From the course: Cloud Data, Platform, and Applications Security by Pearson
Join today to access over 25,200 courses taught by industry experts.
OWASP API security
From the course: Cloud Data, Platform, and Applications Security by Pearson
OWASP API security
Let's do a web safari and take a look at API security based on the OWASP top 10. They have a top 10 for web applications. They have a top 10 for IoT, and they have one for API to be familiar with on the exam. As we go to this site, we'll notice that they're going to tell us that, you know, web application security versus API security, that's an important differentiation. And then we have in the API security top 10, we have these 10 elements. Now, it's not important to do a deep dive on these. They're pretty self-explanatory with maybe the exception of one of these, but you can see broken authorization, broken authentication. You can see that there's excessive data exposure. That's obviously something, you know, the lack of resources and rate limiting. You know, the API is not protected against the excessive amount of calls or payload sizes. So attackers can leverage that poorly written API for a denial of service attack, for example. Broken function level authorization. Now, the one…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.