OWASP API Security Project

=Main=

Project Goal
The OWASP API Security Project is intended to help software developers create and deploy resilient APIs, and to help security assessors understand the subtle risks to which many APIs are vulnerable. The first goal of this project will be to create the OWASP Top Ten API Risks, which will act similarly to other OWASP "Top Ten" documents.

How To Help
Our mailing list will be set up shortly. Please standby for further information, or contact David Shaw directly.

Roadmap

 * 1) Research - The first stage of this project is to reach out to software developers and security auditors in order to gather information that will be used to create the OWASP Top Ten API Risks document.
 * 2) Creation of Top Ten Risks - The second stage of this project is to create the Top Ten deliverable, in order to both provide value to the security community, and to gather more publicity about the project.
 * 3) Creation of API Security Guides - The third stage of this project is to create in-depth technical documentation, both based on the Top Ten lists and other risks associated with APIs, that will be able to help developers avoid common pitfalls, and help security assessors evaluate APIs in a meaningful way.