Developers should take a look at the API Security Top 10, because attacking an interface is highly interesting for hackers. In order to better secure sensitive endpoints, the OWASP Top 10 creates a list of the most common vulnerabilities in programmed interfaces. A lack of protection can lead to the outflow of sensitive data on a large scale.
OWASP create another list for the security of APIs.
In the IT security industry, the OWASP Top 10 are a number. Everybody knows them, courses build on them and they are usually discussed during the studies. Seldom is there agreement in the scene. Now the Open Web Application Security project goes one step further and creates extra security or attack surfaces for interfaces. 10 security holes that can have an impact on API security.
Admittedly, capable developers who know the vulnerabilities and intercept them during programming are the best means of choice. But a pentest brings certainty. With the API Security Top 10, a common framework is now created. The importance of this list is fueled by Gartner. It is assumed that by 2021, 90% of the attack surface of web applications will run over the programmed interfaces. The project has agreed on the following Top 10:
DNS Anbieter | Adresse |
---|---|
JusProg DNS ab 0 Jahre | 109.235.61.162 194.97.50.3 2A00:19E0:3002:24BE::21 2001:748:308::3 |
JusProg DNS ab 6 Jahre | 109.235.61.171 194.97.50.4 2A00:19E0:3002:24BE::23 2001:748:308::4 |
JusProg DNS ab 12 Jahre | 109.235.61.200 194.97.50.5 2A00:19E0:3002:24BE::25 2001:748:308::5 |
JusProg DNS ab 16 Jahre | 109.235.61.210 194.97.50.6 2A00:19E0:3002:24BE::27 2001:748:308::6 |
Cloudflare DNS Malware Filter | 1.1.1.2 1.0.0.2 2606:4700:4700::1112 2606:4700:4700::1002 |
Cloudflare DNS Malware & Erwachseneninhalt Filter | 1.1.1.3 1.0.0.3 2606:4700:4700::1113 2606:4700:4700::1003 |
Quad9 | 9.9.9.9 2620:fe::fe |
OpenDNS | 208.67.222.123 208.67.220.123 2620:119:35::35 2620:119:53::53 |
CleanBrowsing Familien Filter | 185.228.168.168 185.228.169.168 2a0d:2a00:1:: 2a0d:2a00:2:: |
CleanBrowsing Erwachseneninhalt Filter | 185.228.168.10 185.228.169.11 2a0d:2a00:1::1 2a0d:2a00:2::1 |
CleanBrowsing Security Filter | 185.228.168.9 185.228.169.9 2a0d:2a00:1::2 2a0d:2a00:2::2 |
Yandex Safe | 77.88.8.88 77.88.8.2 |
Yandex Family | 77.88.8.7 77.88.8.3 |
Norton ConnectSafe Richtlinie 1 | 199.85.126.10 199.85.127.10 |
Norton ConnectSafe Richtlinie 2 | 199.85.126.20 199.85.127.20 |
Norton ConnectSafe Richtlinie 3 | 199.85.126.30 199.85.127.30 |
A case of Excessive Data Exposure was noted in the case of the Mobile World Congress 2020 website.
To prevent the exchange format from becoming a data slingshot: A pentest on the API!
Although many problems can be intercepted by modern gateways, this should always be the last hurdle, but never the protection mechanism itself. As before, inputs should be validated and developed according to the security by design principle. Then already a large attack surface can be reduced. Even if some vulnerabilities overlap with the classic OWASP Top 10, these security holes in the area of APIs must also be detected and closed. This can be done in the form of a penetration test. Then the API security in general can be increased.