This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
OWASP API Security Project
OWASP API Security ProjectMore organizations than ever are creating and deploying web-based APIs. These APIs are used both for internal tasks, and to interface with third parties. Unfortunately, many APIs do not undergo the rigorous security testing that would render them secure from attack. The OWASP API Security Project seeks to provide value to software developers and security assessors by underscoring the potential risks in insecure APIs and illustrating how these risks may be mitigated. In order to facilitate this goal, the OWASP API Security Project will create and maintain a Top 10 API Security Risks document, as well as a documentation portal for best practices when creating or assessing APIs. DescriptionThis section must include a shorter description of what the project is, why the project was started, and what security issue is being helped by the project deliverable. This description will be used to promote the project so make sure the description represents your project in the best way possible. By helping developers create verifiably secure APIs, and helping security assessors understand the subtle risks an API may entail, the goal of this project is to bring security to an increasingly programmatic world. Although this is a sample template, the project is real! Please contribute to this project. Over the course of my career, I have come across and collected a number of security aphorisms. These aphorisms constitute the fundamental principles of information security. None of the ideas or truths are mine, and unfortunately, I did not collect the citations. Initially, I would like to identify the correct citations for each aphorism. Additionally, many are re-statements of the same idea; thus, the 'collection of ideas' defines a fundamental principle. As such, I would also like to reverse engineer the principles from the aphorisms where appropriate, as well. LicensingThe OWASP API Security Project documents are free to use! The OWASP API Security Project is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one. |
What is OWASP API Security Project?The OWASP API Security Project seeks to deliver actionable documentation on creating and deploying verifiably secure web APIs, as well as illustrating the major risks and shortfalls that APIs may encounter. By helping developers create resilient software, and helping assessors understand the subtle risks an API may entail, the goal of this project is to bring security to an increasingly programmatic world. PresentationThe OWASP API Security Project will be presented in 2016. Project LeaderRelated ProjectsQuick DownloadOnce API Security documents are created, they will be available for direct download here. News and EventsThere has not yet been press coverage of this project. In PrintThere are no current print materials for this project. Classifications
| ||||||||
