-
Book Overview & Buying
-
Table Of Contents
-
Feedback & Rating

Defending APIs
By :

Let us now start our exploration of the Open Worldwide Application Security Project API Security Top 10 vulnerabilities. Although the standard Open Worldwide Application Security Project listing provides the vulnerabilities in decreasing order of severity, I have chosen to group them by vulnerability type and root cause to aid understanding. Shall we begin?
There is only one object-level vulnerability, which is the now infamous broken object-level authorization, which is number one in the Open Worldwide Application Security Project API Security Top 10.
The easiest real-world analogy to understand broken object-level authorization (BOLA) is that of a coat check-in at an entertainment venue. Upon arrival, you drop your coat off with the clerk and are given a ticket with a number, let’s say #10, for example. Now...