How can we automately detect security risk base on OWSAP API Security Top 10?

[尹普]

Are there best practices?

[Jason Kent]

There are quite a few options here.  

Hand reading specs and looking at your endpoints and doing a line by line read of your spec conformance, is one option.  

There are automated ways to detect if anything isn't conforming to your security controls via products you can purchase.  

Pentesting is another manual option.

It really depends on your budget, staffing and level of knowledge.

Jason

On Wed, Dec 1, 2021 at 1:48 AM 尹普 <yi...@bytedance.com> wrote:

Are there best practices?

--
You received this message because you are subscribed to the Google Groups "API Security Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to api-security-pro...@owasp.org.
To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/api-security-project/f7749d95-40a7-4396-a587-740c545e3435n%40owasp.org.

--

Jason

Red Swingline Consulting

Because our customer's success is guaranteed to be in their hands.