We have been reviewing the OWASP Top Ten in some detail, which is the premier index of the most critical vulnerabilities in web applications.
But, in 2019, the OWASP Foundation found that their traditional web application security vulnerability was simply not advanced enough to bring visibility to the fastest growing threat categories: API vulnerabilities.
So, in response, the foundation published its first-ever API Top Ten. It’s quite staggering. Between 2017 and 2021, the vulnerability posture of APIs grew to overtake the traditional web application, to the extent that even the web application vulnerabilities often overlap with API vulnerabilities.
In fact, if APIs were fully secured, it’s likely that web application breaches would fall by at least 66%.
So, as an extension of our security vulnerabilities overview, we will extend and expand to review many of the OWASP API Top Ten.
Since the majority of all internet traffic is over APIs, it makes sense that we would want to prioritize improving and hardening APIs above even many traditional web application vulnerabilities. APIs are more often exploited, and their preference as an attack vector continues to grow for bad actors.
Stay tuned for a more detailed review of these risks and how to manage them without paralyzing your customer-facing initiatives.