This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP API Security Project"
(Changed the layout of the Main section) (Tag: Visual edit) |
(Added a Join page) (Tag: Visual edit) |
||
Line 91: | Line 91: | ||
* David Sopas | * David Sopas | ||
* Chris Westphal | * Chris Westphal | ||
+ | |||
+ | = Join = | ||
+ | |||
+ | == Google Group == | ||
+ | Join the discussion on the [https://groups.google.com/a/owasp.org/d/forum/api-security-project OWASP API Security Project Google group]. | ||
+ | |||
+ | This is the best place to introduce yourself, ask questions, suggest and discuss any topic that is relevant to the project. | ||
+ | |||
+ | == GitHub == | ||
+ | The project is maintained in the [https://github.com/OWASP/API-Security OWASP API Security Project repo]. | ||
+ | |||
+ | '''The latest changes are under the [https://github.com/OWASP/API-Security/tree/develop develop branch].''' | ||
+ | |||
+ | Feel free to open or solve an [https://github.com/OWASP/API-Security/issues issue]. | ||
+ | |||
+ | Ready to contribute directly into the repo? Great! Just make you you read the [https://github.com/OWASP/API-Security/blob/master/CONTRIBUTING.md How to Contribute guide]. | ||
= Road Map = | = Road Map = |
Revision as of 14:09, 31 May 2019
OWASP API Security Project[24-Dec-2018]The OWASP API Security Project is now under new leadership. A new roadmap and call for contribution will be published by the end of Feb 2019.
The OWASP API Security Project seeks to provide value to software developers and security assessors by underscoring the potential risks in insecure APIs and illustrating how these risks may be mitigated. In order to facilitate this goal, the OWASP API Security Project will create and maintain a Top 10 API Security Risks document, as well as a documentation portal for best practices when creating or assessing APIs. DescriptionWhile working as developers or information security consultants, many people have encountered APIs as part of a project. While there are some resources to help create and evaluate these projects (such as the OWASP REST Security Cheat Sheet), there has not be a comprehensive security project designed to assist builders, breakers, and defenders in the community. This project aims to create:
What is this project?The OWASP API Security Project seeks to deliver actionable documentation on creating and deploying verifiably secure web APIs, as well as illustrating the major risks and shortfalls that APIs may encounter. By helping developers create resilient software, and helping assessors understand the subtle risks an API may entail, the goal of this project is to bring security to an increasingly programmatic world. The primary deliverables of this project are the OWASP Top Ten API Security Risks and a secure API development documentation portal. LicensingThe OWASP API Security Project documents are free to use! The OWASP API Security Project is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one. |
Project Leaders
Quick LinksNewsThe API Security Project was Kicked-Off during OWASP Global AppSec Tel Aviv Classifications |
Google Group
Join the discussion on the OWASP API Security Project Google group.
This is the best place to introduce yourself, ask questions, suggest and discuss any topic that is relevant to the project.
GitHub
The project is maintained in the OWASP API Security Project repo.
The latest changes are under the develop branch.
Feel free to open or solve an issue.
Ready to contribute directly into the repo? Great! Just make you you read the How to Contribute guide.