Given the critical role they play in digital transformation—and the access to internal data and systems they provide—APIs warrant a dedicated approach to security and compliance. Already an attractive target for bad actors, APIs will soon become a top attack vector. As part of its API security report released in August, Gartner recommended adopting “a continuous approach to API security across the API development and delivery cycle, designing security into APIs.”
To effectively combat API security risks, however, a common understanding of the specific threats that enterprises need to defend against is essential. To this end, the OWASP Foundation created the OWASP API Security Top 10 project. In this post, I look into some of the risks described by OWASP API Security Top 10 and how the relevant Ping Identity products can be leveraged to mitigate these risks.