Security News > 2023 > August > Is the new OWASP API Top 10 helpful to defenders?

The OWASP API Security Project leaders had their work cut out when deciding how to group and prioritize the threats.

It no longer makes sense to monitor for API attacks and bot attacks separately: bot mitigation has to become part of API security.

Clearly a great deal of thought has gone into adjusting the OWASP API Top Ten to more accurately address the TTPs that attackers are now using.

Many breaches start out with an API that the victim organization was unaware they had. This API is then found to return some kind of data about a user that isn't the attacker.

Whether it is knowing where APIs are, testing them for flaws or stopping bots attacking unknown flows, API security needs to become more comprehensive, tracking and protecting the API throughout its entire lifecycle.

Creating a runtime inventory, conducting API threat surface assessments, carrying out specification anomaly detection and putting in place real-time automated bot detection and mitigation are all now essential to protect the API footprint of the business.

News URL

https://www.helpnetsecurity.com/2023/08/30/owasp-api-top-10/