Positive API Security Model, and Why You Need It!
December 10, 2019
Many of the issues on the OWASP API Security Top 10 are triggered by the lack of input or output validation.
To protect APIs from such issues, an API-native, positive security approach is required: we create an allowlist of the characteristics of allowed requests. These characteristics are used to validate input and output data for things like data type, min or max length, permitted characters, or valid values ranges. But how do we fill the gap between security and development mentioned above?
What you’ll learn:
- Why WAFs fail in protecting APIs
- How an allowlist protects against A3, A6 and A8 of the OWASP API Security Top 10 – (with real-life examples)
- How to build a proper allowlist for API security
Field CTO and Co-founder