This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP API Security Project"

From OWASP
Jump to: navigation, search
(Added Road Map)
(Changed the layout of the Main section)
Line 27: Line 27:
 
* Create a documentation portal for developers to build APIs in a secure manner.
 
* Create a documentation portal for developers to build APIs in a secure manner.
 
* Work with the security community to maintain living documents that evolve with security trends.
 
* Work with the security community to maintain living documents that evolve with security trends.
 +
 +
== What is this project? ==
 +
The OWASP API Security Project seeks to deliver actionable documentation on creating and deploying verifiably secure web APIs, as well as illustrating the major risks and shortfalls that APIs may encounter. By helping developers create resilient software, and helping assessors understand the subtle risks an API may entail, the goal of this project is to bring security to an increasingly programmatic world.
 +
 +
The primary deliverables of this project are the '''OWASP Top Ten API Security Risks''' and a secure API development '''documentation portal.'''
  
 
==Licensing==
 
==Licensing==
Line 34: Line 39:
 
The OWASP API Security Project is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.
 
The OWASP API Security Project is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.
  
<!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE -->
+
<!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE --><!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE -->
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |
+
| valign="top" style="padding-left:25px;width:200px;" |
 
 
== What is this project? ==
 
 
 
The OWASP API Security Project seeks to deliver actionable documentation on creating and deploying verifiably secure web APIs, as well as illustrating the major risks and shortfalls that APIs may encounter. By helping developers create resilient software, and helping assessors understand the subtle risks an API may entail, the goal of this project is to bring security to an increasingly programmatic world.
 
 
 
The primary deliverables of this project are the '''OWASP Top Ten API Security Risks''' and a secure API development '''documentation portal.'''
 
 
 
== Presentation ==
 
 
 
The OWASP API Security Project will be presented at [https://telaviv.appsecglobal.org/ OWASP Global AppSec Tel Aviv, May 2019].
 
  
 
== Project Leaders ==
 
== Project Leaders ==
Line 52: Line 47:
 
* Inon Shkedy
 
* Inon Shkedy
  
== Related Projects ==
+
== Quick Links ==
 
 
* [[REST_Security_Cheat_Sheet]]
 
* [https://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API Enterprise Security API]
 
  
<!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE -->
+
[https://groups.google.com/a/owasp.org/d/forum/api-security-project Google Group]
| valign="top" style="padding-left:25px;width:200px;" |
 
  
== Quick Download ==
+
[https://github.com/OWASP/API-Security/tree/develop GitHub]
  
Once API Security documents are created, they will be available for direct download here.
+
== News ==
  
The initial version of this document, including an up-to-date table of contents, is available [https://www.owasp.org/images/f/f6/Owasp_api_security_toc.pdf here].
+
The API Security Project was Kicked-Off during [https://telaviv.appsecglobal.org/ OWASP Global AppSec Tel Aviv]
 
 
== News and Events ==
 
 
 
There has not yet been press coverage of this project.
 
  
 
==Classifications==
 
==Classifications==
Line 88: Line 75:
 
|}
 
|}
  
= Acknowledgements =
+
= Acknowledgments =
  
 
==Founders==
 
==Founders==
Line 117: Line 104:
 
<!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE -->
 
<!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE -->
 
__NOTOC__ <headertabs />  
 
__NOTOC__ <headertabs />  
 
  
 
[[Category:OWASP Project]]   
 
[[Category:OWASP Project]]   

Revision as of 13:48, 31 May 2019

OWASP Project Header.jpg

OWASP API Security Project

[24-Dec-2018]

The OWASP API Security Project is now under new leadership. A new roadmap and call for contribution will be published by the end of Feb 2019.


This project is designed to address the ever-increasing number of organizations that are deploying potentially sensitive APIs as part of their software offerings. These APIs are used for internal tasks and to interface with third parties. Unfortunately, many APIs do not undergo the rigorous security testing that would render them secure from attack.

The OWASP API Security Project seeks to provide value to software developers and security assessors by underscoring the potential risks in insecure APIs and illustrating how these risks may be mitigated. In order to facilitate this goal, the OWASP API Security Project will create and maintain a Top 10 API Security Risks document, as well as a documentation portal for best practices when creating or assessing APIs.

Description

While working as developers or information security consultants, many people have encountered APIs as part of a project. While there are some resources to help create and evaluate these projects (such as the OWASP REST Security Cheat Sheet), there has not be a comprehensive security project designed to assist builders, breakers, and defenders in the community.

This project aims to create:

  • The OWASP Top Ten API Security Risks document, which can easily underscore the most common risks in the area.
  • Create a documentation portal for developers to build APIs in a secure manner.
  • Work with the security community to maintain living documents that evolve with security trends.

What is this project?

The OWASP API Security Project seeks to deliver actionable documentation on creating and deploying verifiably secure web APIs, as well as illustrating the major risks and shortfalls that APIs may encounter. By helping developers create resilient software, and helping assessors understand the subtle risks an API may entail, the goal of this project is to bring security to an increasingly programmatic world.

The primary deliverables of this project are the OWASP Top Ten API Security Risks and a secure API development documentation portal.

Licensing

The OWASP API Security Project documents are free to use!

The OWASP API Security Project is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

Project Leaders

Quick Links

Google Group

GitHub

News

The API Security Project was Kicked-Off during OWASP Global AppSec Tel Aviv

Classifications

New projects.png Owasp-builders-small.png
Owasp-breakers-small.png
Owasp-defenders-small.png
Cc-button-y-sa-small.png
Project Type Files DOC.jpg
Retrieved from "https://wiki.owasp.org/index.php?title=OWASP_API_Security_Project&oldid=252020"