DEVOPSdigest

Noname Security announced its API security platform now fully supports the 2023 OWASP API Security Top 10 risk categories.

With this new integration Noname Security reinforces its position as the leader in API Security by natively supporting both the 2019 and 2023 frameworks to help customers fight against the ever-evolving threats targeting APIs.

Noname’s API Security Platform detects OWASP API Top 10 related vulnerabilities across the widest possible set of sources including log files, replays of historical traffic, configuration files, and more. This allows customers to find and remediate critical issues like excessive data exposure, broken authentication, lack of resources, and rate limiting, among others.

“APIs have many stakeholders, and frameworks like the OWASP API Security Top 10 allow diverse groups across teams to come together and speak the same language,” said Oz Golan, CEO and Co-Founder of Noname Security. “The integration of the 2023 OWASP API Security Top 10 into our platform is a strategic step in helping organizations tackle API security concerns and incorporate API security as part of their broader application security conversations.”

Issued by the Open Worldwide Application Security Project (OWASP), the OWASP API Security Top 10 list serves as a vital resource for identifying the most critical security risks threatening API environments. These vulnerabilities, if left unchecked, can expose sensitive data, compromise user privacy, and wreak havoc on the integrity of software systems.

Originally published in 2019, the OWASP API Security Top 10 was officially updated in June of 2023 with a number of changes to reflect the shifting dynamics of the API security landscape. Besides some consolidated categories, the latest release also includes three new categories including:

- Unrestricted Access to Sensitive Business Flows (API6:2023) – This category is centered on bots and is an indication of the way security vendors influenced the list and their priorities.

- Server Side Request Forgery (API7:2023) – This is new to the API Security Top 10 list and is a common vulnerability in security, whereby a client can redirect the server to somewhere not under its own purview, leading to potential external vulnerabilities.

- Unsafe Consumption of APIs (API10: 2023) – This category is focused on third party APIs and the difference in inherit trust by developers when consuming them versus custom in-house APIs.