This is the first time OWASP is calling for data. Unlike in 2019 when the API Security Top 10 was first published, as stated on their site, “we believe the API industry is now more mature and should be able to contribute valuable data“.
We recently published a post featuring a fresh look at OWASP TOP 10 here in API mike, and as it seems now we will be making a brand new look at API top 10 in the months to follow.
The Open Web Application Security Project (OWASP) is a nonprofit organization that works to improve the security of software. OWASP was founded in 2001 in response to the growing number of attacks on web applications. OWASP’s mission is to make software security more visible and easier to understand.
The OWASP API Security Project is a new initiative from OWASP that aims to improve the security of APIs. APIs are increasingly being used to expose data and functionality to external parties. However, many APIs are not well protected, leaving them vulnerable to attack. The goal of the OWASP API Security Project is to solve this problem by giving API security advice and tools.
The project is in its early stages, but already includes a security assessment tool, a threat model, and a best practices guide. The project is open to contributions from anyone interested in improving API security.
As previously stated, the OWASP foundation intends to release a new edition of the much-anticipated Top 10 list of API vulnerabilities in 2022; given that 2022 is about to end, the release is imminent.
This is call for contributors who can submit datasets to OWASP using this link, the goal is to Collect comprehensive data regarding API vulnerabilities to-date in order to build a new top 10 of the most critical API security risks.
The data structure is similar to the one used before by OWASP Top 10 Project but with an additional attribute: apiProtocol. In case you already have automated tools to compile and output one of these file formats, you should be able to use it with little changes.