Developer´s Guide to OWASP – Top 10 API Security vulnerabilities & MITRE ATT&ACK framework relation – Go Lang Edition by Farshid Mahdavipour , Kumar Chandramoulie , Joe Vadakkan

Authors: Farshid Mahdavipour , Kumar Chandramoulie , Joe Vadakkan

Introduction

The OWASP API Security Top 10 is a list of the most common and critical risks that organizations face when developing and exposing APIs (Application Programming Interfaces). APIs allow different systems and applications to communicate with each other, and are often used to expose data and functionality to external parties. However, exposing APIs can also introduce a variety of security risks if not properly secured. The OWASP API Security Top 10 aims to provide guidance on the most important security risks to consider when developing and exposing APIs.

1. Broken Object Level Authorization:
   This refers to the risk of improper authorization controls, where APIs may allow unauthorized access to sensitive data or functionality.
2. Broken User Authentication:
   This refers to the risk of weak or inadequate authentication controls, which can allow attackers to gain unauthorized access to APIs.
3. Excessive Data Exposure:
   This refers to the risk of exposing sensitive data through APIs, either intentionally or unintentionally.
4. Lack of Resources and Rate Limiting:
   This refers to the risk of APIs being overwhelmed or exhausted by excessive requests, which can lead to denial of service attacks.
5. Broken Function Level Authorization:
   This refers to the risk of improper authorization controls at the function level, where APIs may allow unauthorized access to sensitive functionality.
6. Mass Assignment:
   This refers to the risk of allowing untrusted parties to set values for sensitive fields, which can lead to unauthorized access or manipulation of data.
7. Security Misconfiguration:
   This refers to the risk of APIs being improperly configured, which can lead to vulnerabilities being exposed.
8. Injection:
   This refers to the risk of injecting malicious code into APIs, which can lead to unauthorized access or manipulation of data.
9. Improper Asset Management:This refers to the risk of failing to properly manage APIs and the data and functionality they expose, which can lead to vulnerabilities being introduced.
10. Insufficient Logging and Monitoring:
    This refers to the risk of failing to properly log and monitor API activity, which can make it difficult to detect and respond to security incidents.

Download & read the complete report below 👇👇👇