Our great sponsors
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
The OWASP top 10 API security risks are posted on their GitHub here. As OWASP shows, because APIs are open to the network:
As far as your question on alternatives, the OpenZiti private networking approach has always been desired from a security perspective, but was previously implemented by requiring all your API clients to use VPNs, an MPLS network or private business APNs. For a relatively small and static implementation, those methods might be viable. The problem is managing all of that at scale. OpenZiti addresses this management problem by putting the private networking into the APIs themselves, as code. Here is a simple example of a Zitified Webhook.