Pitfalls Software Developers Should Avoid When Programming Using API

API - cfamedia

The rate at which cybercrimes occur is, now more pronounced, than ever before and evidence of these nefarious activities, can be seen, in the rise of the rigging of elections, high rate of cyberattacks on businesses and the fact that, the hard-earned money of bank customers, that are being wiped out of their bank accounts.

Just a few weeks, into the year 2020, there have been, more than 1.76 billion records leaked and this includes, records containing user information and plain text passwords, for about 772 million people.

This is, one of the biggest data breaches to have happened, within, so short a time.

A MongoDB instance, containing 854GB of data was, also, hacked and this exposed CVs, containing sensitive information, of about 202 million Chinese users and also, this same year, a sensitive Oklahoma government data leaked and exposed 7 years of FBI investigations.

The bad news is that, cyber-attacks will get more worse and frequent, especially, this year and that is why it is, highly, essential that, one is prepared, for this incoming onslaught.

Late last year, The Open Web Application Security Project “OWASP”, released its much-awaited, first edition, of its top 10 list of API security pitfalls that software developers and code auditors, should be aware of, in order to minimize breaches.

The API has been one of the most abused and somewhat, easy-to-access, communication protocols, by hackers.

This abuse is a major problem that shows no sign, of stopping, anytime soon. in fact, it has been projected that it will escalate this year.

The OWASP’s API Security Top 10 list, was published, earlier this month and it was a revelation, as it contains some loopholes that have been overlooked.

Check out the list below:

  • Broken Object Level Authorization
  • Broken User Authentication
  • Excessive Data Exposure
  • Lack of Resources & Rate Limiting
  • Broken Function Level Authorization
  • Mass Assignment
  • Security Misconfiguration
  • Injection
  • Improper Assets Management
  • Insufficient Logging and Monitoring

“Some of these raised issues that look pretty simple, but are, extremely, critical, like good housekeeping and documenting APIs.

Moreover, there are, also, complex issues of access control that might require some attention, from the design phase”, stressed Erez Yalon, Director of Security Research, at Checkmarx and Co-lead, on the OWASP API Security Project.

“Having a clear understanding of API, will minimize the vulnerabilities that arise, from this worrisome issue and this will help teams, to mitigate against API security risks and put systems into place, moving forward”, Erez concluded.

Featured Image: Codersera

Don’t miss important articles during the week. Subscribe to cfamedia weekly newsletter for updates.