OWASP API Security Top 10 - 1
Premium roomLearn the basic concepts for secure API development (Part 1).
medium
To access material, start machines and answer questions login.
Set up your virtual environment
Open Worldwide Application Security Project () is a non-profit and collaborative online community that aims to improve application security via a set of security principles, articles, documentation etc. Back in 2019, released a list of the top 10 vulnerabilities, which will be discussed in detail, along with its potential impact and a few effective mitigation measures.
We have split this room into two parts. In Part 1, you will study the top 5 principles, and in Part 2, you will learn the remaining principles.
- Best practices for authorisation & authentication
- Identification of authorisation level issues
- Handling excessive data exposure
- Lack of resources and rate-limiting issues
Learning Pre-requisites
An understanding of the following topics is recommended before starting the room:
Connecting to the Machine
We will be using Windows as a development/test machine along with Talend Tester - free edition throughout the room with the following credentials:
- Machine IP:
MACHINE_IP - Username:
Administrator - Password:
Owasp@123
You can start the lab machine by clicking Start Lab Machine. The machine will start in a split-screen view. In case the is not visible, use the blue Show Split View button at the top-right of the page. Alternatively, you can connect with the through Remote Desktop using the above credentials. Please wait 1-2 minutes after the system boots completely to let the auto scripts run successfully that will execute Talend Tester and Laravel-based web application automatically.
Let's begin!
Ready to learn Cyber Security?
The OWASP API Security Top 10 - 1 room is only available for premium users. Signup now to access more than 500 free rooms and learn cyber security through a fun, interactive learning environment.
Already have an account? Log in