This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP API Security Project"
David Shaw (talk | contribs) m (→Project About) |
David Shaw (talk | contribs) (→Road Map and Getting Involved) |
||
| Line 99: | Line 99: | ||
= Road Map and Getting Involved = | = Road Map and Getting Involved = | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
The roadmap for this project is straightforward: we'll begin by conducting research and seeking feedback from developers and security auditors on the problems they most frequently encounter via web-based APIs. We'll create, from this research, the OWASP Top Ten API Risks, a sub-project of the API Security Project. Once this document is created (and maintained), we will also create guidelines in order to demonstrate each of the risks (as well as other, non-top-ten risks) and illustrate how to prevent them. | The roadmap for this project is straightforward: we'll begin by conducting research and seeking feedback from developers and security auditors on the problems they most frequently encounter via web-based APIs. We'll create, from this research, the OWASP Top Ten API Risks, a sub-project of the API Security Project. Once this document is created (and maintained), we will also create guidelines in order to demonstrate each of the risks (as well as other, non-top-ten risks) and illustrate how to prevent them. | ||
| − | + | '''Q4 2015 Priorities''' | |
| − | + | * Establish the project, including mailing list, wiki page, etc. | |
| − | + | * Conduct PR-related activities to involve the community at large. | |
| − | + | * Conduct research to understand widely-accepted risks in APIs | |
| − | + | * Compile Top Ten API Security Risks | |
| − | * | ||
| − | * | ||
| − | |||
| − | * | ||
| − | + | We'd love for you to get involved with this project if you feel you can contribute! Please contact the Project Leader to better understand how you can volunteer. | |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
=Project About= | =Project About= | ||
Revision as of 18:22, 20 October 2015
OWASP API Security ProjectThis project seeks to address the ever-increasing number of organizations that are deploying potentially sensitive APIs as part of their software offerings. These APIs are used for internal tasks and to interface with third parties. Unfortunately, many APIs do not undergo the rigorous security testing that would render them secure from attack. The OWASP API Security Project seeks to provide value to software developers and security assessors by underscoring the potential risks in insecure APIs and illustrating how these risks may be mitigated. In order to facilitate this goal, the OWASP API Security Project will create and maintain a Top 10 API Security Risks document, as well as a documentation portal for best practices when creating or assessing APIs. DescriptionWhile working as developers or information security consultants, many people have encountered APIs as part of a project. While there are some resources to help create and evaluate these projects (such as the OWASP REST Security Cheat Sheet), there has not be a comprehensive security project designed to assist builders, breakers, and defenders in the community. This project aims to create:
LicensingThe OWASP API Security Project documents are free to use! The OWASP API Security Project is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one. |
What is the OWASP API Security Project?The OWASP API Security Project seeks to deliver actionable documentation on creating and deploying verifiably secure web APIs, as well as illustrating the major risks and shortfalls that APIs may encounter. By helping developers create resilient software, and helping assessors understand the subtle risks an API may entail, the goal of this project is to bring security to an increasingly programmatic world. PresentationThe OWASP API Security Project will be presented in 2016. Project LeaderRelated ProjectsQuick DownloadOnce API Security documents are created, they will be available for direct download here. News and EventsThere has not yet been press coverage of this project. In PrintThere are no current print materials for this project. Classifications
| ||||||||
Please refer to the primary wiki page to learn about this project.
