Tag
owasp-api-security
Safeguard articles tagged "owasp-api-security" — guides, analysis, and best practices for software supply chain and application security.
3 articles
Application Security
Designing a secure Node.js API gateway: auth, rate limits, validation, and signing
CVE-2020-15084 let attackers forge JWTs against express-jwt because one algorithm check was missing — a case study in why gateways need four defense layers, not one.
Jul 15, 20266 min read
AppSec
Missing Rate Limiting: The OWASP API Security Risk Explained
A no rate limiting vulnerability sits quietly in most APIs until it enables brute force, credential stuffing, or resource exhaustion; here is how to spot it and fix it before it does.
Jan 22, 20265 min read
Industry Analysis
Broken Function Level Authorization (BFLA) in APIs
BFLA lets a regular user call admin-only API functions. Here's how the USPS, Peloton, and Coinbase incidents happened — and how to catch it before attackers do.
Nov 7, 20257 min read