Announcing the Release of the OWASP API Security Top 10 - 2019 Edition
274 views
Skip to first unread message
Erez Yalon
Dec 31, 2019, 11:06:53 AM12/31/19
to API Security Project
Hello everyone,
We just announced the release of the OWASP API Security Top 10 - 2019 Edition.
It took almost a year, and many of you actively participated and helped. With too-many-to-count hours of work and great contribution of Inon Shkedy and Paulo Silva, it finally happened on the last day of 2019.
We still have a lot of work ahead of us, as during 2020 we will work on a comprehensive cheatsheet and an intentionally vulnerable API app.
In addition, 2020 will see the next version of the OWASP API Security top 10. Hopefully with greater support of the industry and the community.
The help we need from you right now is in spreading the news. The first step of security is awareness, and we want to make sure we reach everyone.
Please share the following posts:
LinkedIn - https://www.linkedin.com/posts/erezyalon_owasp-appsec-apisecurity-activity-6617799658003660800-ZOJy/
(Or make your own)
Soon we will start discussing the next steps, where your contributions will be very important.
Thank you all, and have a great new year!
Dmitry Sotnikov
Jan 2, 2020, 2:17:52 PM1/2/20
to Erez Yalon, API Security Project
Hey, Erez,
Happy new year and congrats on the release!
Do you know when the project page https://www.owasp.org/index.php/OWASP_API_Security_Project is going to be changed to indicate the updated status?
Anything else on the project site that still needs to be updated?
(Asking because I want to promote the release in the apisecurity.io newsletter and don't want the audience to get confused)
Dmitry
--
You received this message because you are subscribed to the Google Groups "API Security Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to api-security-pro...@owasp.org.
To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/api-security-project/122fa445-9a3e-4054-baec-e7e5544bcd56%40owasp.org.
Dmitry Sotnikov
VP, Cloud Platform
42 Crunch
Cell: +1.949.303.9653, Skype: DSotnikov, Twitter, LinkedIn
Paulo Silva
Jan 2, 2020, 2:29:45 PM1/2/20
to Dmitry Sotnikov, Erez Yalon, API Security Project
Hi Dmitry,
By now no references to the RC version should be found.
Please check it and let me know if you find some.
Cheers,
To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/api-security-project/CACwxU8t0sh5qZJZCXekyLMDbzMzPHqr55c3XAehRAvrwqidRfg%40mail.gmail.com.
--
Paulo Silva
OWASP API Security Project - Project Main Maintainer
OWASP Go Secure Coding Practices Guide - Project Co-Leader
OWASP API Security Project - Project Main Maintainer
OWASP Go Secure Coding Practices Guide - Project Co-Leader
Dmitry Sotnikov
Jan 2, 2020, 2:35:58 PM1/2/20
to Paulo Silva, Erez Yalon, API Security Project
That was quick! :) Thanks for the prompt fix, Paulo!
Dmitry
Paulo Silva
Jan 2, 2020, 2:40:56 PM1/2/20
to Dmitry Sotnikov, Erez Yalon, API Security Project
On Thu, Jan 2, 2020 at 7:35 PM Dmitry Sotnikov <dmitry....@42crunch.com> wrote:
That was quick! :) Thanks for the prompt fix, Paulo!
It was updated on Dec 27th, 2019, but there were two "release candidate" references
missing: thanks for pointing that out.
Cheers,
Caleb Queern
Jan 3, 2020, 9:23:38 AM1/3/20
to Paulo Silva, Dmitry Sotnikov, Erez Yalon, API Security Project
Hello Team,
Thanks for your hard work.
A similar editing nit for the API Security Project page... This reference to a "sneak peek" is probably not necessary any longer, correct?
Here is a sneak peek of the 2019 version
Caleb
To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/api-security-project/CAN%3DxGgPkUA4P2Ar7pzT%2BKPbgg_NUxSvgAWU8iyjqwDDgzVwPXQ%40mail.gmail.com.
Paulo Silva
Jan 3, 2020, 9:37:18 AM1/3/20
to Caleb Queern, Dmitry Sotnikov, Erez Yalon, API Security Project
Hi Caleb,
In fact it is just a "sneak peek" of OWAS API Security Top 10: the document provides much more information than the table available in the project page.
We strongly advise everyone to go through the full document to get as much as possible out of it.
Cheers,
Caleb Queern
Jan 3, 2020, 10:20:42 AM1/3/20
to Paulo Silva, Dmitry Sotnikov, Erez Yalon, API Security Project
Got it. Makes sense. Thanks again for the hard work.
Caleb
Nathan Aw
Jan 6, 2020, 8:48:01 PM1/6/20
to Caleb Queern, Paulo Silva, Dmitry Sotnikov, Erez Yalon, API Security Project
Congrats team. Have shared this great news with my network.
Great and amazing work.
Hope to participate in this ground breaking research project soon in 2020 as more threats abound.
Nathan Aw
To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/api-security-project/CAEnXMMoXPWmLTO0pMLjNrGpB2tgYDDkF3vXNZzinWt9rqmE1bg%40mail.gmail.com.
MJ Papr
May 27, 2020, 3:44:13 PM5/27/20
to API Security Project
Hello -
These are great!
Do you have any recommendations for training videos/resources?
#1 especially seems worth it's own tutorial, but I'm not finding a lot of content that is reasonably concise.
Any advice on a good 10-60 minute intro for dev/test roles?
Thanks for any assistance!
David Biesack
Dec 8, 2020, 10:10:33 AM12/8/20
to API Security Project, melissaj...@gmail.com
I'm also looking for training on secure system design/coding that addresses OWASP API Top Ten (and other vulnerabilities), including training for API designers, training for API implementation development/engineering, API DevOps, and also training for security testers/hunters.
Thanks
Reply all
Reply to author
Forward
0 new messages