Safeguard
Tag

owasp-api-top-10

Safeguard articles tagged "owasp-api-top-10" — guides, analysis, and best practices for software supply chain and application security.

18 articles

Application Security

A practical REST API hardening checklist

OWASP's 2023 API Security Top 10 still ranks broken object-level authorization as the #1 risk — here's a concrete checklist for authn, rate limiting, and input validation.

Jul 8, 20266 min read
Application Security

API security and the rise of shadow/zombie APIs

Shadow and zombie APIs caused breaches at Optus, T-Mobile, and Peloton. Here's why code-scanning tools miss them and what API security best practices actually work.

Jun 26, 20267 min read
Application Security

How to secure a REST API

REST API breaches from T-Mobile to Optus trace to a handful of recurring mistakes. Here's how to fix authorization, auth, injection, and rate limiting.

Jun 1, 20266 min read
Application Security

Building a secure GraphQL API with Node.js

A practical guide to securing Node.js GraphQL APIs: query complexity limits, field-level authorization, injection-safe resolvers, and CSRF hardening.

Apr 27, 20267 min read
Application Security

What is API Security

API security explained: what it is, why APIs are the top breach vector, the OWASP API Top 10, real breaches, and how to test and monitor endpoints.

Mar 11, 20267 min read
Application Security

API Security Testing Checklist & Best Practices

A concrete API security testing checklist covering OWASP API Top 10 risks, BOLA, SSRF, testing cadence, SAST/DAST, and how Safeguard closes the gaps.

Mar 11, 20267 min read
Application Security

How to Secure REST APIs

REST APIs keep failing the same way: BOLA, weak auth, shadow endpoints. Real breaches (T-Mobile, Optus, Peloton) and concrete fixes for each.

Mar 10, 20267 min read
Application Security

What is GraphQL Security

GraphQL's flexibility creates unique risks—excessive data exposure, DoS via nested queries, and broken field-level authorization. Here's how to defend it.

Mar 10, 20267 min read
Application Security

API Security Misconfiguration

API misconfigurations exposed 37M T-Mobile and 9.8M Optus accounts without a single exploit. Here's why it keeps happening and how to stop it.

Mar 10, 20266 min read
Application Security

What is Broken Object Level Authorization (BOLA)

BOLA lets attackers swap an object ID in an API request to pull someone else's data. Here's how it works, real breaches, and how to stop it.

Mar 9, 20267 min read
Application Security

What is API Authentication

API authentication verifies who's calling your API before authorization decides what they can do — here's how it works, common methods, and where it fails.

Mar 8, 20267 min read
Industry Analysis

Broken Object Level Authorization (BOLA/IDOR) in APIs

BOLA/IDOR has topped the OWASP API Security Top 10 since 2019. Here's how USPS, Peloton, and Parler got breached by it—and how to catch it before you do.

Nov 7, 20258 min read
owasp-api-top-10 — Safeguard Blog