Blog

Forum Systems Lauds Recognition of API Security in OWASP Top 10

By | Date posted: August 18, 2017

Longtime API Security Champion Praises OWASP Community for Listing “Underprotected APIs” in RC1; Sponsors Premier AppSec USA 2017 Conference

BOSTON, August 21, 2017 – Forum Systems Inc., a pioneer in API security technology, today celebrated the Open Web Application Security Project (OWASP) community for including ‘Underprotected APIs’ in the OWASP Top 10 – 2017 RC1 list of most critical web application security risks.

OWASP’s recognition of API security as A10 in its flagship project underscores APIs’ unquestioned ubiquity and business value. Moreover, its inclusion amplifies the criticality of ensuring that APIs are robustly protected from an explosively expanding landscape of security threats and vulnerabilities that target them.

“For more than 16 years, we have been espousing the importance of API security. But, high-profile hacks of the Nissan Leaf, Polish Financial Supervision Authority, and social networking app Wishbone exemplify how companies in the API economy continue to provide services on APIs that are all too susceptible to compromise and malicious access,” said Mamoon Yunus, CEO of Forum Systems. “We take tremendous pride in OWASP validating our mission, and commend the community for its exemplary work in highlighting APIs as a primary threat vector with significant and wide-ranging impacts for application and data security.”

Yunus continued: “However, this is only the first step in elevating API security into the mainstream consciousness of IT professionals. With their foundational role in fueling cloud, mobility and IoT, APIs – and their attack surface areas – will only continue to expand. Given those dynamics, we believe that ‘Underprotected APIs’ should and will be ratified in the OWASP Top 10 2017 Edition. We ask that our industry peers join us in playing an immediate, instrumental role in bringing that to fruition.”

Currently, OWASP is soliciting further input from the greater community to help finalize the Top 10. Forum Systems encourages development and security professionals to contribute to the discussion by participating in several key OWASP initiatives, including:

• Completing the following survey: OWASP Top 10 2017 Edition Survey for New Vulnerability Categories
• Adding items, comments, and data to GitHub: OWASP Top 10
• Submitting vulnerability data: OWASP Top 10 2017 Data

OWASP is a worldwide free and open community focused on improving the security of application software. Notably, the 2017 release of the OWASP Top 10 will mark the community’s fourteenth year of raising awareness of the importance of application security risks.

Next month, Forum Systems will sponsor the OWASP-hosted AppSec USA 2017 in Orlando, Florida. Taking place September 19-22, the annual event is the premier application security conference for developers and security experts, and represents one of the largest sources of funding to help advance all of the free, open source OWASP projects.


About Forum Systems
Forum Systems Inc. is the leader in API Security Management. Providing centralized security, identity, and integration for API communications, the Forum Sentry API Security Gateway enables enterprises to manage complex API strategies in an efficient, agile, highly secure manner. Processing more than 10 billion transactions per day worldwide, and architected on “security-first” design principles, Forum Sentry delivers unparalleled protection against modern API vulnerabilities. Forum Sentry is the industry’s only FIPS 140-2 and NIAP NDPP-certified API Security Gateway for enabling secure connectivity between users, applications and the cloud. For more information, please visit www.forumsys.com.

All product and company names herein may be trademarks of their respective owners.

Related content:

Leave a Comment