OWASP Top 10
2023 OWASP Top-10 Series: Wrap Up
Over the past several months, we've taken a journey through the new 2023 OWASP API Security Top-10 list. In the previous 12 weekly posts, we've delved into each category, discussed what it ...
2023 OWASP Top-10 Series: Spotlight on Injection
Welcome to the 12th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. In this series we are taking an ...
2023 OWASP Top-10 Series: API10:2023 Unsafe Consumption of APIs
Welcome to the 11th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. This post will focus on API10:2023 Unsafe ...
2023 OWASP Top-10 Series: API9:2023 Improper Inventory Management
Welcome to the 10th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. This post will focus on API9:2023 Improper ...
2023 OWASP Top-10 Series: API8:2023 Security Misconfiguration
Welcome to the 9th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. This post will focus on API8:2023 Security ...
2023 OWASP Top-10 Series: API7:2023 Server Side Request Forgery
Welcome to the 8th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. This post will focus on API7:2023 Server ...
Noname Security Aligns With OWASP on API Security Risks
Noname Security added support for reducing the top ten API security risks for 2023 as defined by OWASP ...
2023 OWASP Top-10 Series: API6:2023 Unrestricted Access to Sensitive Business Flows
Welcome to the 7th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. This post will focus on API6:2023 Unrestricted ...
2023 OWASP Top-10 Series: API5:2023 Broken Function Level Authorization
Welcome to the 6th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. This post will focus on API5:2023 Broken ...
API Abuse – Lessons from the Duolingo Data Scraping Attack
It’s been reported that 2.6 million user records sourced from the Duolingo app are for sale. The attacker apparently obtained them from an open API provided by the company. There’s a more ...