[OWASP Top 10]: API Security Basics ~Series 1~ Security principles

Takahiro Oda
3 min readMar 11, 2022

We will cover the important security principles for API security standards.

Security principles

1: Simplicity

We should reimagine how cloud security can improve security and provide value by making it easier to use.
Managing numerous security products can result in more costs, greater complexity, and a greater requirement for specialized labor — all of which are unsustainable for most businesses.
In today’s global corporate world, the crucial role of securing apps and APIs in the face of increasing threats ranging from web app business logic attacks to API abuse to DDoS necessitates holistic and extendable security that you can really utilize.

Photo by Dominik Schröder on Unsplash

2: Zero Trust

Even for authenticated and authenticated API connections, threat protection methods should be used. Threat protection should be enabled for authenticated clients, approved API endpoints, and unauthenticated and unauthorized entities equally.

Therefore, it is called “Zero” trust.

Photo by Alex Shute on Unsplash

3: Defense in depth

To protect critical data and information, a variety of protective systems are built.
If one mechanism fails, another immediately steps in to prevent an attack.

This multi-layered method with intended redundancy improves overall system security and handles a variety of attack vectors.

Photo by Stefan Steinbauer on Unsplash

4: Least privileges

According to CISA, Least Privilege is

Only the minimum of rights should be granted to users who asks…

--

--