Security Vulnerability Guide
This section lists important vulnerabilities applicable to modern API driven applications.
OWASP API Top 10
OWASP Web Top 10
|A10||Server Side Request Forgery||918|
This section lists issues related to API security and resilience, but which cannot be purely categorized as security vulnerabilities.
|API Schema Non Conformance||1215, 393|
|Unexpected 5XX Server Errors||600|
|Undocumented Response Codes||394|
|Inadequate Response Headers||838|
|Incorrect Response Content Types||838|
|Incorrect Response Body||838|
Baseline Security Controls are a minimum set of foundational controls that APIs should implement. These are based on security best practices.
This section lists vulnerabilities arising due to the violation of these security controls. A number of these issues are applicable to OWASP API A7.