31-days-of-API-Security-Tips
ASVS
Our great sponsors
31-days-of-API-Security-Tips | ASVS | |
---|---|---|
2 | 8 | |
2,057 | 2,515 | |
- | 2.6% | |
0.0 | 9.4 | |
about 2 years ago | 7 days ago | |
HTML | ||
- | Creative Commons Attribution Share Alike 4.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
31-days-of-API-Security-Tips
ASVS
-
A Decade of Have I Been Pwned
2. See OWASP ASVS 4.0 2.1.7 https://github.com/OWASP/ASVS/blob/master/4.0/en/0x11-V2-Aut..., See
-
API Configuration
Go through all OWASP ASVS test cases which relate to APIs: https://github.com/OWASP/ASVS
-
Dozens of high-traffic websites vulnerable to ‘account pre-hijacking’, study
- Unexpired Email Change (UE)
possibly CWE-306?
CWE-306: Missing Authentication for Critical Function <https://cwe.mitre.org/data/definitions/306.html>
and for OWASP ASVP <https://owasp.org/www-project-application-security-verificat...> possibly 3.7.1?<https://github.com/OWASP/ASVS/blob/v4.0.3_release/4.0/en/0x1...>
3.7.1
- What security measures should one keep in mind when developing a fin-tech app ?
- Looking for webapp/api related books recommendations
- Is storing JSON Web token in local storage safe?
- How to setup a workflow for scanning?
-
best programming language.
If you want to ensure a high level of security and data protection for your web app, look no further than the OWASP ASVS: https://github.com/OWASP/ASVS
What are some alternatives?
API-Security-Checklist - Checklist of the most important security countermeasures when designing, testing, and releasing your API
owasp-masvs - The OWASP MASVS (Mobile Application Security Verification Standard) is the industry standard for mobile app security.
awesome-web-hacking - A list of web application security
vapi - vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.
CheatSheetSeries - The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
sec-interview - 信息安全面试题汇总
offensiveinterview - Interview questions to screen offensive (red team/pentest) candidates
Web_Hacking - Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.
wstg - The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
Application-Security-Engineer-Interview-Questions - Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer
infosec-interview-questions - 🗒️ A [work-in-progress] collection for interview questions for Information Security roles