API 07:2019 — Security misconfiguration

Poor configuration of the API servers allows attackers to exploit them.

All kinds of configuration errors can leave gaping holes in the protection of your API server.

Use case

Unpatched systems
Unprotected files and directories
Unhardened images
Missing, outdated, or misconfigured TLS
Exposed storage or server management panels
Missing CORS policy or security headers
Error messages with stack traces
Unnecessary features enabled

How to prevent

Establish repeatable hardening and patching processes.
Automate locating configuration flaws.
Disable unnecessary features.
Restrict administrative access.
Define and enforce all outputs, including errors.

Full OWASP API Security Top 10 2023 list

Full OWASP API Security Top 10 2019 list

Apisecurity.io is powered by:

Legal Info

Get in touch with us

Have any news to share? Ideas? Questions?

Contact Us

Copyright 2018-2024 42Crunch Ltd, All Rights Reserved.