OWASP Underprotected APIs

September 10th, 2022

Underprotected APIs

pattern: bulkheading to limit the size of hacks

pattern: communicate with most secure possbile

  • public-facing API: TLS

    • pattern: configure to reject protocol downgrades

    • pattern: keep root Certificate Authority (CA) files up to date

  • business-to-business: bi-directional certificates

pattern: verify with generative testing library that your parser (JSON / XML / ...) is hardened against malicious input

pattern: fuzz-testing APIs & check failure responses rejects safely




This post was referenced in: