owasp-api-security-top-10
Safeguard articles tagged "owasp-api-security-top-10" — guides, analysis, and best practices for software supply chain and application security.
7 articles
OWASP API Security Top 10 risks explained
The OWASP API Security Top 10 ranks BOLA, broken auth, SSRF, and 7 more API risks behind breaches like Optus and T-Mobile — explained with real incidents.
OWASP API Security Top 10 Explained
The 2023 OWASP API Security Top 10 explained with real breaches — T-Mobile, Optus, Peloton — plus what changed since 2019 and how to prioritize fixes.
Unsafe Consumption of APIs
OWASP's API10:2023 exposes a blind spot: teams sanitize user input but blindly trust API responses from partners, vendors, and internal services.
What is an API Gateway and Its Security Role
An API gateway centralizes auth, routing, and rate limiting for every request — get it wrong and, as T-Mobile and Optus learned, millions of records leak.
What is Rate Limiting
Rate limiting caps requests per client to stop credential stuffing and scraping. Learn how it works, the algorithms, and real breaches it prevents.
Mass assignment vulnerabilities explained
Mass assignment lets attackers write privileged fields like "role":"admin" via ordinary API calls. Learn how it works, real CVEs, and fixes.
Unrestricted Access to Sensitive Business Flows
OWASP's API10:2023 category covers a threat scanners can't see: bots abusing legitimate business flows like checkout and ticketing at scale. Here's how it works.