Practical API Security: The OWASP API Security Top Ten скачать в хорошем качестве

Practical API Security: The OWASP API Security Top Ten

API security always has been extremely important and keeps getting more important because of the growing importance of APIs. Nobody can conduct business today without APIs playing into every aspect of what they are doing, so understanding API security and addressing risks is essential. We hear more and more about API-related security issues, which is not surprising because APIs open up capabilities and therefore naturally expose things which then have to be secured. We're using the Parler data breach to highlight some of the things that can go wrong when you're using APIs, but you're not following good security practices. In this video, Isabelle Mauny (Field CTO and co-founder of 42Crunch) walks us through one of the most important collections of common security risks, which are the "OWASP API Security Top Ten", compiled and managed by the Open Web Application Security Project (OWASP). Here is a complete list of the top ten: API1:2019 Broken Object Level Authorization API2:2019 Broken User Authentication API3:2019 Excessive Data Exposure API4:2019 Lack of Resources & Rate Limiting API5:2019 Broken Function Level Authorization API6:2019 Mass Assignment API7:2019 Security Misconfiguration API8:2019 Injection API9:2019 Improper Assets Management API10:2019 Insufficient Logging & Monitoring Instead of discussing all top ten issues (which Isabelle has done in separate video linked below), we look at three "buckets" that can be identified: Authentication and Authorization (API1, API2, API4, API5) Data Protection (API3, API6, API8) Governance and Operations (API7, API9, API10) Isabelle also shares her experience in how to mitigate the risks of exhibiting one of the OWASP top ten. It is about changing the API and security mindset helps by approaching security as an important design and implementation issue from the very beginning. Slides of Isabelle's Presentation from the OWASP 20th Anniversary conference - https://www.slideshare.net/isamauny/a... APIsecurity.io: The Latest API Security News, Vulnerabilities & Best Practices: https://apisecurity.io/ OWASP API Top Ten Cheat Sheets: https://apisecurity.io/encyclopedia/c... 00:00 Start 00:50 Introduction Isabelle Mauny 01:45 Reasons of API security problems 03:36 Problems that lead to API security issues 04:14 Introducing OWASP 05:32 Introducing OWASP API Security Top Ten 06:52 Introducing the security issue buckets 08:33 The Parler example 18:48 How APIs have changed the security picture 20:24 How to improve API security 22:30 Security is a team job 23:00 Design has security implications 24:44 Don't treat security as an afterthought 26:58 The API mindset needs to include API security awareness 28:00 Security is about education 30:00 Disconnect between security and development teams 30:30 API first can help by reviewing API contracts early on 32:20 Closing