ASVS V18 API

V18: API and Web Service Verification Requirements

Control Objective

Ensure that a verified application that uses RESTful or SOAP based web services has:


 * Adequate authentication, session management and authorization of all web services
 * Input validation of all parameters that transit from a lower to higher trust level
 * Basic interoperability of SOAP web services layer to promote API use

Security Verification Requirements

References

For more information, see also:


 * [OWASP Testing Guide 4.0: Configuration and Deployment Management Testing](https://www.owasp.org/index.php/Testing_for_configuration_management)
 * [OWASP Cross-Site Request Forgery cheat sheet](https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet)
 * [JSON Web Tokens (and Signing)](https://jwt.io/)