Sunday, 20 September 2020

API Security Testing Checklist

 API should be checked for the following from a Security perspective:

1. Denial of Service Attack https://owasp.org/www-community/attacks/Denial_of_Service

2. OWASP A6- Security Misconfiguration https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html 

2. IP Access Control https://owasp-top-10-proactive-controls-2018.readthedocs.io/en/latest/c7-enforce-access-controls.html

3. MITRE CWE 250 Unnecessary Privileges - Basic Authentication

4. Ensure no direct access to database.

5. Access token authentication - e.g. OAuth* 2 with JWT for user authentication and authorization. 

5. API Key Generation & Validation - API providers should expose secure methods to provide authorization code or access tokens on demand.

The cost of legacy technical debt and the need for modernization

 Legacy systems, once the backbone of enterprise IT, are now a major obstacle to innovation, agility, and resilience. Despite the rise of cl...