Welcome to the OWASP API SECURITY PROJECT Google Group

API Security Project

unread,

May 31, 2019, 11:13:59 AM5/31/19

to API Security Project

Hello everyone and welcome to the group!

Yesterday, 30 May 2019, we kicked-off the API Security Project during OWASP AppSec Global Tel Aviv. The presentation can be found here.

We are glad to announce that:

This group is officially open and accepting new members. Please share and invite people you believe the group is relevant for.
The Wiki page of the project is being created on the OWASP website: https://www.owasp.org/index.php/OWASP_API_Security_Project. If you have any suggestions, feel free to let us know.
The GitHub repo is public and waiting for your contributions. Please make sure to read the How to Contribute guide before you do.

Thank you very much and good luck!

Best Regards,

Erez Yalon & Inon Shkedy

Laura Porter

unread,

Jun 4, 2019, 8:14:29 AM6/4/19

to API Security Project, api-securi...@owasp.org

Hey,

Nice slides! Was this recorded? I'd love to watch the presentation.

Thanks,

Laura

Erez Yalon

unread,

Jun 11, 2019, 2:05:24 AM6/11/19

to API Security Project

Hey Laura,

Thanks for the compliment :)

Unfortunately, OWASP did not record the Project Showcase Track, but we will be happy to answer any question you may have.

Best,

Erez

Pen tester

unread,

Jul 19, 2019, 2:28:48 AM7/19/19

to API Security Project, api-securi...@owasp.org

Hey,

Can I include in my project reports stated that we will follow OWASP TOP 10 API Risks along with Rest Security Cheat Sheet or do i need to wait for the official release?

Thanks,

erez....@owasp.org

unread,

Jul 21, 2019, 11:51:04 AM7/21/19

to Pen tester, API Security Project, api-securi...@owasp.org

I am not sure exactly what you are asking, can you please elaborate?

Erez Yalon

OWASP API Security Project Leader

OWASP Go-SCP Project Leader

(Coming Soon) OWASP Software Composition Security Project Leader

Email: erez....@owasp.org

Mobile: +972505977720

Image result for owasp banner

--
You received this message because you are subscribed to the Google Groups "API Security Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to api-security-pro...@owasp.org.
To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/api-security-project/4d84aa1e-2da4-489a-902e-1a98eecb7f2b%40owasp.org.

image003.jpg

Pen tester

unread,

Jul 22, 2019, 2:21:47 AM7/22/19

to erez....@owasp.org, API Security Project

Hi,

Let's say if I am working on Web application penetration testing I will tell the clients that we will follow OWASP Top 10(https://www.owasp.org/images/7/72/OWASP_Top_10-2017_%28en%29.pdf.pdf) and WASC 40 as Standards and I will send these standards on completion of the project I will mention it in reports.

In the same way, If I am working on Web Services Penetration Testing(Rest API's) can I mention it in reports that we will follow OWASP Top 10 Security API Risks.

Thanks,

erez....@owasp.org

unread,

Jul 22, 2019, 12:21:03 PM7/22/19

to Pen tester, API Security Project

OK, now I understand.

You can use it already, but you must refer to it as a temporary version, or a suggested version.

A release candidate will be published on September in Global AppSec DC, and after that it will probably get much more stable.

Best,

Erez Yalon

OWASP API Security Project Leader

OWASP Go-SCP Project Leader

(Coming Soon) OWASP Software Composition Security Project Leader

Email: erez....@owasp.org

Mobile: +972505977720

Image result for owasp banner

image005.jpg

image006.jpg

Pen tester

unread,

Jul 23, 2019, 5:32:19 AM7/23/19

to erez....@owasp.org, API Security Project

Great, Thanks

Reply all

Reply to author

Forward