Blog >
Nesta publicação e nas adições subsequentes à série, vamos aprofundar cada um dos 10 Principais Riscos de Segurança de API do Open Web Application Security Project (OWASP) em detalhe.
The unsafe consumption of APIs can lead to security breaches, exposing sensitive data, user credentials, or proprietary information, as attackers may exploit vulnerabilities in API usage to gain unauthorized access, execute arbitrary code, or perform unauthorized actions within the system.
Improper Inventory Management is the ninth security threat listed in the OWASP API Security Top 10. By exploiting this vulnerability, attackers can gain unauthorized access to sensitive data, or even gain full server access through old, unpatched or vulnerable versions of APIs.
There are certainly cases where security misconfiguration can be the result of something basic like a missing patch, but some misconfigurations are far stealthier and can be obscured by complex architectures.
A Server Side Request Forgery (SSRF) API attack occurs when an attacker manipulates an API endpoint to make the targeted server perform unintended requests on behalf of the attacker.
This threat has replaced Mass Assignment as number 6 on the OWASP API Security Top 10 list. It occurs when an API exposes a business flow without compensating for how the functionality could cause harm if used excessively through automation.
Assine a Newsletter da Salt para receber os recursos e posts de blog mais recentes.