Noname Security Supports New OWASP API Security Top 10
August 30, 2023

Noname Security announced its API security platform now fully supports the 2023 OWASP API Security Top 10 risk categories.

With this new integration Noname Security reinforces its position as the leader in API Security by natively supporting both the 2019 and 2023 frameworks to help customers fight against the ever-evolving threats targeting APIs.

Noname’s API Security Platform detects OWASP API Top 10 related vulnerabilities across the widest possible set of sources including log files, replays of historical traffic, configuration files, and more. This allows customers to find and remediate critical issues like excessive data exposure, broken authentication, lack of resources, and rate limiting, among others.

“APIs have many stakeholders, and frameworks like the OWASP API Security Top 10 allow diverse groups across teams to come together and speak the same language,” said Oz Golan, CEO and Co-Founder of Noname Security. “The integration of the 2023 OWASP API Security Top 10 into our platform is a strategic step in helping organizations tackle API security concerns and incorporate API security as part of their broader application security conversations.”

Issued by the Open Worldwide Application Security Project (OWASP), the OWASP API Security Top 10 list serves as a vital resource for identifying the most critical security risks threatening API environments. These vulnerabilities, if left unchecked, can expose sensitive data, compromise user privacy, and wreak havoc on the integrity of software systems.

Originally published in 2019, the OWASP API Security Top 10 was officially updated in June of 2023 with a number of changes to reflect the shifting dynamics of the API security landscape. Besides some consolidated categories, the latest release also includes three new categories including:

- Unrestricted Access to Sensitive Business Flows (API6:2023) – This category is centered on bots and is an indication of the way security vendors influenced the list and their priorities.

- Server Side Request Forgery (API7:2023) – This is new to the API Security Top 10 list and is a common vulnerability in security, whereby a client can redirect the server to somewhere not under its own purview, leading to potential external vulnerabilities.

- Unsafe Consumption of APIs (API10: 2023) – This category is focused on third party APIs and the difference in inherit trust by developers when consuming them versus custom in-house APIs.

Share this

Industry News

December 19, 2024

Check Point® Software Technologies Ltd. has been recognized as a Leader in the 2024 Gartner® Magic Quadrant™ for Email Security Platforms (ESP).

December 19, 2024

Progress announced its partnership with the American Institute of CPAs (AICPA), the world’s largest member association representing the CPA profession.

December 18, 2024

Kurrent announced $12 million in funding, its rebrand from Event Store and the official launch of Kurrent Enterprise Edition, now commercially available.

December 18, 2024

Blitzy announced the launch of the Blitzy Platform, a category-defining agentic platform that accelerates software development for enterprises by autonomously batch building up to 80% of software applications.

December 17, 2024

Sonata Software launched IntellQA, a Harmoni.AI powered testing automation and acceleration platform designed to transform software delivery for global enterprises.

December 17, 2024

Sonar signed a definitive agreement to acquire Tidelift, a provider of software supply chain security solutions that help organizations manage the risk of open source software.

December 17, 2024

Kindo formally launched its channel partner program.

December 16, 2024

Red Hat announced the latest release of Red Hat Enterprise Linux AI (RHEL AI), Red Hat’s foundation model platform for more seamlessly developing, testing and running generative artificial intelligence (gen AI) models for enterprise applications.

December 16, 2024

Fastly announced the general availability of Fastly AI Accelerator.

December 12, 2024

Amazon Web Services (AWS) announced the launch and general availability of Amazon Q Developer plugins for Datadog and Wiz in the AWS Management Console.

December 12, 2024

vFunction released new capabilities that solve a major microservices headache for development teams – keeping documentation current as systems evolve – and make it simpler to manage and remediate tech debt.

December 11, 2024

CyberArk announced the launch of FuzzyAI, an open-source framework that helps organizations identify and address AI model vulnerabilities, like guardrail bypassing and harmful output generation, in cloud-hosted and in-house AI models.

December 11, 2024

Grid Dynamics announced the launch of its developer portal.

December 10, 2024

LTIMindtree announced a strategic partnership with GitHub.