The OWASP Business Logic Abuse Top 10, released this year, formalizes this growing class of attacks. And with 82% of businesses now describing themselves as API-first, the logic layer has become a lucrative new target.
Security Misconfiguration (API8) once again topped the list with 605 cases, up 33% quarter over quarter.
Broken Authorization (API5, API1) accounted for roughly 28% of all API vulnerabilities.
Broken Authentication (API2) climbed sharply, driven by weak credential enforcement in REST and SOAP APIs.
It indexes history, and documents for most commonly used services (like Google docs, Messenger or Notion) - but it's all done locally, personal data is never sent to the backend.
Important note. Care about vulnerabilities. Not about attacks. Buy Burp license. Run appsec training for all of your developers; it's easy while you're small.
Disclaimer: I am a co-founder of Wallarm mentioned in preso.
The OWASP Business Logic Abuse Top 10, released this year, formalizes this growing class of attacks. And with 82% of businesses now describing themselves as API-first, the logic layer has become a lucrative new target.
Security Misconfiguration (API8) once again topped the list with 605 cases, up 33% quarter over quarter.
Broken Authorization (API5, API1) accounted for roughly 28% of all API vulnerabilities.
Broken Authentication (API2) climbed sharply, driven by weak credential enforcement in REST and SOAP APIs.