This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP API Security Project"
(Added link to Kick-Off presentation) |
(Added a "What is API Security?" section) (Tag: Visual edit) |
||
| Line 7: | Line 7: | ||
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" | | | valign="top" style="border-right: 1px dotted gray;padding-right:25px;" | | ||
| − | ==What is API Security== | + | ==What is API Security?== |
| − | + | A foundational element of innovation in today’s app-driven world is the API. From banks, retail and transportation to IoT, autonomous vehicles and smart cities, APIs are a critical part of modern mobile, SaaS and web applications and can be found in customer facing, partner facing and internal applications. By nature, APIs expose application logic and sensitive data such as Personally Identifiable Information (PII) and because of this have increasingly become a target for attackers. Without secure APIs, rapid innovation would be impossible. | |
| − | + | API Security focuses on strategies and solutions to understand and mitigate the unique vulnerabilities and security risks of Application Programming Interfaces (APIs). | |
| − | |||
==Licensing== | ==Licensing== | ||
Revision as of 12:20, 17 June 2019
What is API Security?A foundational element of innovation in today’s app-driven world is the API. From banks, retail and transportation to IoT, autonomous vehicles and smart cities, APIs are a critical part of modern mobile, SaaS and web applications and can be found in customer facing, partner facing and internal applications. By nature, APIs expose application logic and sensitive data such as Personally Identifiable Information (PII) and because of this have increasingly become a target for attackers. Without secure APIs, rapid innovation would be impossible. API Security focuses on strategies and solutions to understand and mitigate the unique vulnerabilities and security risks of Application Programming Interfaces (APIs). LicensingThe OWASP API Security Project documents are free to use! The OWASP API Security Project is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one. |
Project Leaders
Quick LinksNewsThe API Security Project was Kicked-Off during OWASP Global AppSec Tel Aviv File:OWASP APIs Security Project Kick Off.pdf Classifications
| ||||||||
Founders
- Erez Yalon
- Inon Shkedy
Sponsors
Main Maintainer
- Paulo Silva
Contributors
- David Sopas
- Chris Westphal
Google Group
Join the discussion on the OWASP API Security Project Google group.
This is the best place to introduce yourself, ask questions, suggest and discuss any topic that is relevant to the project.
GitHub
The project is maintained in the OWASP API Security Project repo.
The latest changes are under the develop branch.
Feel free to open or solve an issue.
Ready to contribute directly into the repo? Great! Just make you you read the How to Contribute guide.
Planned Projects
- API Security Top 10
- API Security Cheat Sheet
- crAPI (Completely Ridiculous API - an intentionally vulnerable API project)
Road Map
