filmov
tv
Practical API Security: The OWASP API Security Top Ten
Показать описание
API security always has been extremely important and keeps getting more important because of the growing importance of APIs. Nobody can conduct business today without APIs playing into every aspect of what they are doing, so understanding API security and addressing risks is essential.
We hear more and more about API-related security issues, which is not surprising because APIs open up capabilities and therefore naturally expose things which then have to be secured. We're using the Parler data breach to highlight some of the things that can go wrong when you're using APIs, but you're not following good security practices.
In this video, Isabelle Mauny (Field CTO and co-founder of 42Crunch) walks us through one of the most important collections of common security risks, which are the "OWASP API Security Top Ten", compiled and managed by the Open Web Application Security Project (OWASP). Here is a complete list of the top ten:
- API1:2019 Broken Object Level Authorization
- API2:2019 Broken User Authentication
- API3:2019 Excessive Data Exposure
- API4:2019 Lack of Resources & Rate Limiting
- API5:2019 Broken Function Level Authorization
- API6:2019 Mass Assignment
- API7:2019 Security Misconfiguration
- API8:2019 Injection
- API9:2019 Improper Assets Management
- API10:2019 Insufficient Logging & Monitoring
Instead of discussing all top ten issues (which Isabelle has done in separate video linked below), we look at three "buckets" that can be identified:
- Authentication and Authorization (API1, API2, API4, API5)
- Data Protection (API3, API6, API8)
- Governance and Operations (API7, API9, API10)
Isabelle also shares her experience in how to mitigate the risks of exhibiting one of the OWASP top ten. It is about changing the API and security mindset helps by approaching security as an important design and implementation issue from the very beginning.
00:00 Start
00:50 Introduction Isabelle Mauny
01:45 Reasons of API security problems
03:36 Problems that lead to API security issues
04:14 Introducing OWASP
05:32 Introducing OWASP API Security Top Ten
06:52 Introducing the security issue buckets
08:33 The Parler example
18:48 How APIs have changed the security picture
20:24 How to improve API security
22:30 Security is a team job
23:00 Design has security implications
24:44 Don't treat security as an afterthought
26:58 The API mindset needs to include API security awareness
28:00 Security is about education
30:00 Disconnect between security and development teams
30:30 API first can help by reviewing API contracts early on
32:20 Closing
We hear more and more about API-related security issues, which is not surprising because APIs open up capabilities and therefore naturally expose things which then have to be secured. We're using the Parler data breach to highlight some of the things that can go wrong when you're using APIs, but you're not following good security practices.
In this video, Isabelle Mauny (Field CTO and co-founder of 42Crunch) walks us through one of the most important collections of common security risks, which are the "OWASP API Security Top Ten", compiled and managed by the Open Web Application Security Project (OWASP). Here is a complete list of the top ten:
- API1:2019 Broken Object Level Authorization
- API2:2019 Broken User Authentication
- API3:2019 Excessive Data Exposure
- API4:2019 Lack of Resources & Rate Limiting
- API5:2019 Broken Function Level Authorization
- API6:2019 Mass Assignment
- API7:2019 Security Misconfiguration
- API8:2019 Injection
- API9:2019 Improper Assets Management
- API10:2019 Insufficient Logging & Monitoring
Instead of discussing all top ten issues (which Isabelle has done in separate video linked below), we look at three "buckets" that can be identified:
- Authentication and Authorization (API1, API2, API4, API5)
- Data Protection (API3, API6, API8)
- Governance and Operations (API7, API9, API10)
Isabelle also shares her experience in how to mitigate the risks of exhibiting one of the OWASP top ten. It is about changing the API and security mindset helps by approaching security as an important design and implementation issue from the very beginning.
00:00 Start
00:50 Introduction Isabelle Mauny
01:45 Reasons of API security problems
03:36 Problems that lead to API security issues
04:14 Introducing OWASP
05:32 Introducing OWASP API Security Top Ten
06:52 Introducing the security issue buckets
08:33 The Parler example
18:48 How APIs have changed the security picture
20:24 How to improve API security
22:30 Security is a team job
23:00 Design has security implications
24:44 Don't treat security as an afterthought
26:58 The API mindset needs to include API security awareness
28:00 Security is about education
30:00 Disconnect between security and development teams
30:30 API first can help by reviewing API contracts early on
32:20 Closing
0:33:17
Practical API Security: The OWASP API Security Top Ten
0:08:06
API Security Testing With Postman & OWASP Zap - A quick walkthrough
0:08:06
Broken Object Level Authorization (BOLA) Explained
0:27:33
Webinar: Practical intro to the OWASP API top 10
0:49:59
Practical Application of the API Security Top 10 with Rajni Hatti! - OWASP DevSlop
0:11:22
OWASP Top 10 API Security
1:00:23
Analyzing The OWASP API Security Top 10 For Pen Testers
0:00:22
OWASP API Security Top 10
0:31:24
OWASP Standard Classification: API Security Top 10 - A Beginner's Guide to Mitigation - I. Maun...
0:32:48
The OWASP API Security Top 10 | Dmitry Sotnikov
0:22:34
Topics of Interest: vAPI: Vulnerable Adversely Programmed Interface (OWASP API Top 10) - T. Kulkarni
0:56:53
OWASP API Security Top 10 Webinar
0:10:29
OWASP Top 10 API Security Threats (Part 1)
0:01:53
Broken Object Level Authorization - 2023 OWASP Top 10 API Security Risks
0:17:40
OWASP TOP 10 API Vulnerabilities Explained | Part One | TryHackMe
0:04:20
What you need to know about the new 2023 OWASP API Security Top 10
1:33:25
Exploring OWASP Top 10: Securing Your APIs With Postman
0:08:02
Next Level API Hacking with Kiterunner
1:24:06
Workshop - The OWASP API Security Top 10❗️ Demystified
0:04:32
Top 10 OWASP API Security Cheat Sheet
0:20:53
Pynt- API Security Testing in existing Postman collection | Free tool | OWASP Top 10 Security Risk
0:53:58
OWASP API Security Top 10 Challenges - Episode 2
1:28:49
Web App Vulnerabilities - DevSecOps Course for Beginners
0:37:20
OWASP API Security Top 10 - 2
Комментарии