{"id":8579,"date":"2020-05-26T20:28:57","date_gmt":"2020-05-26T19:28:57","guid":{"rendered":"https:\/\/staging-site.42crunch.com\/?p=8579"},"modified":"2023-07-27T14:41:14","modified_gmt":"2023-07-27T13:41:14","slug":"webinar-questions-top-api-security-issues-during-pocs","status":"publish","type":"post","link":"https:\/\/staging2022.42crunch.com\/webinar-questions-top-api-security-issues-during-pocs\/","title":{"rendered":"Questions Answered: Top API Security Issues Found During POCs"},"content":{"rendered":"
There are two things you can do today: one is annotating operations or an API so that no authentication checks are required. If the security section is present though, that will take precedence. You can also influence operations sensitivity to increase\/decrease the points assigned to a problem.\u00a0<\/span><\/p>\n We are working on allowing users to specify a list of checks which must not be taken in account for scoring. They will still be reported but will not affect the score. The goal is that this is decided by the security team at the organization level.<\/span><\/p>\n The API Firewall directly interprets the OAS file contents.<\/span><\/p>\n Please open a ticket <\/span>here<\/span><\/a>, attaching the file if you can and we will fix that ASAP. <\/span><\/p>\n <\/p>\n My recommendation would be to start with being familiar with OWASP Top 10 project for API Security<\/a> <\/span>and diving into the OWASP cheat sheets attached to those issues.\u00a0<\/span><\/p>\n The threats mentioned in that OWASP list are independent from the implementation and therefore you will need to adapt the implementation recommendations to AWS Lambda.\u00a0<\/span><\/p>\n<\/div>\n Try our security audit<\/a> for free. If you want to see the whole platform in action, request a demo now<\/a>!<\/p>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":" You had questions, and we’ve got answers! Thank you for all the questions submitted on our “Top API Security Issues Found During POCs” webinar. Below is the replay and all the answers to the questions that were asked. If you’d like more information please feel free to contact us. Is there a way to add […]<\/p>\n","protected":false},"author":13,"featured_media":11309,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_seopress_robots_primary_cat":"none","_seopress_titles_title":"Top API Security Issues Found During POCs, Webinar Q&A","_seopress_titles_desc":"Questions and answers from our webinar: "Top API Security Issues Found During POCs" ","_seopress_robots_index":"","site-sidebar-layout":"default","site-content-layout":"default","ast-site-content-layout":"","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"disabled","ast-hfb-above-header-display":"disabled","ast-hfb-below-header-display":"disabled","ast-hfb-mobile-header-display":"disabled","site-post-title":"disabled","ast-breadcrumbs-content":"disabled","ast-featured-img":"disabled","footer-sml-layout":"disabled","theme-transparent-header-meta":"default","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[6],"tags":[14,25,15],"class_list":["post-8579","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog","tag-api-security","tag-api-testing","tag-api-vulnerabilities"],"_links":{"self":[{"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/posts\/8579"}],"collection":[{"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/users\/13"}],"replies":[{"embeddable":true,"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/comments?post=8579"}],"version-history":[{"count":0,"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/posts\/8579\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/media\/11309"}],"wp:attachment":[{"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/media?parent=8579"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/categories?post=8579"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/tags?post=8579"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}What are the parameters in OpenAPI for the API firewall? How do you configure that?<\/strong><\/h5>\n<\/div>\n
I’m using the VS extension, but it fails every time since a path is not defined. Is there a way to still run tests even though there is no path defined?<\/strong><\/h5>\n<\/div>\n
How do you do security testing on API-driven applications via lambda functions for beginners in API security?<\/strong><\/h5>\n