Category | OWASP | CWE |
---|---|---|
Broken Access Control | A5:2017, API1:2019, API5:2019 | CWE-22, CWE-285, CWE-639 |
Broken Anti-Automation | OWASP-AT-004), API4:2019, OWASP-AT-010 | CWE-362 |
Broken Authentication | A2:2017, API2:2019 | CWE-287, CWE-352 |
Cross Site Scripting (XSS) | A7:2017 | CWE-79 |
Cryptographic Issues | A3:2017 | CWE-326, CWE-327, CWE-328, CWE-950 |
Improper Input Validation | ASVS V5, API6:2019 | CWE-20 |
Injection | A1:2017, API8:2019 | CWE-74 |
Insecure Deserialization | A8:2017 | CWE-502 |
Miscellaneous | - | - |
Security Misconfiguration | A6:2017, A10:2017, API7:2019, API9:2019, API10:2019 | CWE-209 |
Security through Obscurity | - | CWE-656 |
Sensitive Data Exposure | A3:2017, API3:2019, OTG-CONFIG-004 | CWE-200, CWE-530, CWE-548 |
Unvalidated Redirects | A10:2013 | CWE-601 |
Vulnerable Components | A9:2017 | CWE-829 |
XML External Entities (XXE) | A4:2017 | CWE-611 |
Thanks Björn, this is great, and will help spread the word.
We are currently thinking about crAPI, and if it deserves its standalone project, or should we just piggyback another existing project.
Each approach has its good reasons. We will decide soon and open a “call for volunteers” for those who would like to join us.
Best,
Erez Yalon
OWASP API Security Project Co-Leader
OWASP Go-SCP Project Co-Leader
(Coming Soon) OWASP Software Composition Security Project Leader
Email: erez....@owasp.org
Mobile: +972505977720
--
You received this message because you are subscribed to the Google Groups "API Security Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to api-security-pro...@owasp.org.
To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/api-security-project/b4a9260b-4cc5-42f8-80bf-7c3a8cba5627%40owasp.org.
To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/api-security-project/000001d5d44d%24dffbf760%249ff3e620%24%40owasp.org.
Hi Nathan,
Thank you, and others who expressed their willingness to contribute to the project.
As soon as we gather our thoughts around crAPI, probably in about a month (after RSAC 2020), we will publish here a “call for contributors”.
Stay tuned…
Best,
Erez Yalon
OWASP API Security Project Co-Leader
OWASP Go-SCP Project Co-Leader
(Coming Soon) OWASP Software Composition Security Project Leader
Email: erez....@owasp.org
Mobile: +972505977720
Hi Erez,I would like to contribute to the OWASP API TOP 10 vulnerabilities mapping and crAPI project development.Feel free to ping me anytime to discuss further.Thanks,Regards,Arun.S [OSCP,eWPT,ECSA,CEH]Senior Security Consultant,Null / OWASP Bangalore Volunteer.Email: arun.sa...@owasp.org
Mobile: +91-9600664505
To unsubscribe from this group and stop receiving emails from it, send an email to api-security-project+unsub...@owasp.org.
To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/api-security-project/b4a9260b-4cc5-42f8-80bf-7c3a8cba5627%40owasp.org.--
You received this message because you are subscribed to the Google Groups "API Security Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to api-security-project+unsub...@owasp.org.