If your organization is developing software, chances are that your developers are building application program interfaces (APIs) to allow interoperability between your code and code written by customers and business partners. APIs can be a powerful way to link systems together – and we all know what that means… they can also be used by the bad guys to attack systems. APIs are easy to forget about – they are the plumbing behind the walls. They don’t have flashy (or really any) user interfaces. But they need some security love too!
The Open Web Application Security Project (OWASP) has a great resource to help those designing, developing and testing APIs think about security – The OWASP API Security Top 10 List.
Like its better known list for web application security vulnerabilities, this list lays out the top ways that APIs can be mis-designed and misused and should be required reading for all of those involved with the care and feeding of APIs.