[OWASP Top 10]: API Security Basics ~Series 2~ Risks and Countermeasures | by Takahiro Oda | Medium

Member-only story
[OWASP Top 10]: API Security Basics ~Series 2~ Risks and Countermeasures
Overview
Takahiro Oda
5 min read·
Jan 28, 2022
--
We will cover the OWASP top 10 API security basics
1:Broken Object Level Authorization (Insecure direct object reference)what is it?For example,
Let’s pretend that when I type this URL, I can see my credentials. But if I type
https://takahiro-oda.medium.com/messages/12344and credentials of another person show up?
This is Broken Object Level Authentication.
Why happens?Lack of authorization (No code to validate )
Human error ( API mixing sensitive and non-sensitive data)
Automated AttackBurp Suite
For example
https://takahiro-oda.medium.com/messages/<ID>CountermeasuresUse unpredictable IDs ( random, hard to guess, not sequential)
Validate user input
Confirm authorized access
Use automated testing to check
--
--
Written by Takahiro Oda440 Followers
·1 Following
Cloud security engineer https://www.linkedin.com/in/takahiro-oda-881423197/
No responses yet
Help
Status
About
Careers
Press
Blog
Privacy
Rules
Terms
Text to speech