|Join hundreds of other Developers and InfoSec professionals for Training, Sessions and Community at our first conference of 2019|
[AppSec Tel Aviv, May 26-30th]
OWASP API Security Project
OWASP API Security Project
The OWASP API Security Project is now under new leadership. A new roadmap and call for contribution will be published by the end of Feb 2019.
The OWASP API Security Project seeks to provide value to software developers and security assessors by underscoring the potential risks in insecure APIs and illustrating how these risks may be mitigated. In order to facilitate this goal, the OWASP API Security Project will create and maintain a Top 10 API Security Risks document, as well as a documentation portal for best practices when creating or assessing APIs.
While working as developers or information security consultants, many people have encountered APIs as part of a project. While there are some resources to help create and evaluate these projects (such as the OWASP REST Security Cheat Sheet), there has not be a comprehensive security project designed to assist builders, breakers, and defenders in the community.
This project aims to create:
The OWASP API Security Project documents are free to use!
The OWASP API Security Project is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.
What is this project?
The OWASP API Security Project seeks to deliver actionable documentation on creating and deploying verifiably secure web APIs, as well as illustrating the major risks and shortfalls that APIs may encounter. By helping developers create resilient software, and helping assessors understand the subtle risks an API may entail, the goal of this project is to bring security to an increasingly programmatic world.
The primary deliverables of this project are the OWASP Top Ten API Security Risks and a secure API development documentation portal.
The OWASP API Security Project will be presented at OWASP Global AppSec Tel Aviv, May 2019.
Once API Security documents are created, they will be available for direct download here.
The initial version of this document, including an up-to-date table of contents, is available here.
News and Events
There has not yet been press coverage of this project.
How can I participate in your project?
This project welcomes contributors of all sorts. The easiest way to get involved is to contact the Project Leader, and indicate that you're willing to help.
What type of contributors are you seeking?
We're currently looking for software developers who have experience building out resilient APIs, and security assessors who have assessed APIs. This project is currently in the "research" stage, meaning that the more you can contribute to building out the project, the better!
Can I still participate if I'm not a developer/assessor?
Sure -- we just need to figure out the correct role. If you're strong with technical writing, that would be great; if there are other skill sets you think you can bring to the table, please let us know.
The OWASP API Security Project is small, but will be maintained by volunteers. If you'd like to volunteer, please contact the Project Leader.