From the course: The OWASP API 2023 Top 10: An Overview
Join today to access over 24,700 courses taught by industry experts.
API8:2023 Security Misconfigurations
From the course: The OWASP API 2023 Top 10: An Overview
API8:2023 Security Misconfigurations
- [Instructor] The eighth entry on the OWASP API top 10 is security misconfiguration. According to OWASP, APIs and the system supporting them typically contain complex configurations, meant to make APIs more customizable. Software and DevOps engineers can miss these configurations or don't follow best security practices when it comes to configuration, opening the door for different types of attacks. Security misconfiguration happens when security controls permissions, authentication mechanisms, and other important settings are not set up correctly. It can be a simple oversight or a lack of attention to detail. Think of APIs and applications just like cars. Just like a vehicle has several parts that work together to function and require routine maintenance, APIs have several lines of source code dependencies, security headers, and more that require regular updates and testing. If left unchecked for too long, APIs and…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
(Locked)
API1:2023 Broken Object-Level Authorization3m 39s
-
(Locked)
API2:2023 Broken Authentication2m 54s
-
(Locked)
API3:2023 Broken Object-Property-Level Authorization3m 46s
-
(Locked)
API4:2023 Unrestricted Resource Consumption3m 9s
-
(Locked)
API5:2023 Broken Function-Level Authorization3m 8s
-
(Locked)
API6:2023 Unrestricted Access to Sensitive Business Flows2m 54s
-
(Locked)
API7:2023 Server-Side Request Forgery2m 11s
-
(Locked)
API8:2023 Security Misconfigurations3m 40s
-
(Locked)
API9:2023 Improper Inventory Management3m 5s
-
(Locked)
API10:2023 Unsafe Consumption of APIs3m 33s
-
(Locked)
-