Safeguard
Tag

owasp-api-security-top-10

Safeguard articles tagged "owasp-api-security-top-10" — guides, analysis, and best practices for software supply chain and application security.

7 articles

Application Security

OWASP API Security Top 10 risks explained

The OWASP API Security Top 10 ranks BOLA, broken auth, SSRF, and 7 more API risks behind breaches like Optus and T-Mobile — explained with real incidents.

Jun 4, 20268 min read
Application Security

OWASP API Security Top 10 Explained

The 2023 OWASP API Security Top 10 explained with real breaches — T-Mobile, Optus, Peloton — plus what changed since 2019 and how to prioritize fixes.

Mar 10, 20267 min read
Application Security

Unsafe Consumption of APIs

OWASP's API10:2023 exposes a blind spot: teams sanitize user input but blindly trust API responses from partners, vendors, and internal services.

Mar 9, 20267 min read
Application Security

What is an API Gateway and Its Security Role

An API gateway centralizes auth, routing, and rate limiting for every request — get it wrong and, as T-Mobile and Optus learned, millions of records leak.

Mar 9, 20268 min read
Application Security

What is Rate Limiting

Rate limiting caps requests per client to stop credential stuffing and scraping. Learn how it works, the algorithms, and real breaches it prevents.

Mar 9, 20266 min read
Vulnerability Analysis

Mass assignment vulnerabilities explained

Mass assignment lets attackers write privileged fields like "role":"admin" via ordinary API calls. Learn how it works, real CVEs, and fixes.

Dec 5, 20257 min read
Industry Analysis

Unrestricted Access to Sensitive Business Flows

OWASP's API10:2023 category covers a threat scanners can't see: bots abusing legitimate business flows like checkout and ticketing at scale. Here's how it works.

Nov 6, 20257 min read
owasp-api-security-top-10 — Safeguard Blog