of the Newest Google XSS by Jimmy Mesta?

'''Our Sponsor:''' PayJunction!

'''Remote Webinar Link:''' Not Recorded

----

Events prior to this wiki layout are neither archived nor noted on this page.

=Presentation Archives=

The following presentations have been given at local chapter meetings:

* April 2013 - [http://www.slideshare.net/jasonhaddix/pentesting-ios-applications Pentesting iOS Applications] by Jason Haddix

* April 2013 - Demo of the Newest Google XSS by Jimmy Mesta?

----

Events prior to this wiki layout are neither archived nor noted on this page.

=SB OWASP Chapter Leaders=

The chapter leaders are [mailto:david.shaw@owasp.org David Shaw] , [mailto:jimmy.mesta@owasp.org Jimmy Mesta], and [mailto:jason.haddix@owasp.org Jason Haddix]

__NOTOC__ <headertabs />

OWASP API Security Project

2015-11-09T23:30:28Z

David Shaw: /* Quick Download */

OWASP API Security Project

2015-11-09T23:30:04Z

David Shaw: /* Quick Download */

File:Owasp api security toc.pdf

2015-11-09T23:29:05Z

David Shaw: API Security Project Table of Contents

API Security Project Table of Contents

OWASP API Security Project

2015-10-22T18:54:13Z

David Shaw: /* What is this project? */

Santa Barbara

2015-10-20T23:49:40Z

David Shaw: /* November 2015 Meeting */

<div style="width:100%;height:140px;border:0,margin:0;overflow: hidden;">[[File:Owasp_santa_barbara.png|link=]]</div>


=OWASP Santa Barbara=
Welcome to the wiki page of the OWASP Chapter in beautiful '''Santa Barbara, California!''' We're excited to have a dedicated core group of application security professionals and enthusiasts, and we'd love to have you attend a meeting -- they're all free, and there's (almost) always pizza!

The first step to becoming involved is to '''join our [http://lists.owasp.org/mailman/listinfo/owasp-santa_barbara mailing list].''' This is a very low-volume list, so you don't need to worry about your inbox getting overloaded. It's important to join because meetings are planned and discussed on the list, and it's an easy way to stay informed.

OWASP Santa Barbara meetings will also be listed on this wiki page. Whenever talks are recorded, they'll be posted here; upcoming meetings will always be listed on this page, as well as summaries of previous meetings.

We hope to see you soon!

=Upcoming Events=

== November 19th, 2015 Meeting ==

'''When:''' 6pm on Thursday, November 19th, 2015

'''Where:''' AppFolio (new office): 90 Castilian Drive, Goleta, CA 93117

'''Speaker/Discussion:''' Jason Haddix, followed by open discussion

'''Notes:''' Parking is available in the (large) AppFolio parking lot, so no need to worry about that. Meeting is inside the building, upstairs.

=Previous Events=

'''October 2015 Meeting'''

'''When:''' Thursday, October 8, 2015

'''Where:''' Invoca Offices (upstairs) - 1025 Chapala Street Santa Barbara, CA 93101

----
'''April 2013 Meeting'''

'''When:''' Monday, April 22th, from 5:00pm - 7:00pm

'''Where:''' PayJunction , 11903 State St, Santa Barbara, CA

'''Speaker #1:''' [http://www.slideshare.net/jasonhaddix/pentesting-ios-applications Pentesting iOS Applications] by Jason Haddix

'''Speaker #2:''' Demo of the Newest Google XSS by Jimmy Mesta?

'''Our Sponsor:''' PayJunction!

'''Remote Webinar Link:''' Not Recorded

----

Events prior to this wiki layout are neither archived nor noted on this page.

=Presentation Archives=

The following presentations have been given at local chapter meetings:

* April 2013 - [http://www.slideshare.net/jasonhaddix/pentesting-ios-applications Pentesting iOS Applications] by Jason Haddix

* April 2013 - Demo of the Newest Google XSS by Jimmy Mesta?

----

Events prior to this wiki layout are neither archived nor noted on this page.

=SB OWASP Chapter Leaders=

The chapter leaders are [mailto:david.shaw@owasp.org David Shaw] , [mailto:jimmy.mesta@owasp.org Jimmy Mesta], and [mailto:jason.haddix@owasp.org Jason Haddix]

__NOTOC__ <headertabs />

Santa Barbara

2015-10-20T23:49:10Z

David Shaw: /* November 2015 Meeting */

<div style="width:100%;height:140px;border:0,margin:0;overflow: hidden;">[[File:Owasp_santa_barbara.png|link=]]</div>


=OWASP Santa Barbara=
Welcome to the wiki page of the OWASP Chapter in beautiful '''Santa Barbara, California!''' We're excited to have a dedicated core group of application security professionals and enthusiasts, and we'd love to have you attend a meeting -- they're all free, and there's (almost) always pizza!

The first step to becoming involved is to '''join our [http://lists.owasp.org/mailman/listinfo/owasp-santa_barbara mailing list].''' This is a very low-volume list, so you don't need to worry about your inbox getting overloaded. It's important to join because meetings are planned and discussed on the list, and it's an easy way to stay informed.

OWASP Santa Barbara meetings will also be listed on this wiki page. Whenever talks are recorded, they'll be posted here; upcoming meetings will always be listed on this page, as well as summaries of previous meetings.

We hope to see you soon!

=Upcoming Events=

== November 2015 Meeting ==

'''When:''' 6pm on Thursday, November 19th, 2015

'''Where:''' AppFolio (new office): 90 Castilian Drive, Goleta, CA 93117

'''Speaker/Discussion:''' Jason Haddix, followed by open discussion

'''Cost:''' Always free! Parking is available in the (large) AppFolio parking lot, so no need to worry about that.

=Previous Events=

'''October 2015 Meeting'''

'''When:''' Thursday, October 8, 2015

'''Where:''' Invoca Offices (upstairs) - 1025 Chapala Street Santa Barbara, CA 93101

----
'''April 2013 Meeting'''

'''When:''' Monday, April 22th, from 5:00pm - 7:00pm

'''Where:''' PayJunction , 11903 State St, Santa Barbara, CA

'''Speaker #1:''' [http://www.slideshare.net/jasonhaddix/pentesting-ios-applications Pentesting iOS Applications] by Jason Haddix

'''Speaker #2:''' Demo of the Newest Google XSS by Jimmy Mesta?

'''Our Sponsor:''' PayJunction!

'''Remote Webinar Link:''' Not Recorded

----

Events prior to this wiki layout are neither archived nor noted on this page.

=Presentation Archives=

The following presentations have been given at local chapter meetings:

* April 2013 - [http://www.slideshare.net/jasonhaddix/pentesting-ios-applications Pentesting iOS Applications] by Jason Haddix

* April 2013 - Demo of the Newest Google XSS by Jimmy Mesta?

----

Events prior to this wiki layout are neither archived nor noted on this page.

=SB OWASP Chapter Leaders=

The chapter leaders are [mailto:david.shaw@owasp.org David Shaw] , [mailto:jimmy.mesta@owasp.org Jimmy Mesta], and [mailto:jason.haddix@owasp.org Jason Haddix]

__NOTOC__ <headertabs />

Santa Barbara

2015-10-20T22:59:56Z

David Shaw:

<div style="width:100%;height:140px;border:0,margin:0;overflow: hidden;">[[File:Owasp_santa_barbara.png|link=]]</div>


=OWASP Santa Barbara=
Welcome to the wiki page of the OWASP Chapter in beautiful '''Santa Barbara, California!''' We're excited to have a dedicated core group of application security professionals and enthusiasts, and we'd love to have you attend a meeting -- they're all free, and there's (almost) always pizza!

The first step to becoming involved is to '''join our [http://lists.owasp.org/mailman/listinfo/owasp-santa_barbara mailing list].''' This is a very low-volume list, so you don't need to worry about your inbox getting overloaded. It's important to join because meetings are planned and discussed on the list, and it's an easy way to stay informed.

OWASP Santa Barbara meetings will also be listed on this wiki page. Whenever talks are recorded, they'll be posted here; upcoming meetings will always be listed on this page, as well as summaries of previous meetings.

We hope to see you soon!

=Upcoming Events=

== November 2015 Meeting ==

'''When:''' '''6pm''' on Thursday, '''November 19th''', 2015

'''Where:''' AppFolio (new office): 90 Castilian Drive, Goleta, CA 93117

'''Speaker/Discussion:''' TBA

'''Cost:''' Free!

=Previous Events=

'''October 2015 Meeting'''

'''When:''' Thursday, October 8, 2015

'''Where:''' Invoca Offices (upstairs) - 1025 Chapala Street Santa Barbara, CA 93101

----
'''April 2013 Meeting'''

'''When:''' Monday, April 22th, from 5:00pm - 7:00pm

'''Where:''' PayJunction , 11903 State St, Santa Barbara, CA

'''Speaker #1:''' [http://www.slideshare.net/jasonhaddix/pentesting-ios-applications Pentesting iOS Applications] by Jason Haddix

'''Speaker #2:''' Demo of the Newest Google XSS by Jimmy Mesta?

'''Our Sponsor:''' PayJunction!

'''Remote Webinar Link:''' Not Recorded

----

Events prior to this wiki layout are neither archived nor noted on this page.

=Presentation Archives=

The following presentations have been given at local chapter meetings:

* April 2013 - [http://www.slideshare.net/jasonhaddix/pentesting-ios-applications Pentesting iOS Applications] by Jason Haddix

* April 2013 - Demo of the Newest Google XSS by Jimmy Mesta?

----

Events prior to this wiki layout are neither archived nor noted on this page.

=SB OWASP Chapter Leaders=

The chapter leaders are [mailto:david.shaw@owasp.org David Shaw] , [mailto:jimmy.mesta@owasp.org Jimmy Mesta], and [mailto:jason.haddix@owasp.org Jason Haddix]

__NOTOC__ <headertabs />

Santa Barbara

2015-10-20T22:54:36Z

David Shaw:

<div style="width:100%;height:140px;border:0,margin:0;overflow: hidden;">[[File:Owasp_santa_barbara.png|link=]]</div>
{{Chapter Template|chaptername=Santa_Barbara|extra=The current Chapter Leaders are: [mailto:david.shaw@owasp.org David Shaw] , [mailto:jimmy.mesta@owasp.org Jimmy Mesta], and [mailto:jason.haddix@owasp.org Jason Haddix].

|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-santa_barbara|emailarchives=http://lists.owasp.org/pipermail/owasp-santa_barbara}}
<br><br>

=Upcoming Events=

== November 2015 Meeting ==

'''When:''' '''6pm''' on Thursday, '''November 19th''', 2015

'''Where:''' AppFolio (new office): 90 Castilian Drive, Goleta, CA 93117

'''Speaker/Discussion:''' TBA

'''Cost:''' Free!

=Previous Events=

'''October 2015 Meeting'''

'''When:''' Thursday, October 8, 2015

'''Where:''' Invoca Offices (upstairs) - 1025 Chapala Street Santa Barbara, CA 93101

----
'''April 2013 Meeting'''

'''When:''' Monday, April 22th, from 5:00pm - 7:00pm

'''Where:''' PayJunction , 11903 State St, Santa Barbara, CA

'''Speaker #1:''' [http://www.slideshare.net/jasonhaddix/pentesting-ios-applications Pentesting iOS Applications] by Jason Haddix

'''Speaker #2:''' Demo of the Newest Google XSS by Jimmy Mesta?

'''Our Sponsor:''' PayJunction!

'''Remote Webinar Link:''' Not Recorded

----

Events prior to this wiki layout are neither archived nor noted on this page.

=Presentation Archives=

The following presentations have been given at local chapter meetings:

* April 2013 - [http://www.slideshare.net/jasonhaddix/pentesting-ios-applications Pentesting iOS Applications] by Jason Haddix

* April 2013 - Demo of the Newest Google XSS by Jimmy Mesta?

----

Events prior to this wiki layout are neither archived nor noted on this page.

=SB OWASP Chapter Leaders=

The chapter leaders are [mailto:david.shaw@owasp.org David Shaw] , [mailto:jimmy.mesta@owasp.org Jimmy Mesta], and [mailto:jason.haddix@owasp.org Jason Haddix]

__NOTOC__ <headertabs />

Santa Barbara

2015-10-20T22:53:29Z

David Shaw:

<div style="width:100%;height:140px;border:0,margin:0;overflow: hidden;">[[File:Owasp_santa_barbara.png|link=]]</div>
{{Chapter Template|chaptername=Santa_Barbara|extra=The chapter leaders are [mailto:david.shaw@owasp.org David Shaw] , [mailto:jimmy.mesta@owasp.org Jimmy Mesta], and [mailto:jason.haddix@owasp.org Jason Haddix].

|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-santa_barbara|emailarchives=http://lists.owasp.org/pipermail/owasp-santa_barbara}}
<br><br>

=Upcoming Events=

== November 2015 Meeting ==

'''When:''' '''6pm''' on Thursday, '''November 19th''', 2015

'''Where:''' AppFolio (new office): 90 Castilian Drive, Goleta, CA 93117

'''Speaker/Discussion:''' TBA

'''Cost:''' Free!

=Previous Events=

'''October 2015 Meeting'''

'''When:''' Thursday, October 8, 2015

'''Where:''' Invoca Offices (upstairs) - 1025 Chapala Street Santa Barbara, CA 93101

----
'''April 2013 Meeting'''

'''When:''' Monday, April 22th, from 5:00pm - 7:00pm

'''Where:''' PayJunction , 11903 State St, Santa Barbara, CA

'''Speaker #1:''' [http://www.slideshare.net/jasonhaddix/pentesting-ios-applications Pentesting iOS Applications] by Jason Haddix

'''Speaker #2:''' Demo of the Newest Google XSS by Jimmy Mesta?

'''Our Sponsor:''' PayJunction!

'''Remote Webinar Link:''' Not Recorded

----

Events prior to this wiki layout are neither archived nor noted on this page.

=Presentation Archives=

The following presentations have been given at local chapter meetings:

* April 2013 - [http://www.slideshare.net/jasonhaddix/pentesting-ios-applications Pentesting iOS Applications] by Jason Haddix

* April 2013 - Demo of the Newest Google XSS by Jimmy Mesta?

----

Events prior to this wiki layout are neither archived nor noted on this page.

=SB OWASP Chapter Leaders=

The chapter leaders are [mailto:david.shaw@owasp.org David Shaw] , [mailto:jimmy.mesta@owasp.org Jimmy Mesta], and [mailto:jason.haddix@owasp.org Jason Haddix]

__NOTOC__ <headertabs />

Santa Barbara

2015-10-20T22:51:51Z

David Shaw:

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:Owasp_santa_barbara.png|link=]]</div>

{{Chapter Template|chaptername=Santa_Barbara|extra=The chapter leaders are [mailto:david.shaw@owasp.org David Shaw] , [mailto:jimmy.mesta@owasp.org Jimmy Mesta], and [mailto:jason.haddix@owasp.org Jason Haddix].

|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-santa_barbara|emailarchives=http://lists.owasp.org/pipermail/owasp-santa_barbara}}
<br><br>

=Upcoming Events=

== November 2015 Meeting ==

'''When:''' '''6pm''' on Thursday, '''November 19th''', 2015

'''Where:''' AppFolio (new office): 90 Castilian Drive, Goleta, CA 93117

'''Speaker/Discussion:''' TBA

'''Cost:''' Free!

=Previous Events=

'''October 2015 Meeting'''

'''When:''' Thursday, October 8, 2015

'''Where:''' Invoca Offices (upstairs) - 1025 Chapala Street Santa Barbara, CA 93101

----
'''April 2013 Meeting'''

'''When:''' Monday, April 22th, from 5:00pm - 7:00pm

'''Where:''' PayJunction , 11903 State St, Santa Barbara, CA

'''Speaker #1:''' [http://www.slideshare.net/jasonhaddix/pentesting-ios-applications Pentesting iOS Applications] by Jason Haddix

'''Speaker #2:''' Demo of the Newest Google XSS by Jimmy Mesta?

'''Our Sponsor:''' PayJunction!

'''Remote Webinar Link:''' Not Recorded

----

Events prior to this wiki layout are neither archived nor noted on this page.

=Presentation Archives=

The following presentations have been given at local chapter meetings:

* April 2013 - [http://www.slideshare.net/jasonhaddix/pentesting-ios-applications Pentesting iOS Applications] by Jason Haddix

* April 2013 - Demo of the Newest Google XSS by Jimmy Mesta?

----

Events prior to this wiki layout are neither archived nor noted on this page.

=SB OWASP Chapter Leaders=

The chapter leaders are [mailto:david.shaw@owasp.org David Shaw] , [mailto:jimmy.mesta@owasp.org Jimmy Mesta], and [mailto:jason.haddix@owasp.org Jason Haddix]

__NOTOC__ <headertabs />

File:Owasp santa barbara.png

2015-10-20T22:50:38Z

David Shaw: OWASP Santa Barbara header image

OWASP Santa Barbara header image

OWASP API Security Project

2015-10-20T19:00:25Z

David Shaw: /* FAQs */

Santa Barbara

2015-10-20T18:59:45Z

David Shaw: /* November 2015 Meeting */

{{Chapter Template|chaptername=Santa_Barbara|extra=The chapter leaders are [mailto:david.shaw@owasp.org David Shaw] , [mailto:jimmy.mesta@owasp.org Jimmy Mesta], and [mailto:jason.haddix@owasp.org Jason Haddix].

|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-santa_barbara|emailarchives=http://lists.owasp.org/pipermail/owasp-santa_barbara}}
<br><br>

=Upcoming Events=

== November 2015 Meeting ==

'''When:''' '''6pm''' on Thursday, '''November 19th''', 2015

'''Where:''' AppFolio (new office): 90 Castilian Drive, Goleta, CA 93117

'''Speaker/Discussion:''' TBA

'''Cost:''' Free!

=Previous Events=

'''October 2015 Meeting'''

'''When:''' Thursday, October 8, 2015

'''Where:''' Invoca Offices (upstairs) - 1025 Chapala Street Santa Barbara, CA 93101

----
'''April 2013 Meeting'''

'''When:''' Monday, April 22th, from 5:00pm - 7:00pm

'''Where:''' PayJunction , 11903 State St, Santa Barbara, CA

'''Speaker #1:''' [http://www.slideshare.net/jasonhaddix/pentesting-ios-applications Pentesting iOS Applications] by Jason Haddix

'''Speaker #2:''' Demo of the Newest Google XSS by Jimmy Mesta?

'''Our Sponsor:''' PayJunction!

'''Remote Webinar Link:''' Not Recorded

----

Events prior to this wiki layout are neither archived nor noted on this page.

=Presentation Archives=

The following presentations have been given at local chapter meetings:

* April 2013 - [http://www.slideshare.net/jasonhaddix/pentesting-ios-applications Pentesting iOS Applications] by Jason Haddix

* April 2013 - Demo of the Newest Google XSS by Jimmy Mesta?

----

Events prior to this wiki layout are neither archived nor noted on this page.

=SB OWASP Chapter Leaders=

The chapter leaders are [mailto:david.shaw@owasp.org David Shaw] , [mailto:jimmy.mesta@owasp.org Jimmy Mesta], and [mailto:jason.haddix@owasp.org Jason Haddix]

__NOTOC__ <headertabs />

OWASP API Security Project

2015-10-20T18:58:30Z

David Shaw: /* OWASP API Security Project */

OWASP API Security Project

2015-10-20T18:57:51Z

David Shaw: Undo revision 202380 by David Shaw (talk)

OWASP API Security Project

2015-10-20T18:57:29Z

David Shaw: /* Related Projects */

OWASP API Security Project

2015-10-20T18:31:31Z

David Shaw: /* Quick Download */

OWASP API Security Project

2015-10-20T18:31:07Z

David Shaw: /* What is the this project? */

OWASP API Security Project

2015-10-20T18:31:00Z

David Shaw: /* What is the OWASP API Security Project? */

Santa Barbara

2015-10-20T18:30:15Z

David Shaw: /* November 2015 Meeting */

{{Chapter Template|chaptername=Santa_Barbara|extra=The chapter leaders are [mailto:david.shaw@owasp.org David Shaw] , [mailto:jimmy.mesta@owasp.org Jimmy Mesta], and [mailto:jason.haddix@owasp.org Jason Haddix].

|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-santa_barbara|emailarchives=http://lists.owasp.org/pipermail/owasp-santa_barbara}}
<br><br>

=Upcoming Events=

== November 2015 Meeting ==

'''When:''' '''6pm''' on Thursday, '''November 19th''', 2015

'''Where:''' AppFolio (new office): 90 Castilian Drive, Goleta, CA 93117

'''Speaker #1:''' TBA

'''Speaker #2:'''TBA

'''Cost:''' Free!

=Previous Events=

'''October 2015 Meeting'''

'''When:''' Thursday, October 8, 2015

'''Where:''' Invoca Offices (upstairs) - 1025 Chapala Street Santa Barbara, CA 93101

----
'''April 2013 Meeting'''

'''When:''' Monday, April 22th, from 5:00pm - 7:00pm

'''Where:''' PayJunction , 11903 State St, Santa Barbara, CA

'''Speaker #1:''' [http://www.slideshare.net/jasonhaddix/pentesting-ios-applications Pentesting iOS Applications] by Jason Haddix

'''Speaker #2:''' Demo of the Newest Google XSS by Jimmy Mesta?

'''Our Sponsor:''' PayJunction!

'''Remote Webinar Link:''' Not Recorded

----

Events prior to this wiki layout are neither archived nor noted on this page.

=Presentation Archives=

The following presentations have been given at local chapter meetings:

* April 2013 - [http://www.slideshare.net/jasonhaddix/pentesting-ios-applications Pentesting iOS Applications] by Jason Haddix

* April 2013 - Demo of the Newest Google XSS by Jimmy Mesta?

----

Events prior to this wiki layout are neither archived nor noted on this page.

=SB OWASP Chapter Leaders=

The chapter leaders are [mailto:david.shaw@owasp.org David Shaw] , [mailto:jimmy.mesta@owasp.org Jimmy Mesta], and [mailto:jason.haddix@owasp.org Jason Haddix]

__NOTOC__ <headertabs />

Santa Barbara

2015-10-20T18:29:50Z

David Shaw:

{{Chapter Template|chaptername=Santa_Barbara|extra=The chapter leaders are [mailto:david.shaw@owasp.org David Shaw] , [mailto:jimmy.mesta@owasp.org Jimmy Mesta], and [mailto:jason.haddix@owasp.org Jason Haddix].

|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-santa_barbara|emailarchives=http://lists.owasp.org/pipermail/owasp-santa_barbara}}
<br><br>

=Upcoming Events=

== November 2015 Meeting ==

'''When:''' Thursday, November 19th, 2015

'''Where:''' AppFolio (new office): 90 Castilian Drive, Goleta, CA 93117

'''Speaker #1:''' TBA

'''Speaker #2:'''TBA

'''Cost:''' Free!

=Previous Events=

'''October 2015 Meeting'''

'''When:''' Thursday, October 8, 2015

'''Where:''' Invoca Offices (upstairs) - 1025 Chapala Street Santa Barbara, CA 93101

----
'''April 2013 Meeting'''

'''When:''' Monday, April 22th, from 5:00pm - 7:00pm

'''Where:''' PayJunction , 11903 State St, Santa Barbara, CA

'''Speaker #1:''' [http://www.slideshare.net/jasonhaddix/pentesting-ios-applications Pentesting iOS Applications] by Jason Haddix

'''Speaker #2:''' Demo of the Newest Google XSS by Jimmy Mesta?

'''Our Sponsor:''' PayJunction!

'''Remote Webinar Link:''' Not Recorded

----

Events prior to this wiki layout are neither archived nor noted on this page.

=Presentation Archives=

The following presentations have been given at local chapter meetings:

* April 2013 - [http://www.slideshare.net/jasonhaddix/pentesting-ios-applications Pentesting iOS Applications] by Jason Haddix

* April 2013 - Demo of the Newest Google XSS by Jimmy Mesta?

----

Events prior to this wiki layout are neither archived nor noted on this page.

=SB OWASP Chapter Leaders=

The chapter leaders are [mailto:david.shaw@owasp.org David Shaw] , [mailto:jimmy.mesta@owasp.org Jimmy Mesta], and [mailto:jason.haddix@owasp.org Jason Haddix]

__NOTOC__ <headertabs />

User:David Shaw

2015-10-20T18:29:11Z

David Shaw: /* OWASP */

== OWASP ==
David is an active member of several OWASP endeavors. Notable project involvements include:

* '''Founder/Organizer''' of the [http://appseccalifornia.org OWASP AppSec California conference].

* Chapter Founder (and current Chapter Leader) of '''[https://www.owasp.org/index.php/Santa_Barbara OWASP Santa Barbara]'''.

* [https://www.owasp.org/index.php/OWASP_API_Security_Project OWASP API Security] '''Project Leader'''.

== Bio ==
David has extensive experience in many aspects of information security.

Beginning his career as a Network Security Analyst, David monitored perimeter firewalls and intrusion detection systems in order to identify and neutralize threats in real time. After working in the trenches of perimeter analysis, David joined an External Threat Assessment Team as a Security Researcher, working closely with large financial institutions to mitigate external risk and combat phishing attacks.

In 2009, David joined Redspin and worked as a Senior Security Engineer, Director of Penetration Testing, and Senior Director of Engineering. David then led security assessment and software development teams as Redspin's Chief Technology Officer and VP of Professional Services, specializing in External and Application security assessments.

David's current role is Chief Information Security Officer at AppFolio, where he is managing internal AppSec and SecOps.

David has particular interests in complex threat modeling and unconventional attack vectors, and has been a speaker at ToorCon, LayerOne, DEF CON, NolaCon, THOTCON, BSides Las Vegas, BSides Los Angeles, and BSides Seattle.

== Contact ==

The easiest way to get in contact is to [mailto:david.shaw@owasp.org send an email].

User:David Shaw

2015-10-20T18:27:47Z

David Shaw: /* OWASP */

== OWASP ==
David is an active member of several OWASP endeavors. Notable project involvements include:

* '''Founder/Organizer''' of the OWASP AppSec California conference

* Chapter Founder (and current Chapter Leader) of '''OWASP Santa Barbara'''.

* OWASP API Security '''Project Leader'''.

== Bio ==
David has extensive experience in many aspects of information security.

Beginning his career as a Network Security Analyst, David monitored perimeter firewalls and intrusion detection systems in order to identify and neutralize threats in real time. After working in the trenches of perimeter analysis, David joined an External Threat Assessment Team as a Security Researcher, working closely with large financial institutions to mitigate external risk and combat phishing attacks.

In 2009, David joined Redspin and worked as a Senior Security Engineer, Director of Penetration Testing, and Senior Director of Engineering. David then led security assessment and software development teams as Redspin's Chief Technology Officer and VP of Professional Services, specializing in External and Application security assessments.

David's current role is Chief Information Security Officer at AppFolio, where he is managing internal AppSec and SecOps.

David has particular interests in complex threat modeling and unconventional attack vectors, and has been a speaker at ToorCon, LayerOne, DEF CON, NolaCon, THOTCON, BSides Las Vegas, BSides Los Angeles, and BSides Seattle.

== Contact ==

The easiest way to get in contact is to [mailto:david.shaw@owasp.org send an email].

User:David Shaw

2015-10-20T18:27:14Z

David Shaw: /* OWASP */

== OWASP ==
David is an active member of several OWASP endeavors. Notable project involvements include:

* '''Founding organizer''' of the OWASP AppSec California conference

* Chapter founder (and current chapter leader) of '''OWASP Santa Barbara'''.

* OWASP API Security '''Project lead'''.

== Bio ==
David has extensive experience in many aspects of information security.

Beginning his career as a Network Security Analyst, David monitored perimeter firewalls and intrusion detection systems in order to identify and neutralize threats in real time. After working in the trenches of perimeter analysis, David joined an External Threat Assessment Team as a Security Researcher, working closely with large financial institutions to mitigate external risk and combat phishing attacks.

In 2009, David joined Redspin and worked as a Senior Security Engineer, Director of Penetration Testing, and Senior Director of Engineering. David then led security assessment and software development teams as Redspin's Chief Technology Officer and VP of Professional Services, specializing in External and Application security assessments.

David's current role is Chief Information Security Officer at AppFolio, where he is managing internal AppSec and SecOps.

David has particular interests in complex threat modeling and unconventional attack vectors, and has been a speaker at ToorCon, LayerOne, DEF CON, NolaCon, THOTCON, BSides Las Vegas, BSides Los Angeles, and BSides Seattle.

== Contact ==

The easiest way to get in contact is to [mailto:david.shaw@owasp.org send an email].

OWASP API Security Project

2015-10-20T18:26:21Z

David Shaw: /* In Print */

OWASP API Security Project

2015-10-20T18:25:14Z

David Shaw: /* Openhub */

OWASP API Security Project

2015-10-20T18:24:51Z

David Shaw: Undo revision 202315 by David Shaw (talk)

OWASP API Security Project

2015-10-20T18:22:39Z

David Shaw: /* Road Map and Getting Involved */

OWASP API Security Project

2015-10-20T18:22:06Z

David Shaw: /* Road Map and Getting Involved */

OWASP API Security Project

2015-10-20T18:06:36Z

David Shaw: /* Project About */

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>


{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

==OWASP API Security Project==

This project seeks to address the ever-increasing number of organizations that are deploying potentially sensitive APIs as part of their software offerings. These APIs are used for internal tasks and to interface with third parties. Unfortunately, many APIs do not undergo the rigorous security testing that would render them secure from attack.

The OWASP API Security Project seeks to provide value to software developers and security assessors by underscoring the potential risks in insecure APIs and illustrating how these risks may be mitigated. In order to facilitate this goal, the OWASP API Security Project will create and maintain a '''Top 10 API Security Risks''' document, as well as a '''documentation portal''' for best practices when creating or assessing APIs.

==Description==

While working as developers or information security consultants, many people have encountered APIs as part of a project. While there are some resources to help create and evaluate these projects (such as the OWASP REST Security Cheat Sheet), there has not be a comprehensive security project designed to assist builders, breakers, and defenders in the community.

This project aims to create:

* The OWASP Top Ten API Security Risks document, which can easily underscore the most common risks in the area.
* Create a documentation portal for developers to build APIs in a secure manner.
* Work with the security community to maintain living documents that evolve with security trends.

==Licensing==

'''The OWASP API Security Project documents are free to use!

The OWASP API Security Project is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.


| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== What is the OWASP API Security Project? ==

The OWASP API Security Project seeks to deliver actionable documentation on creating and deploying verifiably secure web APIs, as well as illustrating the major risks and shortfalls that APIs may encounter. By helping developers create resilient software, and helping assessors understand the subtle risks an API may entail, the goal of this project is to bring security to an increasingly programmatic world.

== Presentation ==

The OWASP API Security Project will be presented in 2016.

== Project Leader ==

* [https://www.owasp.org/index.php/User:David_Shaw David Shaw]

== Related Projects ==

* [[REST_Security_Cheat_Sheet]]
* [https://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API Enterprise Security API]

== Quick Download ==

Once API Security documents are created, they will be available for direct download here.

== News and Events ==

There has not yet been press coverage of this project.

== In Print ==

There are no current print materials for this project.

==Classifications==

{| width="200" cellpadding="2"
|-
| align="center" valign="top" width="50%" rowspan="3"| [[File:New projects.png|100px|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]]
|-
| align="center" valign="top" width="50%"| [[File:Owasp-breakers-small.png|link=]]
|-
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]
|-
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
|-
| colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=]]
|}

|}

=FAQs=

==How can I participate in your project?==
This project welcomes contributors of all sorts. The easiest way to get involved is to contact the Project Leader, and indicate that you're willing to help.

==What type of contributors are you seeking?==
We're currently looking for software developers who have experience building out resilient APIs, and security assessors who have assessed APIs. This project is currently in the "research" stage, meaning that the more you can contribute to building out the project, the better!

==Can I still participate if I'm not a developer/assessor?==
Sure -- we just need to figure out the correct role. If you're strong with technical writing, that would be great; if there are other skill sets you think you can bring to the table, please let us know.

= Acknowledgements =

==Contributors==

The OWASP API Security Project is small, but will be maintained by volunteers. If you'd like to volunteer, please contact the Project Leader.

The creator of this project and current Project Leader is [https://www.owasp.org/index.php/User:David_Shaw David Shaw].

= Road Map and Getting Involved =


<span style="color:#ff0000">
A project roadmap is the envisioned plan for the project. The purpose of the roadmap is to help others understand where the project is going. It gives the community a chance to understand the context and the vision for the goal of the project. Additionally, if a project becomes inactive, or if the project is abandoned, a roadmap can help ensure a project can be adopted and continued under new leadership.
</span>

The roadmap for this project is straightforward: we'll begin by conducting research and seeking feedback from developers and security auditors on the problems they most frequently encounter via web-based APIs. We'll create, from this research, the OWASP Top Ten API Risks, a sub-project of the API Security Project. Once this document is created (and maintained), we will also create guidelines in order to demonstrate each of the risks (as well as other, non-top-ten risks) and illustrate how to prevent them.

<span style="color:#ff0000">
Roadmaps vary in detail from a broad outline to a fully detailed project charter. Generally speaking, projects with detailed roadmaps have tended to develop into successful projects. Some details that leaders may consider placing in the roadmap include: envisioned milestones, planned feature enhancements, essential conditions, project assumptions, development timelines, etc. You are required to have at least 4 milestones for every year the project is active.
</span>

As of October 2013, the priorities are:
* Finish the referencing for each principle.
* Update the Project Template.
* Use the OWASP Press to develop a book.
* Finish and publish the book on Lulu.

Involvement in the development and promotion of the OWASP Security Principles Project is actively encouraged!
You do not have to be a security expert in order to contribute.
Some of the ways you can help:
* Helping find references to some of the principles.
* Project administration support.
* Wiki editing support.
* Writing support for the book.

=Project About=


__NOTOC__ <headertabs />

Please refer to the primary wiki page to learn about this project.

[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Breakers]] [[Category:OWASP_Defenders]] [[Category:OWASP_Document]]

OWASP API Security Project

2015-10-20T18:06:13Z

David Shaw: /* Project About */

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>


{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

==OWASP API Security Project==

This project seeks to address the ever-increasing number of organizations that are deploying potentially sensitive APIs as part of their software offerings. These APIs are used for internal tasks and to interface with third parties. Unfortunately, many APIs do not undergo the rigorous security testing that would render them secure from attack.

The OWASP API Security Project seeks to provide value to software developers and security assessors by underscoring the potential risks in insecure APIs and illustrating how these risks may be mitigated. In order to facilitate this goal, the OWASP API Security Project will create and maintain a '''Top 10 API Security Risks''' document, as well as a '''documentation portal''' for best practices when creating or assessing APIs.

==Description==

While working as developers or information security consultants, many people have encountered APIs as part of a project. While there are some resources to help create and evaluate these projects (such as the OWASP REST Security Cheat Sheet), there has not be a comprehensive security project designed to assist builders, breakers, and defenders in the community.

This project aims to create:

* The OWASP Top Ten API Security Risks document, which can easily underscore the most common risks in the area.
* Create a documentation portal for developers to build APIs in a secure manner.
* Work with the security community to maintain living documents that evolve with security trends.

==Licensing==

'''The OWASP API Security Project documents are free to use!

The OWASP API Security Project is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.


| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== What is the OWASP API Security Project? ==

The OWASP API Security Project seeks to deliver actionable documentation on creating and deploying verifiably secure web APIs, as well as illustrating the major risks and shortfalls that APIs may encounter. By helping developers create resilient software, and helping assessors understand the subtle risks an API may entail, the goal of this project is to bring security to an increasingly programmatic world.

== Presentation ==

The OWASP API Security Project will be presented in 2016.

== Project Leader ==

* [https://www.owasp.org/index.php/User:David_Shaw David Shaw]

== Related Projects ==

* [[REST_Security_Cheat_Sheet]]
* [https://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API Enterprise Security API]

== Quick Download ==

Once API Security documents are created, they will be available for direct download here.

== News and Events ==

There has not yet been press coverage of this project.

== In Print ==

There are no current print materials for this project.

==Classifications==

{| width="200" cellpadding="2"
|-
| align="center" valign="top" width="50%" rowspan="3"| [[File:New projects.png|100px|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]]
|-
| align="center" valign="top" width="50%"| [[File:Owasp-breakers-small.png|link=]]
|-
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]
|-
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
|-
| colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=]]
|}

|}

=FAQs=

==How can I participate in your project?==
This project welcomes contributors of all sorts. The easiest way to get involved is to contact the Project Leader, and indicate that you're willing to help.

==What type of contributors are you seeking?==
We're currently looking for software developers who have experience building out resilient APIs, and security assessors who have assessed APIs. This project is currently in the "research" stage, meaning that the more you can contribute to building out the project, the better!

==Can I still participate if I'm not a developer/assessor?==
Sure -- we just need to figure out the correct role. If you're strong with technical writing, that would be great; if there are other skill sets you think you can bring to the table, please let us know.

= Acknowledgements =

==Contributors==

The OWASP API Security Project is small, but will be maintained by volunteers. If you'd like to volunteer, please contact the Project Leader.

The creator of this project and current Project Leader is [https://www.owasp.org/index.php/User:David_Shaw David Shaw].

= Road Map and Getting Involved =


<span style="color:#ff0000">
A project roadmap is the envisioned plan for the project. The purpose of the roadmap is to help others understand where the project is going. It gives the community a chance to understand the context and the vision for the goal of the project. Additionally, if a project becomes inactive, or if the project is abandoned, a roadmap can help ensure a project can be adopted and continued under new leadership.
</span>

The roadmap for this project is straightforward: we'll begin by conducting research and seeking feedback from developers and security auditors on the problems they most frequently encounter via web-based APIs. We'll create, from this research, the OWASP Top Ten API Risks, a sub-project of the API Security Project. Once this document is created (and maintained), we will also create guidelines in order to demonstrate each of the risks (as well as other, non-top-ten risks) and illustrate how to prevent them.

<span style="color:#ff0000">
Roadmaps vary in detail from a broad outline to a fully detailed project charter. Generally speaking, projects with detailed roadmaps have tended to develop into successful projects. Some details that leaders may consider placing in the roadmap include: envisioned milestones, planned feature enhancements, essential conditions, project assumptions, development timelines, etc. You are required to have at least 4 milestones for every year the project is active.
</span>

As of October 2013, the priorities are:
* Finish the referencing for each principle.
* Update the Project Template.
* Use the OWASP Press to develop a book.
* Finish and publish the book on Lulu.

Involvement in the development and promotion of the OWASP Security Principles Project is actively encouraged!
You do not have to be a security expert in order to contribute.
Some of the ways you can help:
* Helping find references to some of the principles.
* Project administration support.
* Wiki editing support.
* Writing support for the book.

=Project About=


__NOTOC__ <headertabs />

[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Breakers]] [[Category:OWASP_Defenders]] [[Category:OWASP_Document]]

OWASP API Security Project

2015-10-20T18:05:36Z

David Shaw: Undo revision 202361 by David Shaw (talk)

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>


{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

==OWASP API Security Project==

This project seeks to address the ever-increasing number of organizations that are deploying potentially sensitive APIs as part of their software offerings. These APIs are used for internal tasks and to interface with third parties. Unfortunately, many APIs do not undergo the rigorous security testing that would render them secure from attack.

The OWASP API Security Project seeks to provide value to software developers and security assessors by underscoring the potential risks in insecure APIs and illustrating how these risks may be mitigated. In order to facilitate this goal, the OWASP API Security Project will create and maintain a '''Top 10 API Security Risks''' document, as well as a '''documentation portal''' for best practices when creating or assessing APIs.

==Description==

While working as developers or information security consultants, many people have encountered APIs as part of a project. While there are some resources to help create and evaluate these projects (such as the OWASP REST Security Cheat Sheet), there has not be a comprehensive security project designed to assist builders, breakers, and defenders in the community.

This project aims to create:

* The OWASP Top Ten API Security Risks document, which can easily underscore the most common risks in the area.
* Create a documentation portal for developers to build APIs in a secure manner.
* Work with the security community to maintain living documents that evolve with security trends.

==Licensing==

'''The OWASP API Security Project documents are free to use!

The OWASP API Security Project is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.


| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== What is the OWASP API Security Project? ==

The OWASP API Security Project seeks to deliver actionable documentation on creating and deploying verifiably secure web APIs, as well as illustrating the major risks and shortfalls that APIs may encounter. By helping developers create resilient software, and helping assessors understand the subtle risks an API may entail, the goal of this project is to bring security to an increasingly programmatic world.

== Presentation ==

The OWASP API Security Project will be presented in 2016.

== Project Leader ==

* [https://www.owasp.org/index.php/User:David_Shaw David Shaw]

== Related Projects ==

* [[REST_Security_Cheat_Sheet]]
* [https://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API Enterprise Security API]

== Quick Download ==

Once API Security documents are created, they will be available for direct download here.

== News and Events ==

There has not yet been press coverage of this project.

== In Print ==

There are no current print materials for this project.

==Classifications==

{| width="200" cellpadding="2"
|-
| align="center" valign="top" width="50%" rowspan="3"| [[File:New projects.png|100px|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]]
|-
| align="center" valign="top" width="50%"| [[File:Owasp-breakers-small.png|link=]]
|-
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]
|-
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
|-
| colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=]]
|}

|}

=FAQs=

==How can I participate in your project?==
This project welcomes contributors of all sorts. The easiest way to get involved is to contact the Project Leader, and indicate that you're willing to help.

==What type of contributors are you seeking?==
We're currently looking for software developers who have experience building out resilient APIs, and security assessors who have assessed APIs. This project is currently in the "research" stage, meaning that the more you can contribute to building out the project, the better!

==Can I still participate if I'm not a developer/assessor?==
Sure -- we just need to figure out the correct role. If you're strong with technical writing, that would be great; if there are other skill sets you think you can bring to the table, please let us know.

= Acknowledgements =

==Contributors==

The OWASP API Security Project is small, but will be maintained by volunteers. If you'd like to volunteer, please contact the Project Leader.

The creator of this project and current Project Leader is [https://www.owasp.org/index.php/User:David_Shaw David Shaw].

= Road Map and Getting Involved =


<span style="color:#ff0000">
A project roadmap is the envisioned plan for the project. The purpose of the roadmap is to help others understand where the project is going. It gives the community a chance to understand the context and the vision for the goal of the project. Additionally, if a project becomes inactive, or if the project is abandoned, a roadmap can help ensure a project can be adopted and continued under new leadership.
</span>

The roadmap for this project is straightforward: we'll begin by conducting research and seeking feedback from developers and security auditors on the problems they most frequently encounter via web-based APIs. We'll create, from this research, the OWASP Top Ten API Risks, a sub-project of the API Security Project. Once this document is created (and maintained), we will also create guidelines in order to demonstrate each of the risks (as well as other, non-top-ten risks) and illustrate how to prevent them.

<span style="color:#ff0000">
Roadmaps vary in detail from a broad outline to a fully detailed project charter. Generally speaking, projects with detailed roadmaps have tended to develop into successful projects. Some details that leaders may consider placing in the roadmap include: envisioned milestones, planned feature enhancements, essential conditions, project assumptions, development timelines, etc. You are required to have at least 4 milestones for every year the project is active.
</span>

As of October 2013, the priorities are:
* Finish the referencing for each principle.
* Update the Project Template.
* Use the OWASP Press to develop a book.
* Finish and publish the book on Lulu.

Involvement in the development and promotion of the OWASP Security Principles Project is actively encouraged!
You do not have to be a security expert in order to contribute.
Some of the ways you can help:
* Helping find references to some of the principles.
* Project administration support.
* Wiki editing support.
* Writing support for the book.

=Project About=


<span style="color:#ff0000">
This page is where you need to place your legacy project template page if your project was created before October 2013. To edit this page you will need to edit your project information template. You can typically find this page by following this address and substituting your project name where it says "OWASP_Example_Project". When in doubt, ask the OWASP Projects Manager.
Example template page: https://www.owasp.org/index.php/Projects/OWASP_Example_Project
</span>

{{:Projects/OWASP_Example_Project_About_Page}}


__NOTOC__ <headertabs />

[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Breakers]] [[Category:OWASP_Defenders]] [[Category:OWASP_Document]]

OWASP API Security Project

2015-10-20T18:04:32Z

David Shaw: /* Project About */

OWASP API Security Project

2015-10-20T18:02:07Z

David Shaw: /* Contributors */

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>


{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

==OWASP API Security Project==

This project seeks to address the ever-increasing number of organizations that are deploying potentially sensitive APIs as part of their software offerings. These APIs are used for internal tasks and to interface with third parties. Unfortunately, many APIs do not undergo the rigorous security testing that would render them secure from attack.

The OWASP API Security Project seeks to provide value to software developers and security assessors by underscoring the potential risks in insecure APIs and illustrating how these risks may be mitigated. In order to facilitate this goal, the OWASP API Security Project will create and maintain a '''Top 10 API Security Risks''' document, as well as a '''documentation portal''' for best practices when creating or assessing APIs.

==Description==

While working as developers or information security consultants, many people have encountered APIs as part of a project. While there are some resources to help create and evaluate these projects (such as the OWASP REST Security Cheat Sheet), there has not be a comprehensive security project designed to assist builders, breakers, and defenders in the community.

This project aims to create:

* The OWASP Top Ten API Security Risks document, which can easily underscore the most common risks in the area.
* Create a documentation portal for developers to build APIs in a secure manner.
* Work with the security community to maintain living documents that evolve with security trends.

==Licensing==

'''The OWASP API Security Project documents are free to use!

The OWASP API Security Project is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.


| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== What is the OWASP API Security Project? ==

The OWASP API Security Project seeks to deliver actionable documentation on creating and deploying verifiably secure web APIs, as well as illustrating the major risks and shortfalls that APIs may encounter. By helping developers create resilient software, and helping assessors understand the subtle risks an API may entail, the goal of this project is to bring security to an increasingly programmatic world.

== Presentation ==

The OWASP API Security Project will be presented in 2016.

== Project Leader ==

* [https://www.owasp.org/index.php/User:David_Shaw David Shaw]

== Related Projects ==

* [[REST_Security_Cheat_Sheet]]
* [https://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API Enterprise Security API]

== Quick Download ==

Once API Security documents are created, they will be available for direct download here.

== News and Events ==

There has not yet been press coverage of this project.

== In Print ==

There are no current print materials for this project.

==Classifications==

{| width="200" cellpadding="2"
|-
| align="center" valign="top" width="50%" rowspan="3"| [[File:New projects.png|100px|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]]
|-
| align="center" valign="top" width="50%"| [[File:Owasp-breakers-small.png|link=]]
|-
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]
|-
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
|-
| colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=]]
|}

|}

=FAQs=

==How can I participate in your project?==
This project welcomes contributors of all sorts. The easiest way to get involved is to contact the Project Leader, and indicate that you're willing to help.

==What type of contributors are you seeking?==
We're currently looking for software developers who have experience building out resilient APIs, and security assessors who have assessed APIs. This project is currently in the "research" stage, meaning that the more you can contribute to building out the project, the better!

==Can I still participate if I'm not a developer/assessor?==
Sure -- we just need to figure out the correct role. If you're strong with technical writing, that would be great; if there are other skill sets you think you can bring to the table, please let us know.

= Acknowledgements =

==Contributors==

The OWASP API Security Project is small, but will be maintained by volunteers. If you'd like to volunteer, please contact the Project Leader.

The creator of this project and current Project Leader is [https://www.owasp.org/index.php/User:David_Shaw David Shaw].

= Road Map and Getting Involved =


<span style="color:#ff0000">
A project roadmap is the envisioned plan for the project. The purpose of the roadmap is to help others understand where the project is going. It gives the community a chance to understand the context and the vision for the goal of the project. Additionally, if a project becomes inactive, or if the project is abandoned, a roadmap can help ensure a project can be adopted and continued under new leadership.
</span>

The roadmap for this project is straightforward: we'll begin by conducting research and seeking feedback from developers and security auditors on the problems they most frequently encounter via web-based APIs. We'll create, from this research, the OWASP Top Ten API Risks, a sub-project of the API Security Project. Once this document is created (and maintained), we will also create guidelines in order to demonstrate each of the risks (as well as other, non-top-ten risks) and illustrate how to prevent them.

<span style="color:#ff0000">
Roadmaps vary in detail from a broad outline to a fully detailed project charter. Generally speaking, projects with detailed roadmaps have tended to develop into successful projects. Some details that leaders may consider placing in the roadmap include: envisioned milestones, planned feature enhancements, essential conditions, project assumptions, development timelines, etc. You are required to have at least 4 milestones for every year the project is active.
</span>

As of October 2013, the priorities are:
* Finish the referencing for each principle.
* Update the Project Template.
* Use the OWASP Press to develop a book.
* Finish and publish the book on Lulu.

Involvement in the development and promotion of the OWASP Security Principles Project is actively encouraged!
You do not have to be a security expert in order to contribute.
Some of the ways you can help:
* Helping find references to some of the principles.
* Project administration support.
* Wiki editing support.
* Writing support for the book.

=Project About=


<span style="color:#ff0000">
This page is where you need to place your legacy project template page if your project was created before October 2013. To edit this page you will need to edit your project information template. You can typically find this page by following this address and substituting your project name where it says "OWASP_Example_Project". When in doubt, ask the OWASP Projects Manager.
Example template page: https://www.owasp.org/index.php/Projects/OWASP_Example_Project
</span>

{{:Projects/OWASP_Example_Project_About_Page}}


__NOTOC__ <headertabs />

[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Breakers]] [[Category:OWASP_Defenders]] [[Category:OWASP_Document]]

OWASP API Security Project

2015-10-20T17:58:20Z

David Shaw: /* FAQs */

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>


{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

==OWASP API Security Project==

This project seeks to address the ever-increasing number of organizations that are deploying potentially sensitive APIs as part of their software offerings. These APIs are used for internal tasks and to interface with third parties. Unfortunately, many APIs do not undergo the rigorous security testing that would render them secure from attack.

The OWASP API Security Project seeks to provide value to software developers and security assessors by underscoring the potential risks in insecure APIs and illustrating how these risks may be mitigated. In order to facilitate this goal, the OWASP API Security Project will create and maintain a '''Top 10 API Security Risks''' document, as well as a '''documentation portal''' for best practices when creating or assessing APIs.

==Description==

While working as developers or information security consultants, many people have encountered APIs as part of a project. While there are some resources to help create and evaluate these projects (such as the OWASP REST Security Cheat Sheet), there has not be a comprehensive security project designed to assist builders, breakers, and defenders in the community.

This project aims to create:

* The OWASP Top Ten API Security Risks document, which can easily underscore the most common risks in the area.
* Create a documentation portal for developers to build APIs in a secure manner.
* Work with the security community to maintain living documents that evolve with security trends.

==Licensing==

'''The OWASP API Security Project documents are free to use!

The OWASP API Security Project is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.


| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== What is the OWASP API Security Project? ==

The OWASP API Security Project seeks to deliver actionable documentation on creating and deploying verifiably secure web APIs, as well as illustrating the major risks and shortfalls that APIs may encounter. By helping developers create resilient software, and helping assessors understand the subtle risks an API may entail, the goal of this project is to bring security to an increasingly programmatic world.

== Presentation ==

The OWASP API Security Project will be presented in 2016.

== Project Leader ==

* [https://www.owasp.org/index.php/User:David_Shaw David Shaw]

== Related Projects ==

* [[REST_Security_Cheat_Sheet]]
* [https://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API Enterprise Security API]

== Quick Download ==

Once API Security documents are created, they will be available for direct download here.

== News and Events ==

There has not yet been press coverage of this project.

== In Print ==

There are no current print materials for this project.

==Classifications==

{| width="200" cellpadding="2"
|-
| align="center" valign="top" width="50%" rowspan="3"| [[File:New projects.png|100px|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]]
|-
| align="center" valign="top" width="50%"| [[File:Owasp-breakers-small.png|link=]]
|-
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]
|-
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
|-
| colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=]]
|}

|}

=FAQs=

==How can I participate in your project?==
This project welcomes contributors of all sorts. The easiest way to get involved is to contact the Project Leader, and indicate that you're willing to help.

==What type of contributors are you seeking?==
We're currently looking for software developers who have experience building out resilient APIs, and security assessors who have assessed APIs. This project is currently in the "research" stage, meaning that the more you can contribute to building out the project, the better!

==Can I still participate if I'm not a developer/assessor?==
Sure -- we just need to figure out the correct role. If you're strong with technical writing, that would be great; if there are other skill sets you think you can bring to the table, please let us know.

= Acknowledgements =

==Contributors==


<span style="color:#ff0000">
The success of OWASP is due to a community of enthusiasts and contributors that work to make our projects great. This is also true for the success of your project.
Be sure to give credit where credit is due, no matter how small! This should be a brief list of the most amazing people involved in your project.
Be sure to provide a link to a complete list of all the amazing people in your project's community as well.
</span>

The OWASP Security Principles project is developed by a worldwide team of volunteers. A live update of project [https://github.com/OWASP/Security-Principles/graphs/contributors contributors is found here].

The first contributors to the project were:

* [https://www.owasp.org/index.php/User:Dennis_Groves Dennis Groves]
* [https://github.com/sublimino Andrew Martin]
* [https://github.com/Lambdanaut Josh Thomas]
* '''YOUR NAME BELONGS HERE'''

= Road Map and Getting Involved =


<span style="color:#ff0000">
A project roadmap is the envisioned plan for the project. The purpose of the roadmap is to help others understand where the project is going. It gives the community a chance to understand the context and the vision for the goal of the project. Additionally, if a project becomes inactive, or if the project is abandoned, a roadmap can help ensure a project can be adopted and continued under new leadership.
</span>

The roadmap for this project is straightforward: we'll begin by conducting research and seeking feedback from developers and security auditors on the problems they most frequently encounter via web-based APIs. We'll create, from this research, the OWASP Top Ten API Risks, a sub-project of the API Security Project. Once this document is created (and maintained), we will also create guidelines in order to demonstrate each of the risks (as well as other, non-top-ten risks) and illustrate how to prevent them.

<span style="color:#ff0000">
Roadmaps vary in detail from a broad outline to a fully detailed project charter. Generally speaking, projects with detailed roadmaps have tended to develop into successful projects. Some details that leaders may consider placing in the roadmap include: envisioned milestones, planned feature enhancements, essential conditions, project assumptions, development timelines, etc. You are required to have at least 4 milestones for every year the project is active.
</span>

As of October 2013, the priorities are:
* Finish the referencing for each principle.
* Update the Project Template.
* Use the OWASP Press to develop a book.
* Finish and publish the book on Lulu.

Involvement in the development and promotion of the OWASP Security Principles Project is actively encouraged!
You do not have to be a security expert in order to contribute.
Some of the ways you can help:
* Helping find references to some of the principles.
* Project administration support.
* Wiki editing support.
* Writing support for the book.

=Project About=


<span style="color:#ff0000">
This page is where you need to place your legacy project template page if your project was created before October 2013. To edit this page you will need to edit your project information template. You can typically find this page by following this address and substituting your project name where it says "OWASP_Example_Project". When in doubt, ask the OWASP Projects Manager.
Example template page: https://www.owasp.org/index.php/Projects/OWASP_Example_Project
</span>

{{:Projects/OWASP_Example_Project_About_Page}}


__NOTOC__ <headertabs />

[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Breakers]] [[Category:OWASP_Defenders]] [[Category:OWASP_Document]]

OWASP API Security Project

2015-10-20T17:53:30Z

David Shaw: /* Description */

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>


{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

==OWASP API Security Project==

This project seeks to address the ever-increasing number of organizations that are deploying potentially sensitive APIs as part of their software offerings. These APIs are used for internal tasks and to interface with third parties. Unfortunately, many APIs do not undergo the rigorous security testing that would render them secure from attack.

The OWASP API Security Project seeks to provide value to software developers and security assessors by underscoring the potential risks in insecure APIs and illustrating how these risks may be mitigated. In order to facilitate this goal, the OWASP API Security Project will create and maintain a '''Top 10 API Security Risks''' document, as well as a '''documentation portal''' for best practices when creating or assessing APIs.

==Description==

While working as developers or information security consultants, many people have encountered APIs as part of a project. While there are some resources to help create and evaluate these projects (such as the OWASP REST Security Cheat Sheet), there has not be a comprehensive security project designed to assist builders, breakers, and defenders in the community.

This project aims to create:

* The OWASP Top Ten API Security Risks document, which can easily underscore the most common risks in the area.
* Create a documentation portal for developers to build APIs in a secure manner.
* Work with the security community to maintain living documents that evolve with security trends.

==Licensing==

'''The OWASP API Security Project documents are free to use!

The OWASP API Security Project is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.


| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== What is the OWASP API Security Project? ==

The OWASP API Security Project seeks to deliver actionable documentation on creating and deploying verifiably secure web APIs, as well as illustrating the major risks and shortfalls that APIs may encounter. By helping developers create resilient software, and helping assessors understand the subtle risks an API may entail, the goal of this project is to bring security to an increasingly programmatic world.

== Presentation ==

The OWASP API Security Project will be presented in 2016.

== Project Leader ==

* [https://www.owasp.org/index.php/User:David_Shaw David Shaw]

== Related Projects ==

* [[REST_Security_Cheat_Sheet]]
* [https://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API Enterprise Security API]

== Quick Download ==

Once API Security documents are created, they will be available for direct download here.

== News and Events ==

There has not yet been press coverage of this project.

== In Print ==

There are no current print materials for this project.

==Classifications==

{| width="200" cellpadding="2"
|-
| align="center" valign="top" width="50%" rowspan="3"| [[File:New projects.png|100px|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]]
|-
| align="center" valign="top" width="50%"| [[File:Owasp-breakers-small.png|link=]]
|-
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]
|-
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
|-
| colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=]]
|}

|}

=FAQs=


<span style="color:#ff0000">
Many projects have "Frequently Asked Questions" documents or pages. However, the point of such a document is not the questions. ''The point of a document like this are the '''answers'''''. The document contains the answers that people would otherwise find themselves giving over and over again. The idea is that rather than laboriously compose and post the same answers repeatedly, people can refer to this page with pre-prepared answers. Use this space to communicate your projects 'Frequent Answers.'
</span>

==How can I participate in your project?==
All you have to do is make the Project Leader's aware of your available time to contribute to the project. It is also important to let the Leader's know how you would like to contribute and pitch in to help the project meet it's goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key.

==If I am not a programmer can I participate in your project?==
Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for researchers, writers, graphic designers, and a project administrator.

= Acknowledgements =

==Contributors==


<span style="color:#ff0000">
The success of OWASP is due to a community of enthusiasts and contributors that work to make our projects great. This is also true for the success of your project.
Be sure to give credit where credit is due, no matter how small! This should be a brief list of the most amazing people involved in your project.
Be sure to provide a link to a complete list of all the amazing people in your project's community as well.
</span>

The OWASP Security Principles project is developed by a worldwide team of volunteers. A live update of project [https://github.com/OWASP/Security-Principles/graphs/contributors contributors is found here].

The first contributors to the project were:

* [https://www.owasp.org/index.php/User:Dennis_Groves Dennis Groves]
* [https://github.com/sublimino Andrew Martin]
* [https://github.com/Lambdanaut Josh Thomas]
* '''YOUR NAME BELONGS HERE'''

= Road Map and Getting Involved =


<span style="color:#ff0000">
A project roadmap is the envisioned plan for the project. The purpose of the roadmap is to help others understand where the project is going. It gives the community a chance to understand the context and the vision for the goal of the project. Additionally, if a project becomes inactive, or if the project is abandoned, a roadmap can help ensure a project can be adopted and continued under new leadership.
</span>

The roadmap for this project is straightforward: we'll begin by conducting research and seeking feedback from developers and security auditors on the problems they most frequently encounter via web-based APIs. We'll create, from this research, the OWASP Top Ten API Risks, a sub-project of the API Security Project. Once this document is created (and maintained), we will also create guidelines in order to demonstrate each of the risks (as well as other, non-top-ten risks) and illustrate how to prevent them.

<span style="color:#ff0000">
Roadmaps vary in detail from a broad outline to a fully detailed project charter. Generally speaking, projects with detailed roadmaps have tended to develop into successful projects. Some details that leaders may consider placing in the roadmap include: envisioned milestones, planned feature enhancements, essential conditions, project assumptions, development timelines, etc. You are required to have at least 4 milestones for every year the project is active.
</span>

As of October 2013, the priorities are:
* Finish the referencing for each principle.
* Update the Project Template.
* Use the OWASP Press to develop a book.
* Finish and publish the book on Lulu.

Involvement in the development and promotion of the OWASP Security Principles Project is actively encouraged!
You do not have to be a security expert in order to contribute.
Some of the ways you can help:
* Helping find references to some of the principles.
* Project administration support.
* Wiki editing support.
* Writing support for the book.

=Project About=


<span style="color:#ff0000">
This page is where you need to place your legacy project template page if your project was created before October 2013. To edit this page you will need to edit your project information template. You can typically find this page by following this address and substituting your project name where it says "OWASP_Example_Project". When in doubt, ask the OWASP Projects Manager.
Example template page: https://www.owasp.org/index.php/Projects/OWASP_Example_Project
</span>

{{:Projects/OWASP_Example_Project_About_Page}}


__NOTOC__ <headertabs />

[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Breakers]] [[Category:OWASP_Defenders]] [[Category:OWASP_Document]]

OWASP API Security Project

2015-10-20T17:53:14Z

David Shaw: /* Description */

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>


{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

==OWASP API Security Project==

This project seeks to address the ever-increasing number of organizations that are deploying potentially sensitive APIs as part of their software offerings. These APIs are used for internal tasks and to interface with third parties. Unfortunately, many APIs do not undergo the rigorous security testing that would render them secure from attack.

The OWASP API Security Project seeks to provide value to software developers and security assessors by underscoring the potential risks in insecure APIs and illustrating how these risks may be mitigated. In order to facilitate this goal, the OWASP API Security Project will create and maintain a '''Top 10 API Security Risks''' document, as well as a '''documentation portal''' for best practices when creating or assessing APIs.

==Description==

While working as developers or information security consulting, many people have encountered APIs as part of a project. While there are some resources to help create and evaluate these projects (such as the OWASP REST Security Cheat Sheet), there has not be a comprehensive security project designed to assist builders, breakers, and defenders in the community.

This project aims to create:

* The OWASP Top Ten API Security Risks document, which can easily underscore the most common risks in the area.
* Create a documentation portal for developers to build APIs in a secure manner.
* Work with the security community to maintain living documents that evolve with security trends.

==Licensing==

'''The OWASP API Security Project documents are free to use!

The OWASP API Security Project is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.


| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== What is the OWASP API Security Project? ==

The OWASP API Security Project seeks to deliver actionable documentation on creating and deploying verifiably secure web APIs, as well as illustrating the major risks and shortfalls that APIs may encounter. By helping developers create resilient software, and helping assessors understand the subtle risks an API may entail, the goal of this project is to bring security to an increasingly programmatic world.

== Presentation ==

The OWASP API Security Project will be presented in 2016.

== Project Leader ==

* [https://www.owasp.org/index.php/User:David_Shaw David Shaw]

== Related Projects ==

* [[REST_Security_Cheat_Sheet]]
* [https://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API Enterprise Security API]

== Quick Download ==

Once API Security documents are created, they will be available for direct download here.

== News and Events ==

There has not yet been press coverage of this project.

== In Print ==

There are no current print materials for this project.

==Classifications==

{| width="200" cellpadding="2"
|-
| align="center" valign="top" width="50%" rowspan="3"| [[File:New projects.png|100px|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]]
|-
| align="center" valign="top" width="50%"| [[File:Owasp-breakers-small.png|link=]]
|-
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]
|-
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
|-
| colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=]]
|}

|}

=FAQs=


<span style="color:#ff0000">
Many projects have "Frequently Asked Questions" documents or pages. However, the point of such a document is not the questions. ''The point of a document like this are the '''answers'''''. The document contains the answers that people would otherwise find themselves giving over and over again. The idea is that rather than laboriously compose and post the same answers repeatedly, people can refer to this page with pre-prepared answers. Use this space to communicate your projects 'Frequent Answers.'
</span>

==How can I participate in your project?==
All you have to do is make the Project Leader's aware of your available time to contribute to the project. It is also important to let the Leader's know how you would like to contribute and pitch in to help the project meet it's goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key.

==If I am not a programmer can I participate in your project?==
Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for researchers, writers, graphic designers, and a project administrator.

= Acknowledgements =

==Contributors==


<span style="color:#ff0000">
The success of OWASP is due to a community of enthusiasts and contributors that work to make our projects great. This is also true for the success of your project.
Be sure to give credit where credit is due, no matter how small! This should be a brief list of the most amazing people involved in your project.
Be sure to provide a link to a complete list of all the amazing people in your project's community as well.
</span>

The OWASP Security Principles project is developed by a worldwide team of volunteers. A live update of project [https://github.com/OWASP/Security-Principles/graphs/contributors contributors is found here].

The first contributors to the project were:

* [https://www.owasp.org/index.php/User:Dennis_Groves Dennis Groves]
* [https://github.com/sublimino Andrew Martin]
* [https://github.com/Lambdanaut Josh Thomas]
* '''YOUR NAME BELONGS HERE'''

= Road Map and Getting Involved =


<span style="color:#ff0000">
A project roadmap is the envisioned plan for the project. The purpose of the roadmap is to help others understand where the project is going. It gives the community a chance to understand the context and the vision for the goal of the project. Additionally, if a project becomes inactive, or if the project is abandoned, a roadmap can help ensure a project can be adopted and continued under new leadership.
</span>

The roadmap for this project is straightforward: we'll begin by conducting research and seeking feedback from developers and security auditors on the problems they most frequently encounter via web-based APIs. We'll create, from this research, the OWASP Top Ten API Risks, a sub-project of the API Security Project. Once this document is created (and maintained), we will also create guidelines in order to demonstrate each of the risks (as well as other, non-top-ten risks) and illustrate how to prevent them.

<span style="color:#ff0000">
Roadmaps vary in detail from a broad outline to a fully detailed project charter. Generally speaking, projects with detailed roadmaps have tended to develop into successful projects. Some details that leaders may consider placing in the roadmap include: envisioned milestones, planned feature enhancements, essential conditions, project assumptions, development timelines, etc. You are required to have at least 4 milestones for every year the project is active.
</span>

As of October 2013, the priorities are:
* Finish the referencing for each principle.
* Update the Project Template.
* Use the OWASP Press to develop a book.
* Finish and publish the book on Lulu.

Involvement in the development and promotion of the OWASP Security Principles Project is actively encouraged!
You do not have to be a security expert in order to contribute.
Some of the ways you can help:
* Helping find references to some of the principles.
* Project administration support.
* Wiki editing support.
* Writing support for the book.

=Project About=


<span style="color:#ff0000">
This page is where you need to place your legacy project template page if your project was created before October 2013. To edit this page you will need to edit your project information template. You can typically find this page by following this address and substituting your project name where it says "OWASP_Example_Project". When in doubt, ask the OWASP Projects Manager.
Example template page: https://www.owasp.org/index.php/Projects/OWASP_Example_Project
</span>

{{:Projects/OWASP_Example_Project_About_Page}}


__NOTOC__ <headertabs />

[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Breakers]] [[Category:OWASP_Defenders]] [[Category:OWASP_Document]]

OWASP API Security Project

2015-10-20T16:53:11Z

David Shaw:

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>


{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

==OWASP API Security Project==

This project seeks to address the ever-increasing number of organizations that are deploying potentially sensitive APIs as part of their software offerings. These APIs are used for internal tasks and to interface with third parties. Unfortunately, many APIs do not undergo the rigorous security testing that would render them secure from attack.

The OWASP API Security Project seeks to provide value to software developers and security assessors by underscoring the potential risks in insecure APIs and illustrating how these risks may be mitigated. In order to facilitate this goal, the OWASP API Security Project will create and maintain a '''Top 10 API Security Risks''' document, as well as a '''documentation portal''' for best practices when creating or assessing APIs.

==Description==


<span style="color:#ff0000">
This section must include a shorter description of what the project is, why the project was started, and what security issue is being helped by the project deliverable. This description will be used to promote the project so make sure the description represents your project in the best way possible.
</span>

By helping developers create verifiably secure APIs, and helping security assessors understand the subtle risks an API may entail, the goal of this project is to bring security to an increasingly programmatic world.

'''Although this is a sample template, the project is real! [http://owasp.github.io/Security-Principles Please contribute to this project.]
'''

Over the course of my career, I have come across and collected a number of security ''aphorisms.'' These aphorisms constitute the fundamental principles of information security.

None of the ideas or truths are mine, and unfortunately, I did not collect the citations. Initially, I would like to identify the correct citations for each aphorism.

Additionally, many are re-statements of the same idea; thus, the 'collection of ideas' defines a fundamental principle. As such, I would also like to reverse engineer the principles from the aphorisms where appropriate, as well.

==Licensing==

'''The OWASP API Security Project documents are free to use!

The OWASP API Security Project is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.


| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== What is the OWASP API Security Project? ==

The OWASP API Security Project seeks to deliver actionable documentation on creating and deploying verifiably secure web APIs, as well as illustrating the major risks and shortfalls that APIs may encounter. By helping developers create resilient software, and helping assessors understand the subtle risks an API may entail, the goal of this project is to bring security to an increasingly programmatic world.

== Presentation ==

The OWASP API Security Project will be presented in 2016.

== Project Leader ==

* [https://www.owasp.org/index.php/User:David_Shaw David Shaw]

== Related Projects ==

* [[REST_Security_Cheat_Sheet]]
* [https://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API Enterprise Security API]

== Quick Download ==

Once API Security documents are created, they will be available for direct download here.

== News and Events ==

There has not yet been press coverage of this project.

== In Print ==

There are no current print materials for this project.

==Classifications==

{| width="200" cellpadding="2"
|-
| align="center" valign="top" width="50%" rowspan="3"| [[File:New projects.png|100px|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]]
|-
| align="center" valign="top" width="50%"| [[File:Owasp-breakers-small.png|link=]]
|-
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]
|-
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
|-
| colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=]]
|}

|}

=FAQs=


<span style="color:#ff0000">
Many projects have "Frequently Asked Questions" documents or pages. However, the point of such a document is not the questions. ''The point of a document like this are the '''answers'''''. The document contains the answers that people would otherwise find themselves giving over and over again. The idea is that rather than laboriously compose and post the same answers repeatedly, people can refer to this page with pre-prepared answers. Use this space to communicate your projects 'Frequent Answers.'
</span>

==How can I participate in your project?==
All you have to do is make the Project Leader's aware of your available time to contribute to the project. It is also important to let the Leader's know how you would like to contribute and pitch in to help the project meet it's goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key.

==If I am not a programmer can I participate in your project?==
Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for researchers, writers, graphic designers, and a project administrator.

= Acknowledgements =

==Contributors==


<span style="color:#ff0000">
The success of OWASP is due to a community of enthusiasts and contributors that work to make our projects great. This is also true for the success of your project.
Be sure to give credit where credit is due, no matter how small! This should be a brief list of the most amazing people involved in your project.
Be sure to provide a link to a complete list of all the amazing people in your project's community as well.
</span>

The OWASP Security Principles project is developed by a worldwide team of volunteers. A live update of project [https://github.com/OWASP/Security-Principles/graphs/contributors contributors is found here].

The first contributors to the project were:

* [https://www.owasp.org/index.php/User:Dennis_Groves Dennis Groves]
* [https://github.com/sublimino Andrew Martin]
* [https://github.com/Lambdanaut Josh Thomas]
* '''YOUR NAME BELONGS HERE'''

= Road Map and Getting Involved =


<span style="color:#ff0000">
A project roadmap is the envisioned plan for the project. The purpose of the roadmap is to help others understand where the project is going. It gives the community a chance to understand the context and the vision for the goal of the project. Additionally, if a project becomes inactive, or if the project is abandoned, a roadmap can help ensure a project can be adopted and continued under new leadership.
</span>

The roadmap for this project is straightforward: we'll begin by conducting research and seeking feedback from developers and security auditors on the problems they most frequently encounter via web-based APIs. We'll create, from this research, the OWASP Top Ten API Risks, a sub-project of the API Security Project. Once this document is created (and maintained), we will also create guidelines in order to demonstrate each of the risks (as well as other, non-top-ten risks) and illustrate how to prevent them.

<span style="color:#ff0000">
Roadmaps vary in detail from a broad outline to a fully detailed project charter. Generally speaking, projects with detailed roadmaps have tended to develop into successful projects. Some details that leaders may consider placing in the roadmap include: envisioned milestones, planned feature enhancements, essential conditions, project assumptions, development timelines, etc. You are required to have at least 4 milestones for every year the project is active.
</span>

As of October 2013, the priorities are:
* Finish the referencing for each principle.
* Update the Project Template.
* Use the OWASP Press to develop a book.
* Finish and publish the book on Lulu.

Involvement in the development and promotion of the OWASP Security Principles Project is actively encouraged!
You do not have to be a security expert in order to contribute.
Some of the ways you can help:
* Helping find references to some of the principles.
* Project administration support.
* Wiki editing support.
* Writing support for the book.

=Project About=


<span style="color:#ff0000">
This page is where you need to place your legacy project template page if your project was created before October 2013. To edit this page you will need to edit your project information template. You can typically find this page by following this address and substituting your project name where it says "OWASP_Example_Project". When in doubt, ask the OWASP Projects Manager.
Example template page: https://www.owasp.org/index.php/Projects/OWASP_Example_Project
</span>

{{:Projects/OWASP_Example_Project_About_Page}}


__NOTOC__ <headertabs />

[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Breakers]] [[Category:OWASP_Defenders]] [[Category:OWASP_Document]]

OWASP API Security Project

2015-10-20T16:50:00Z

David Shaw: /* What is OWASP API Security Project? */

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>


{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

==OWASP API Security Project==

This project seeks to address the ever-increasing number of organizations that are deploying potentially sensitive APIs as part of their software offerings. These APIs are used for internal tasks and to interface with third parties. Unfortunately, many APIs do not undergo the rigorous security testing that would render them secure from attack.

The OWASP API Security Project seeks to provide value to software developers and security assessors by underscoring the potential risks in insecure APIs and illustrating how these risks may be mitigated. In order to facilitate this goal, the OWASP API Security Project will create and maintain a '''Top 10 API Security Risks''' document, as well as a '''documentation portal''' for best practices when creating or assessing APIs.

==Description==


<span style="color:#ff0000">
This section must include a shorter description of what the project is, why the project was started, and what security issue is being helped by the project deliverable. This description will be used to promote the project so make sure the description represents your project in the best way possible.
</span>

By helping developers create verifiably secure APIs, and helping security assessors understand the subtle risks an API may entail, the goal of this project is to bring security to an increasingly programmatic world.

'''Although this is a sample template, the project is real! [http://owasp.github.io/Security-Principles Please contribute to this project.]
'''

Over the course of my career, I have come across and collected a number of security ''aphorisms.'' These aphorisms constitute the fundamental principles of information security.

None of the ideas or truths are mine, and unfortunately, I did not collect the citations. Initially, I would like to identify the correct citations for each aphorism.

Additionally, many are re-statements of the same idea; thus, the 'collection of ideas' defines a fundamental principle. As such, I would also like to reverse engineer the principles from the aphorisms where appropriate, as well.

==Licensing==

'''The OWASP API Security Project documents are free to use!

The OWASP API Security Project is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.


| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== What is the OWASP API Security Project? ==

The OWASP API Security Project seeks to deliver actionable documentation on creating and deploying verifiably secure web APIs, as well as illustrating the major risks and shortfalls that APIs may encounter. By helping developers create resilient software, and helping assessors understand the subtle risks an API may entail, the goal of this project is to bring security to an increasingly programmatic world.

== Presentation ==

The OWASP API Security Project will be presented in 2016.

== Project Leader ==

* [https://www.owasp.org/index.php/User:David_Shaw David Shaw]

== Related Projects ==

* [[REST_Security_Cheat_Sheet]]
* [https://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API Enterprise Security API]

== Quick Download ==

Once API Security documents are created, they will be available for direct download here.

== News and Events ==

There has not yet been press coverage of this project.

== In Print ==

There are no current print materials for this project.

==Classifications==

{| width="200" cellpadding="2"
|-
| align="center" valign="top" width="50%" rowspan="3"| [[File:New projects.png|100px|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]]
|-
| align="center" valign="top" width="50%"| [[File:Owasp-breakers-small.png|link=]]
|-
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]
|-
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
|-
| colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=]]
|}

|}

=FAQs=


<span style="color:#ff0000">
Many projects have "Frequently Asked Questions" documents or pages. However, the point of such a document is not the questions. ''The point of a document like this are the '''answers'''''. The document contains the answers that people would otherwise find themselves giving over and over again. The idea is that rather than laboriously compose and post the same answers repeatedly, people can refer to this page with pre-prepared answers. Use this space to communicate your projects 'Frequent Answers.'
</span>

==How can I participate in your project?==
All you have to do is make the Project Leader's aware of your available time to contribute to the project. It is also important to let the Leader's know how you would like to contribute and pitch in to help the project meet it's goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key.

==If I am not a programmer can I participate in your project?==
Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for researchers, writers, graphic designers, and a project administrator.

= Acknowledgements =

==Contributors==


<span style="color:#ff0000">
The success of OWASP is due to a community of enthusiasts and contributors that work to make our projects great. This is also true for the success of your project.
Be sure to give credit where credit is due, no matter how small! This should be a brief list of the most amazing people involved in your project.
Be sure to provide a link to a complete list of all the amazing people in your project's community as well.
</span>

The OWASP Security Principles project is developed by a worldwide team of volunteers. A live update of project [https://github.com/OWASP/Security-Principles/graphs/contributors contributors is found here].

The first contributors to the project were:

* [https://www.owasp.org/index.php/User:Dennis_Groves Dennis Groves]
* [https://github.com/sublimino Andrew Martin]
* [https://github.com/Lambdanaut Josh Thomas]
* '''YOUR NAME BELONGS HERE'''

= Road Map and Getting Involved =


<span style="color:#ff0000">
A project roadmap is the envisioned plan for the project. The purpose of the roadmap is to help others understand where the project is going. It gives the community a chance to understand the context and the vision for the goal of the project. Additionally, if a project becomes inactive, or if the project is abandoned, a roadmap can help ensure a project can be adopted and continued under new leadership.
</span>

The roadmap for this project is straightforward: we'll begin by conducting research and seeking feedback from developers and security auditors on the problems they most frequently encounter via web-based APIs. We'll create, from this research, the OWASP Top Ten API Risks, a sub-project of the API Security Project. Once this document is created (and maintained), we will also create guidelines in order to demonstrate each of the risks (as well as other, non-top-ten risks) and illustrate how to prevent them.

<span style="color:#ff0000">
Roadmaps vary in detail from a broad outline to a fully detailed project charter. Generally speaking, projects with detailed roadmaps have tended to develop into successful projects. Some details that leaders may consider placing in the roadmap include: envisioned milestones, planned feature enhancements, essential conditions, project assumptions, development timelines, etc. You are required to have at least 4 milestones for every year the project is active.
</span>

As of October 2013, the priorities are:
* Finish the referencing for each principle.
* Update the Project Template.
* Use the OWASP Press to develop a book.
* Finish and publish the book on Lulu.

Involvement in the development and promotion of the OWASP Security Principles Project is actively encouraged!
You do not have to be a security expert in order to contribute.
Some of the ways you can help:
* Helping find references to some of the principles.
* Project administration support.
* Wiki editing support.
* Writing support for the book.

=Project About=


<span style="color:#ff0000">
This page is where you need to place your legacy project template page if your project was created before October 2013. To edit this page you will need to edit your project information template. You can typically find this page by following this address and substituting your project name where it says "OWASP_Example_Project". When in doubt, ask the OWASP Projects Manager.
Example template page: https://www.owasp.org/index.php/Projects/OWASP_Example_Project
</span>

{{:Projects/OWASP_Example_Project_About_Page}}


__NOTOC__ <headertabs />

[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Document]]

OWASP API Security Project

2015-10-19T23:41:46Z

David Shaw: /* OWASP API Security Project */

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>


{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

==OWASP API Security Project==

This project seeks to address the ever-increasing number of organizations that are deploying potentially sensitive APIs as part of their software offerings. These APIs are used for internal tasks and to interface with third parties. Unfortunately, many APIs do not undergo the rigorous security testing that would render them secure from attack.

The OWASP API Security Project seeks to provide value to software developers and security assessors by underscoring the potential risks in insecure APIs and illustrating how these risks may be mitigated. In order to facilitate this goal, the OWASP API Security Project will create and maintain a '''Top 10 API Security Risks''' document, as well as a '''documentation portal''' for best practices when creating or assessing APIs.

==Description==


<span style="color:#ff0000">
This section must include a shorter description of what the project is, why the project was started, and what security issue is being helped by the project deliverable. This description will be used to promote the project so make sure the description represents your project in the best way possible.
</span>

By helping developers create verifiably secure APIs, and helping security assessors understand the subtle risks an API may entail, the goal of this project is to bring security to an increasingly programmatic world.

'''Although this is a sample template, the project is real! [http://owasp.github.io/Security-Principles Please contribute to this project.]
'''

Over the course of my career, I have come across and collected a number of security ''aphorisms.'' These aphorisms constitute the fundamental principles of information security.

None of the ideas or truths are mine, and unfortunately, I did not collect the citations. Initially, I would like to identify the correct citations for each aphorism.

Additionally, many are re-statements of the same idea; thus, the 'collection of ideas' defines a fundamental principle. As such, I would also like to reverse engineer the principles from the aphorisms where appropriate, as well.

==Licensing==

'''The OWASP API Security Project documents are free to use!

The OWASP API Security Project is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.


| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== What is OWASP API Security Project? ==

The OWASP API Security Project seeks to deliver actionable documentation on creating and deploying verifiably secure web APIs, as well as illustrating the major risks and shortfalls that APIs may encounter. By helping developers create resilient software, and helping assessors understand the subtle risks an API may entail, the goal of this project is to bring security to an increasingly programmatic world.

== Presentation ==

The OWASP API Security Project will be presented in 2016.

== Project Leader ==

* [https://www.owasp.org/index.php/User:David_Shaw David Shaw]

== Related Projects ==

* [[REST_Security_Cheat_Sheet]]
* [https://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API Enterprise Security API]

== Quick Download ==

Once API Security documents are created, they will be available for direct download here.

== News and Events ==

There has not yet been press coverage of this project.

== In Print ==

There are no current print materials for this project.

==Classifications==

{| width="200" cellpadding="2"
|-
| align="center" valign="top" width="50%" rowspan="3"| [[File:New projects.png|100px|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]]
|-
| align="center" valign="top" width="50%"| [[File:Owasp-breakers-small.png|link=]]
|-
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]
|-
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
|-
| colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=]]
|}

|}

=FAQs=


<span style="color:#ff0000">
Many projects have "Frequently Asked Questions" documents or pages. However, the point of such a document is not the questions. ''The point of a document like this are the '''answers'''''. The document contains the answers that people would otherwise find themselves giving over and over again. The idea is that rather than laboriously compose and post the same answers repeatedly, people can refer to this page with pre-prepared answers. Use this space to communicate your projects 'Frequent Answers.'
</span>

==How can I participate in your project?==
All you have to do is make the Project Leader's aware of your available time to contribute to the project. It is also important to let the Leader's know how you would like to contribute and pitch in to help the project meet it's goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key.

==If I am not a programmer can I participate in your project?==
Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for researchers, writers, graphic designers, and a project administrator.

= Acknowledgements =

==Contributors==


<span style="color:#ff0000">
The success of OWASP is due to a community of enthusiasts and contributors that work to make our projects great. This is also true for the success of your project.
Be sure to give credit where credit is due, no matter how small! This should be a brief list of the most amazing people involved in your project.
Be sure to provide a link to a complete list of all the amazing people in your project's community as well.
</span>

The OWASP Security Principles project is developed by a worldwide team of volunteers. A live update of project [https://github.com/OWASP/Security-Principles/graphs/contributors contributors is found here].

The first contributors to the project were:

* [https://www.owasp.org/index.php/User:Dennis_Groves Dennis Groves]
* [https://github.com/sublimino Andrew Martin]
* [https://github.com/Lambdanaut Josh Thomas]
* '''YOUR NAME BELONGS HERE'''

= Road Map and Getting Involved =


<span style="color:#ff0000">
A project roadmap is the envisioned plan for the project. The purpose of the roadmap is to help others understand where the project is going. It gives the community a chance to understand the context and the vision for the goal of the project. Additionally, if a project becomes inactive, or if the project is abandoned, a roadmap can help ensure a project can be adopted and continued under new leadership.
</span>

The roadmap for this project is straightforward: we'll begin by conducting research and seeking feedback from developers and security auditors on the problems they most frequently encounter via web-based APIs. We'll create, from this research, the OWASP Top Ten API Risks, a sub-project of the API Security Project. Once this document is created (and maintained), we will also create guidelines in order to demonstrate each of the risks (as well as other, non-top-ten risks) and illustrate how to prevent them.

<span style="color:#ff0000">
Roadmaps vary in detail from a broad outline to a fully detailed project charter. Generally speaking, projects with detailed roadmaps have tended to develop into successful projects. Some details that leaders may consider placing in the roadmap include: envisioned milestones, planned feature enhancements, essential conditions, project assumptions, development timelines, etc. You are required to have at least 4 milestones for every year the project is active.
</span>

As of October 2013, the priorities are:
* Finish the referencing for each principle.
* Update the Project Template.
* Use the OWASP Press to develop a book.
* Finish and publish the book on Lulu.

Involvement in the development and promotion of the OWASP Security Principles Project is actively encouraged!
You do not have to be a security expert in order to contribute.
Some of the ways you can help:
* Helping find references to some of the principles.
* Project administration support.
* Wiki editing support.
* Writing support for the book.

=Project About=


<span style="color:#ff0000">
This page is where you need to place your legacy project template page if your project was created before October 2013. To edit this page you will need to edit your project information template. You can typically find this page by following this address and substituting your project name where it says "OWASP_Example_Project". When in doubt, ask the OWASP Projects Manager.
Example template page: https://www.owasp.org/index.php/Projects/OWASP_Example_Project
</span>

{{:Projects/OWASP_Example_Project_About_Page}}


__NOTOC__ <headertabs />

[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Document]]

OWASP API Security Project

2015-10-19T23:41:05Z

David Shaw: /* OWASP API Security Project */

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>


{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

==OWASP API Security Project==

This project seeks to address the ever-increasing number of organizations that are deploying APIs as part of their software packages. These APIs are used both for internal tasks, and to interface with third parties. Unfortunately, many APIs do not undergo the rigorous security testing that would render them secure from attack.

The OWASP API Security Project seeks to provide value to software developers and security assessors by underscoring the potential risks in insecure APIs and illustrating how these risks may be mitigated. In order to facilitate this goal, the OWASP API Security Project will create and maintain a '''Top 10 API Security Risks''' document, as well as a '''documentation portal''' for best practices when creating or assessing APIs.

==Description==


<span style="color:#ff0000">
This section must include a shorter description of what the project is, why the project was started, and what security issue is being helped by the project deliverable. This description will be used to promote the project so make sure the description represents your project in the best way possible.
</span>

By helping developers create verifiably secure APIs, and helping security assessors understand the subtle risks an API may entail, the goal of this project is to bring security to an increasingly programmatic world.

'''Although this is a sample template, the project is real! [http://owasp.github.io/Security-Principles Please contribute to this project.]
'''

Over the course of my career, I have come across and collected a number of security ''aphorisms.'' These aphorisms constitute the fundamental principles of information security.

None of the ideas or truths are mine, and unfortunately, I did not collect the citations. Initially, I would like to identify the correct citations for each aphorism.

Additionally, many are re-statements of the same idea; thus, the 'collection of ideas' defines a fundamental principle. As such, I would also like to reverse engineer the principles from the aphorisms where appropriate, as well.

==Licensing==

'''The OWASP API Security Project documents are free to use!

The OWASP API Security Project is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.


| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== What is OWASP API Security Project? ==

The OWASP API Security Project seeks to deliver actionable documentation on creating and deploying verifiably secure web APIs, as well as illustrating the major risks and shortfalls that APIs may encounter. By helping developers create resilient software, and helping assessors understand the subtle risks an API may entail, the goal of this project is to bring security to an increasingly programmatic world.

== Presentation ==

The OWASP API Security Project will be presented in 2016.

== Project Leader ==

* [https://www.owasp.org/index.php/User:David_Shaw David Shaw]

== Related Projects ==

* [[REST_Security_Cheat_Sheet]]
* [https://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API Enterprise Security API]

== Quick Download ==

Once API Security documents are created, they will be available for direct download here.

== News and Events ==

There has not yet been press coverage of this project.

== In Print ==

There are no current print materials for this project.

==Classifications==

{| width="200" cellpadding="2"
|-
| align="center" valign="top" width="50%" rowspan="3"| [[File:New projects.png|100px|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]]
|-
| align="center" valign="top" width="50%"| [[File:Owasp-breakers-small.png|link=]]
|-
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]
|-
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
|-
| colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=]]
|}

|}

=FAQs=


<span style="color:#ff0000">
Many projects have "Frequently Asked Questions" documents or pages. However, the point of such a document is not the questions. ''The point of a document like this are the '''answers'''''. The document contains the answers that people would otherwise find themselves giving over and over again. The idea is that rather than laboriously compose and post the same answers repeatedly, people can refer to this page with pre-prepared answers. Use this space to communicate your projects 'Frequent Answers.'
</span>

==How can I participate in your project?==
All you have to do is make the Project Leader's aware of your available time to contribute to the project. It is also important to let the Leader's know how you would like to contribute and pitch in to help the project meet it's goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key.

==If I am not a programmer can I participate in your project?==
Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for researchers, writers, graphic designers, and a project administrator.

= Acknowledgements =

==Contributors==


<span style="color:#ff0000">
The success of OWASP is due to a community of enthusiasts and contributors that work to make our projects great. This is also true for the success of your project.
Be sure to give credit where credit is due, no matter how small! This should be a brief list of the most amazing people involved in your project.
Be sure to provide a link to a complete list of all the amazing people in your project's community as well.
</span>

The OWASP Security Principles project is developed by a worldwide team of volunteers. A live update of project [https://github.com/OWASP/Security-Principles/graphs/contributors contributors is found here].

The first contributors to the project were:

* [https://www.owasp.org/index.php/User:Dennis_Groves Dennis Groves]
* [https://github.com/sublimino Andrew Martin]
* [https://github.com/Lambdanaut Josh Thomas]
* '''YOUR NAME BELONGS HERE'''

= Road Map and Getting Involved =


<span style="color:#ff0000">
A project roadmap is the envisioned plan for the project. The purpose of the roadmap is to help others understand where the project is going. It gives the community a chance to understand the context and the vision for the goal of the project. Additionally, if a project becomes inactive, or if the project is abandoned, a roadmap can help ensure a project can be adopted and continued under new leadership.
</span>

The roadmap for this project is straightforward: we'll begin by conducting research and seeking feedback from developers and security auditors on the problems they most frequently encounter via web-based APIs. We'll create, from this research, the OWASP Top Ten API Risks, a sub-project of the API Security Project. Once this document is created (and maintained), we will also create guidelines in order to demonstrate each of the risks (as well as other, non-top-ten risks) and illustrate how to prevent them.

<span style="color:#ff0000">
Roadmaps vary in detail from a broad outline to a fully detailed project charter. Generally speaking, projects with detailed roadmaps have tended to develop into successful projects. Some details that leaders may consider placing in the roadmap include: envisioned milestones, planned feature enhancements, essential conditions, project assumptions, development timelines, etc. You are required to have at least 4 milestones for every year the project is active.
</span>

As of October 2013, the priorities are:
* Finish the referencing for each principle.
* Update the Project Template.
* Use the OWASP Press to develop a book.
* Finish and publish the book on Lulu.

Involvement in the development and promotion of the OWASP Security Principles Project is actively encouraged!
You do not have to be a security expert in order to contribute.
Some of the ways you can help:
* Helping find references to some of the principles.
* Project administration support.
* Wiki editing support.
* Writing support for the book.

=Project About=


<span style="color:#ff0000">
This page is where you need to place your legacy project template page if your project was created before October 2013. To edit this page you will need to edit your project information template. You can typically find this page by following this address and substituting your project name where it says "OWASP_Example_Project". When in doubt, ask the OWASP Projects Manager.
Example template page: https://www.owasp.org/index.php/Projects/OWASP_Example_Project
</span>

{{:Projects/OWASP_Example_Project_About_Page}}


__NOTOC__ <headertabs />

[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Document]]

OWASP API Security Project

2015-10-19T19:40:55Z

David Shaw: /* OWASP API Security Project */

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>


{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

==OWASP API Security Project==

More organizations than ever are creating and deploying web-based APIs. These APIs are used both for internal tasks, and to interface with third parties. Unfortunately, many APIs do not undergo the rigorous security testing that would render them secure from attack.

The OWASP API Security Project seeks to provide value to software developers and security assessors by underscoring the potential risks in insecure APIs and illustrating how these risks may be mitigated. In order to facilitate this goal, the OWASP API Security Project will create and maintain a '''Top 10 API Security Risks''' document, as well as a '''documentation portal''' for best practices when creating or assessing APIs.

==Description==


<span style="color:#ff0000">
This section must include a shorter description of what the project is, why the project was started, and what security issue is being helped by the project deliverable. This description will be used to promote the project so make sure the description represents your project in the best way possible.
</span>

By helping developers create verifiably secure APIs, and helping security assessors understand the subtle risks an API may entail, the goal of this project is to bring security to an increasingly programmatic world.

'''Although this is a sample template, the project is real! [http://owasp.github.io/Security-Principles Please contribute to this project.]
'''

Over the course of my career, I have come across and collected a number of security ''aphorisms.'' These aphorisms constitute the fundamental principles of information security.

None of the ideas or truths are mine, and unfortunately, I did not collect the citations. Initially, I would like to identify the correct citations for each aphorism.

Additionally, many are re-statements of the same idea; thus, the 'collection of ideas' defines a fundamental principle. As such, I would also like to reverse engineer the principles from the aphorisms where appropriate, as well.

==Licensing==

'''The OWASP API Security Project documents are free to use!

The OWASP API Security Project is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.


| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== What is OWASP API Security Project? ==

The OWASP API Security Project seeks to deliver actionable documentation on creating and deploying verifiably secure web APIs, as well as illustrating the major risks and shortfalls that APIs may encounter. By helping developers create resilient software, and helping assessors understand the subtle risks an API may entail, the goal of this project is to bring security to an increasingly programmatic world.

== Presentation ==

The OWASP API Security Project will be presented in 2016.

== Project Leader ==

* [https://www.owasp.org/index.php/User:David_Shaw David Shaw]

== Related Projects ==

* [[REST_Security_Cheat_Sheet]]
* [https://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API Enterprise Security API]

== Quick Download ==

Once API Security documents are created, they will be available for direct download here.

== News and Events ==

There has not yet been press coverage of this project.

== In Print ==

There are no current print materials for this project.

==Classifications==

{| width="200" cellpadding="2"
|-
| align="center" valign="top" width="50%" rowspan="3"| [[File:New projects.png|100px|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]]
|-
| align="center" valign="top" width="50%"| [[File:Owasp-breakers-small.png|link=]]
|-
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]
|-
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
|-
| colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=]]
|}

|}

=FAQs=


<span style="color:#ff0000">
Many projects have "Frequently Asked Questions" documents or pages. However, the point of such a document is not the questions. ''The point of a document like this are the '''answers'''''. The document contains the answers that people would otherwise find themselves giving over and over again. The idea is that rather than laboriously compose and post the same answers repeatedly, people can refer to this page with pre-prepared answers. Use this space to communicate your projects 'Frequent Answers.'
</span>

==How can I participate in your project?==
All you have to do is make the Project Leader's aware of your available time to contribute to the project. It is also important to let the Leader's know how you would like to contribute and pitch in to help the project meet it's goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key.

==If I am not a programmer can I participate in your project?==
Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for researchers, writers, graphic designers, and a project administrator.

= Acknowledgements =

==Contributors==


<span style="color:#ff0000">
The success of OWASP is due to a community of enthusiasts and contributors that work to make our projects great. This is also true for the success of your project.
Be sure to give credit where credit is due, no matter how small! This should be a brief list of the most amazing people involved in your project.
Be sure to provide a link to a complete list of all the amazing people in your project's community as well.
</span>

The OWASP Security Principles project is developed by a worldwide team of volunteers. A live update of project [https://github.com/OWASP/Security-Principles/graphs/contributors contributors is found here].

The first contributors to the project were:

* [https://www.owasp.org/index.php/User:Dennis_Groves Dennis Groves]
* [https://github.com/sublimino Andrew Martin]
* [https://github.com/Lambdanaut Josh Thomas]
* '''YOUR NAME BELONGS HERE'''

= Road Map and Getting Involved =


<span style="color:#ff0000">
A project roadmap is the envisioned plan for the project. The purpose of the roadmap is to help others understand where the project is going. It gives the community a chance to understand the context and the vision for the goal of the project. Additionally, if a project becomes inactive, or if the project is abandoned, a roadmap can help ensure a project can be adopted and continued under new leadership.
</span>

The roadmap for this project is straightforward: we'll begin by conducting research and seeking feedback from developers and security auditors on the problems they most frequently encounter via web-based APIs. We'll create, from this research, the OWASP Top Ten API Risks, a sub-project of the API Security Project. Once this document is created (and maintained), we will also create guidelines in order to demonstrate each of the risks (as well as other, non-top-ten risks) and illustrate how to prevent them.

<span style="color:#ff0000">
Roadmaps vary in detail from a broad outline to a fully detailed project charter. Generally speaking, projects with detailed roadmaps have tended to develop into successful projects. Some details that leaders may consider placing in the roadmap include: envisioned milestones, planned feature enhancements, essential conditions, project assumptions, development timelines, etc. You are required to have at least 4 milestones for every year the project is active.
</span>

As of October 2013, the priorities are:
* Finish the referencing for each principle.
* Update the Project Template.
* Use the OWASP Press to develop a book.
* Finish and publish the book on Lulu.

Involvement in the development and promotion of the OWASP Security Principles Project is actively encouraged!
You do not have to be a security expert in order to contribute.
Some of the ways you can help:
* Helping find references to some of the principles.
* Project administration support.
* Wiki editing support.
* Writing support for the book.

=Project About=


<span style="color:#ff0000">
This page is where you need to place your legacy project template page if your project was created before October 2013. To edit this page you will need to edit your project information template. You can typically find this page by following this address and substituting your project name where it says "OWASP_Example_Project". When in doubt, ask the OWASP Projects Manager.
Example template page: https://www.owasp.org/index.php/Projects/OWASP_Example_Project
</span>

{{:Projects/OWASP_Example_Project_About_Page}}


__NOTOC__ <headertabs />

[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Document]]

OWASP API Security Project

2015-10-19T19:40:21Z

David Shaw: /* OWASP API Security Project */

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>


{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

==OWASP API Security Project==

More organizations than ever are creating and deploying web-based APIs. These APIs are used both for internal tasks, and to interface with third parties. Unfortunately, many APIs do not undergo the rigorous security testing that would render them secure from attack.

The OWASP API Security Project seeks to provide value to software developers and security assessors by underscoring the potential risks in insecure APIs and illustrating how these risks may be mitigated. In order to facilitate this goal, the OWASP API Security Project will create and maintain a '''Top 10 API Security Risks''' document, as well as a documentation portal for best practices when creating or assessing APIs.

==Description==


<span style="color:#ff0000">
This section must include a shorter description of what the project is, why the project was started, and what security issue is being helped by the project deliverable. This description will be used to promote the project so make sure the description represents your project in the best way possible.
</span>

By helping developers create verifiably secure APIs, and helping security assessors understand the subtle risks an API may entail, the goal of this project is to bring security to an increasingly programmatic world.

'''Although this is a sample template, the project is real! [http://owasp.github.io/Security-Principles Please contribute to this project.]
'''

Over the course of my career, I have come across and collected a number of security ''aphorisms.'' These aphorisms constitute the fundamental principles of information security.

None of the ideas or truths are mine, and unfortunately, I did not collect the citations. Initially, I would like to identify the correct citations for each aphorism.

Additionally, many are re-statements of the same idea; thus, the 'collection of ideas' defines a fundamental principle. As such, I would also like to reverse engineer the principles from the aphorisms where appropriate, as well.

==Licensing==

'''The OWASP API Security Project documents are free to use!

The OWASP API Security Project is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.


| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== What is OWASP API Security Project? ==

The OWASP API Security Project seeks to deliver actionable documentation on creating and deploying verifiably secure web APIs, as well as illustrating the major risks and shortfalls that APIs may encounter. By helping developers create resilient software, and helping assessors understand the subtle risks an API may entail, the goal of this project is to bring security to an increasingly programmatic world.

== Presentation ==

The OWASP API Security Project will be presented in 2016.

== Project Leader ==

* [https://www.owasp.org/index.php/User:David_Shaw David Shaw]

== Related Projects ==

* [[REST_Security_Cheat_Sheet]]
* [https://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API Enterprise Security API]

== Quick Download ==

Once API Security documents are created, they will be available for direct download here.

== News and Events ==

There has not yet been press coverage of this project.

== In Print ==

There are no current print materials for this project.

==Classifications==

{| width="200" cellpadding="2"
|-
| align="center" valign="top" width="50%" rowspan="3"| [[File:New projects.png|100px|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]]
|-
| align="center" valign="top" width="50%"| [[File:Owasp-breakers-small.png|link=]]
|-
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]
|-
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
|-
| colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=]]
|}

|}

=FAQs=


<span style="color:#ff0000">
Many projects have "Frequently Asked Questions" documents or pages. However, the point of such a document is not the questions. ''The point of a document like this are the '''answers'''''. The document contains the answers that people would otherwise find themselves giving over and over again. The idea is that rather than laboriously compose and post the same answers repeatedly, people can refer to this page with pre-prepared answers. Use this space to communicate your projects 'Frequent Answers.'
</span>

==How can I participate in your project?==
All you have to do is make the Project Leader's aware of your available time to contribute to the project. It is also important to let the Leader's know how you would like to contribute and pitch in to help the project meet it's goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key.

==If I am not a programmer can I participate in your project?==
Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for researchers, writers, graphic designers, and a project administrator.

= Acknowledgements =

==Contributors==


<span style="color:#ff0000">
The success of OWASP is due to a community of enthusiasts and contributors that work to make our projects great. This is also true for the success of your project.
Be sure to give credit where credit is due, no matter how small! This should be a brief list of the most amazing people involved in your project.
Be sure to provide a link to a complete list of all the amazing people in your project's community as well.
</span>

The OWASP Security Principles project is developed by a worldwide team of volunteers. A live update of project [https://github.com/OWASP/Security-Principles/graphs/contributors contributors is found here].

The first contributors to the project were:

* [https://www.owasp.org/index.php/User:Dennis_Groves Dennis Groves]
* [https://github.com/sublimino Andrew Martin]
* [https://github.com/Lambdanaut Josh Thomas]
* '''YOUR NAME BELONGS HERE'''

= Road Map and Getting Involved =


<span style="color:#ff0000">
A project roadmap is the envisioned plan for the project. The purpose of the roadmap is to help others understand where the project is going. It gives the community a chance to understand the context and the vision for the goal of the project. Additionally, if a project becomes inactive, or if the project is abandoned, a roadmap can help ensure a project can be adopted and continued under new leadership.
</span>

The roadmap for this project is straightforward: we'll begin by conducting research and seeking feedback from developers and security auditors on the problems they most frequently encounter via web-based APIs. We'll create, from this research, the OWASP Top Ten API Risks, a sub-project of the API Security Project. Once this document is created (and maintained), we will also create guidelines in order to demonstrate each of the risks (as well as other, non-top-ten risks) and illustrate how to prevent them.

<span style="color:#ff0000">
Roadmaps vary in detail from a broad outline to a fully detailed project charter. Generally speaking, projects with detailed roadmaps have tended to develop into successful projects. Some details that leaders may consider placing in the roadmap include: envisioned milestones, planned feature enhancements, essential conditions, project assumptions, development timelines, etc. You are required to have at least 4 milestones for every year the project is active.
</span>

As of October 2013, the priorities are:
* Finish the referencing for each principle.
* Update the Project Template.
* Use the OWASP Press to develop a book.
* Finish and publish the book on Lulu.

Involvement in the development and promotion of the OWASP Security Principles Project is actively encouraged!
You do not have to be a security expert in order to contribute.
Some of the ways you can help:
* Helping find references to some of the principles.
* Project administration support.
* Wiki editing support.
* Writing support for the book.

=Project About=


<span style="color:#ff0000">
This page is where you need to place your legacy project template page if your project was created before October 2013. To edit this page you will need to edit your project information template. You can typically find this page by following this address and substituting your project name where it says "OWASP_Example_Project". When in doubt, ask the OWASP Projects Manager.
Example template page: https://www.owasp.org/index.php/Projects/OWASP_Example_Project
</span>

{{:Projects/OWASP_Example_Project_About_Page}}


__NOTOC__ <headertabs />

[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Document]]

OWASP API Security Project

2015-10-19T19:38:40Z

David Shaw: /* OWASP API Security Project */

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>


{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

==OWASP API Security Project==

In today's increasingly programmatic world, many organizations employ public and private APIs. These APIs may be used for internal activities, or to interface with third parties. Unfortunately, many APIs do not undergo the rigorous security testing that would render them secure from attack.

The OWASP API Security Project seeks to provide value to software developers and security assessors by underscoring the potential risks in insecure APIs and illustrating how these risks may be mitigated. In order to facilitate this goal, the OWASP API Security Project will create and maintain a '''Top 10 API Security Risks''' document, as well as a documentation portal for best practices.

==Description==


<span style="color:#ff0000">
This section must include a shorter description of what the project is, why the project was started, and what security issue is being helped by the project deliverable. This description will be used to promote the project so make sure the description represents your project in the best way possible.
</span>

By helping developers create verifiably secure APIs, and helping security assessors understand the subtle risks an API may entail, the goal of this project is to bring security to an increasingly programmatic world.

'''Although this is a sample template, the project is real! [http://owasp.github.io/Security-Principles Please contribute to this project.]
'''

Over the course of my career, I have come across and collected a number of security ''aphorisms.'' These aphorisms constitute the fundamental principles of information security.

None of the ideas or truths are mine, and unfortunately, I did not collect the citations. Initially, I would like to identify the correct citations for each aphorism.

Additionally, many are re-statements of the same idea; thus, the 'collection of ideas' defines a fundamental principle. As such, I would also like to reverse engineer the principles from the aphorisms where appropriate, as well.

==Licensing==

'''The OWASP API Security Project documents are free to use!

The OWASP API Security Project is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.


| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== What is OWASP API Security Project? ==

The OWASP API Security Project seeks to deliver actionable documentation on creating and deploying verifiably secure web APIs, as well as illustrating the major risks and shortfalls that APIs may encounter. By helping developers create resilient software, and helping assessors understand the subtle risks an API may entail, the goal of this project is to bring security to an increasingly programmatic world.

== Presentation ==

The OWASP API Security Project will be presented in 2016.

== Project Leader ==

* [https://www.owasp.org/index.php/User:David_Shaw David Shaw]

== Related Projects ==

* [[REST_Security_Cheat_Sheet]]
* [https://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API Enterprise Security API]

== Quick Download ==

Once API Security documents are created, they will be available for direct download here.

== News and Events ==

There has not yet been press coverage of this project.

== In Print ==

There are no current print materials for this project.

==Classifications==

{| width="200" cellpadding="2"
|-
| align="center" valign="top" width="50%" rowspan="3"| [[File:New projects.png|100px|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]]
|-
| align="center" valign="top" width="50%"| [[File:Owasp-breakers-small.png|link=]]
|-
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]
|-
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
|-
| colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=]]
|}

|}

=FAQs=


<span style="color:#ff0000">
Many projects have "Frequently Asked Questions" documents or pages. However, the point of such a document is not the questions. ''The point of a document like this are the '''answers'''''. The document contains the answers that people would otherwise find themselves giving over and over again. The idea is that rather than laboriously compose and post the same answers repeatedly, people can refer to this page with pre-prepared answers. Use this space to communicate your projects 'Frequent Answers.'
</span>

==How can I participate in your project?==
All you have to do is make the Project Leader's aware of your available time to contribute to the project. It is also important to let the Leader's know how you would like to contribute and pitch in to help the project meet it's goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key.

==If I am not a programmer can I participate in your project?==
Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for researchers, writers, graphic designers, and a project administrator.

= Acknowledgements =

==Contributors==


<span style="color:#ff0000">
The success of OWASP is due to a community of enthusiasts and contributors that work to make our projects great. This is also true for the success of your project.
Be sure to give credit where credit is due, no matter how small! This should be a brief list of the most amazing people involved in your project.
Be sure to provide a link to a complete list of all the amazing people in your project's community as well.
</span>

The OWASP Security Principles project is developed by a worldwide team of volunteers. A live update of project [https://github.com/OWASP/Security-Principles/graphs/contributors contributors is found here].

The first contributors to the project were:

* [https://www.owasp.org/index.php/User:Dennis_Groves Dennis Groves]
* [https://github.com/sublimino Andrew Martin]
* [https://github.com/Lambdanaut Josh Thomas]
* '''YOUR NAME BELONGS HERE'''

= Road Map and Getting Involved =


<span style="color:#ff0000">
A project roadmap is the envisioned plan for the project. The purpose of the roadmap is to help others understand where the project is going. It gives the community a chance to understand the context and the vision for the goal of the project. Additionally, if a project becomes inactive, or if the project is abandoned, a roadmap can help ensure a project can be adopted and continued under new leadership.
</span>

The roadmap for this project is straightforward: we'll begin by conducting research and seeking feedback from developers and security auditors on the problems they most frequently encounter via web-based APIs. We'll create, from this research, the OWASP Top Ten API Risks, a sub-project of the API Security Project. Once this document is created (and maintained), we will also create guidelines in order to demonstrate each of the risks (as well as other, non-top-ten risks) and illustrate how to prevent them.

<span style="color:#ff0000">
Roadmaps vary in detail from a broad outline to a fully detailed project charter. Generally speaking, projects with detailed roadmaps have tended to develop into successful projects. Some details that leaders may consider placing in the roadmap include: envisioned milestones, planned feature enhancements, essential conditions, project assumptions, development timelines, etc. You are required to have at least 4 milestones for every year the project is active.
</span>

As of October 2013, the priorities are:
* Finish the referencing for each principle.
* Update the Project Template.
* Use the OWASP Press to develop a book.
* Finish and publish the book on Lulu.

Involvement in the development and promotion of the OWASP Security Principles Project is actively encouraged!
You do not have to be a security expert in order to contribute.
Some of the ways you can help:
* Helping find references to some of the principles.
* Project administration support.
* Wiki editing support.
* Writing support for the book.

=Project About=


<span style="color:#ff0000">
This page is where you need to place your legacy project template page if your project was created before October 2013. To edit this page you will need to edit your project information template. You can typically find this page by following this address and substituting your project name where it says "OWASP_Example_Project". When in doubt, ask the OWASP Projects Manager.
Example template page: https://www.owasp.org/index.php/Projects/OWASP_Example_Project
</span>

{{:Projects/OWASP_Example_Project_About_Page}}


__NOTOC__ <headertabs />

[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Document]]