Dear Readers:
Forum Systems and the security community need your help in raising API Security awareness. Forum Systems has been at the forefront of API Security for over 16 years. Our relentless efforts in educating IT professionals on how best to expose their IT assets securely via APIs has paid off: OWASP has recognized API Security as a Top 10 vulnerability as a part of its 2017 Release Candidate 1 (RC1).
OWASP has finally dipped its toes into the API Security waters. The API waters run deep and can sink every enterprise IT component with security vulnerabilities that impact network devices, load balancers, application servers, ESBs, databases and even legacy mainframe systems. No component is immune since almost all components expose their functionality via APIs.
It is for this reason we are asking your help in reinforcing the need for API Security.
The OWASP 2017 RC1 includes A10 – Unprotected APIs. We believe that A10 should be ratified in the OWASP Top 10 2017 to ensure that API vulnerabilities are actively addressed by the security community.
You can help ratify A-10 in OWASP 2017 by:
- Filling the following survey (< 2 mins): OWASP Top 10 2017 Edition Survey for New Vulnerability Categories
- Adding items, comments and data to github: OWASP Top 10
- Providing Vulnerability Data (5 mins): OWASP Top 10 2017 Data
For example, see the excellent and very polite discussion on the emphasizing XXE.
Thank you for your efforts, we look forward to continuing our work with security thought leaders and the API community in making enterprise and cloud APIs secure.
-Forum Systems