127 indexed
COMPLIANCECompliance controls
127 controls across 14 compliance frameworks, grouped by framework. For cross-framework Jaccard overlap see /explore/crosswalk. Authored by Adam Lundqvist.
10 in OWASP API TOP10 · 127 total
| ID | Title | Summary |
|---|---|---|
| OWASP_API_TOP10-API01 | Broken Object Level Authorization (BOLA) OWASP API TOP10pentest:high | APIs tend to expose endpoints that handle object identifiers, creating a wide attack surface for Object Level Access Control issues. Object-level authorisation… |
| OWASP_API_TOP10-API02 | Broken Authentication OWASP API TOP10pentest:high | Authentication mechanisms are often implemented incorrectly, allowing attackers to compromise authentication tokens or to exploit implementation flaws to assum… |
| OWASP_API_TOP10-API03 | Broken Object Property Level Authorization (BOPLA) OWASP API TOP10pentest:high | Lack of or improper authorisation validation at the object property level. Leads to information exposure or manipulation by unauthorised parties (excessive dat… |
| OWASP_API_TOP10-API04 | Unrestricted Resource Consumption OWASP API TOP10pentest:high | Satisfying API requests requires resources such as network bandwidth, CPU, memory, and storage. Other resources, such as emails/SMS/phone calls or biometrics v… |
| OWASP_API_TOP10-API05 | Broken Function Level Authorization (BFLA) OWASP API TOP10pentest:high | Complex access control policies with different hierarchies, groups, and roles, and an unclear separation between administrative and regular functions, tend to … |
| OWASP_API_TOP10-API06 | Unrestricted Access to Sensitive Business Flows OWASP API TOP10pentest:high | APIs vulnerable to this risk expose a business flow — such as buying a ticket, posting a comment — without compensating for how the functionality could harm th… |
| OWASP_API_TOP10-API07 | Server-Side Request Forgery (SSRF) OWASP API TOP10pentest:high | SSRF flaws occur when an API is fetching a remote resource without validating the user-supplied URI. This enables an attacker to coerce the application to send… |
| OWASP_API_TOP10-API08 | Security Misconfiguration OWASP API TOP10pentest:high | APIs and the systems supporting them typically contain complex configurations, meant to make the APIs more customisable. Software and DevOps engineers can miss… |
| OWASP_API_TOP10-API09 | Improper Inventory Management OWASP API TOP10pentest:high | APIs tend to expose more endpoints than traditional web applications, making proper and updated documentation highly important. A proper inventory of hosts and… |
| OWASP_API_TOP10-API10 | Unsafe Consumption of APIs OWASP API TOP10pentest:high | Developers tend to trust data received from third-party APIs more than user input, and so tend to adopt weaker security standards. To compromise APIs, attacker… |