Documentation

Other

API Security

API-Security

by OWASP

2.2Kstars

393forks

167watchers

Updated 8 months ago

About

The OWASP API Security Project provides comprehensive documentation and best practices to identify and mitigate the top security risks in APIs.

OWASP API Security Project

Primary Use Case

This project is primarily used by software developers, security assessors, and organizations to understand and address common API security vulnerabilities. It serves as a resource for creating secure APIs and conducting risk assessments to protect sensitive data and services exposed via APIs.

Key Features

Comprehensive OWASP Top 10 API Security Risks document
Documentation portal with best practices for secure API development
Focus on evolving and maintaining living security documents
Resources for both API builders and security testers
Free and open Creative Commons Attribution-ShareAlike 4.0 licensed content
Community-driven project with active leadership

Security Frameworks

Reconnaissance

Initial Access

Defense Evasion

Credential Access

Impact

Usage Insights

Integrate OWASP API Security Top 10 into secure SDLC pipelines to prevent vulnerabilities early.
Use the documentation as a training baseline for developers and security testers to improve API security awareness.
Leverage the project’s living documents to stay current with emerging API threats and adapt defenses accordingly.
Combine with automated API security testing tools to continuously assess API endpoints against OWASP risks.
Employ the project as a framework for purple team exercises focusing on API attack simulations and defense validation.

Docs Take 2 Hours. AI Takes 10 Seconds.

Ask anything about API-Security. Installation? Config? Troubleshooting? Get answers trained on real docs and GitHub issues—not generic ChatGPT fluff.

3 free chats per tool • Instant responses • No credit card

Security Profile

Red Team80%

Blue Team60%

Purple Team70%

Details

LicenseOther

LanguageDockerfile

Open Issues78

Topics

api

security

web-api

documentation-portal

owasp-top

Related Tools

API-Security-Checklist

shieldfy/API-Security-Checklist

Documentation

Checklist of the most important security countermeasures when designing, testing, and releasing your API

22.9K

8 months ago

express-gateway

ExpressGateway/express-gateway

Tool

A microservices API Gateway built on top of Express.js

3.0K

8 months ago

akto

akto-api-security/akto

Tool

Proactive, Open source API security → API discovery, API Security Posture, Testing in CI/CD, Test Library with 1000+ Tests, Add custom tests, Sensitive data exposure

1.4K

about 1 month ago