Securing APIs in Continuous Delivery

by Ben Zilberman

The newly published OWASP Top 10 2017 Release Candidate introduces a new application security risk –protection of APIs.

It’s not a secret that managing information security is becoming more complex. It is also no secret that there are more threats and more solutions to stay on top of. While it makes me wonder if we are reaching the limit of the capabilities of the human mind when it gets to efficient information analysis for proper decision-making, I am quite certain we can agree that as far as information security professionals go, we are definitely getting to that point, subject to day-to-day constraints.

In the ever-evolving search for the more precise, more efficient operation, we break up the information units (whether these are consuming, storing or processing units) to perform more specific activities.

This way, many services today run thanks to a set of functions that are consumed individually and use APIs to synchronize. This way, business operations are delivered more efficiently, and are being put together much faster as the flexibility and scalability of API utilization make the architecture simpler. 
 However, as many APIs are mission critical and involve major functionalities and business processes, APIs introduce a wide range of risks and vulnerabilities. The combination of growing adoption and security risks was the major driver for the inclusion of under-protected APIs to the 2017 OWASP top 10 list.

Read more: