Char49
  • Home
  • Company
    • About us
    • Team
  • Services
    • Auditing
      • Penetration Testing (Web Apps, Infrastructure, Mobile)
      • Red Team Assessment
      • Research (Apps, IoT)
    • Consulting
      • Data Loss Prevention
    • Training
      • Web Application Secure Coding
      • Mobile Application Secure Coding
      • APIs Secure Coding
      • Awareness Workshops
      • Social Engineering
  • Articles
  • Talks
  • Careers
  • Contacts

Articles

Checkout our recent articles.
  • Home
16 Nov

API9:2019 Improper Assets Management

Introducing breaking changes to a live API with hundreds, thousands, or even millions of active users is (usually) not an option. Releasing a new API version gives a chance to existing users to work on their integrations to migrate to the latest version, without interrupting the service. Nevertheles...

By Char49 OWASP OWASP API Security Top 10, OWASP API, OWASP, API, API Security
02 Nov

API8:2019 Injection

Given their role, APIs interact with several other (software) components such as filesystem, databases, LDAP, or other internal and external APIs. Not all these components are capable of validating and sanitizing the input they receive. When APIs neglect this responsibility, properly validate and sa...

By Char49 OWASP OWASP API Security Top 10, OWASP API, OWASP, API, API Security, Injection
19 Oct

API7:2019 Security Misconfiguration

Security Misconfiguration is a broad category in which everything that could have been done to improve the API overall security but that wasn't, fall. Usually, security misconfigurations are a consequence of insecure defaults such as a database without authentication or a permissive Cross- Origin Re...

By Char49 OWASP OWASP API Security Top 10, OWASP API, OWASP, API, API Security, Security Misconfiguration, CORS, MongoDB, IBM, DevSecOps
06 Oct

API6:2019 Mass Assignment

Fast pace development environments or unclear business or functional requirements make developers choose generic implementations: binding client-provided data (e.g. JSON objects) to data models (e.g. those provided by popular ORM/ODM libraries) is, unfortunately, a common pattern that leaves the doo...

By Char49 OWASP OWASP API Security Top 10, OWASP API, OWASP, API, API Security, Mass Assignment, JSON, ORM, ODM, REST API
21 Sep

API5:2019 Broken Function Level Authorization

If you have been following our OWASP API Security Top 10 series, you know that we have already covered a specific type of authorization issue: Broken Object Level Authorization. Broken Function Level Authorization issues are not that different. Instead of getting access to a user's object, bad...

By Char49 OWASP OWASP API Security Top 10, OWASP API, OWASP, API, API Security, Broken Function Level Authorization, authorization flaws
07 Sep

API4:2019 Lack of Resources and Rate Limiting

API clients' requests cost, at least bandwidth, computation cycles, memory, and storage, not only from the API back-end server but, in most cases several other systems, such as database servers. API requests compete for these resources to be fulfilled as quickly as possible but, improper resources m...

By Char49 OWASP OWASP API Security Top 10, OWASP API, OWASP, API, API Security, API4
  • Previous
  • 1
  • 2 (current)
  • 3
  • 4
  • 5
  • 6
  • 7
  • Next
Contact Details

LEAP Center – Espaço Amoreiras

Rua D. João V, nº 24, 1.03

1250-091 Lisboa - Portugal

Phone: +351 919 770 012 *
* Call to National Mobile Network

Email: sec@char49.com

@char_49

LinkedIn

Pages
  • Company
  • Team
  • Articles
  • Contacts
Links
  • Privacy Policy
  • Consumer Disputes
  • Complaints Book
Latest Tweet
Tweets by Char49

© Copyright 2023. All Rights Reserved.