API Security Encyclopedia

Web APIs have emerged as one of the leading vectors of security attacks. Now, the entry point to the network architecture is the plethora of APIs that call to the backend server to provide the functions of the application. This puts the quality and security of your APIs in the spotlight.

The starting point for the API security is the API definition itself. If the API definition has gaping security holes, applying security measures on top of that just creates a ticking time bomb. The first step is to make sure your API conforms to security best practices.

API Security Encylopedia collects together information on the risks, guidelines, and recommendations relating to API security. The encyclopedia has the following main sections:

  • OWASP API Security Top 10: The OWASP project dedicated to API security lists the most important risks or attack vectors in API security.
  • Audit issues from API Contract Security Audit: This section provides descriptions and remediations for all the issues that API Contract Security Audit might find in your API definitions. Both OpenAPI Specification (OAS) v2 and v3 are supported. You can find the articles applicable to each version in their dedicated sections.

This is a living document, and we keep improving on it. If you have any feedback for us, do let us know.