Who is OWASP?

00:00

everyone welcome back to the course. So in this video, we're gonna talk about who owe us actually is. So we'll talk about the organization. And then we'll also talk about the items on the A P I security Top 10 list and will cover each one of those individually in separate videos coming up in this module.

00:18

So who is a WASP Will? A WASP itself stands for the open Web application security projects. So as the name implies, there all about Web security. So always comes out with a top 10 list

00:29

for Web application vulnerabilities about every 3 to 4 years, the last one coming out in 2017.

00:37

Now what they realized was that

00:40

AP I. Security also plays a crucial role across the organization will talk about that in just a little bit. So they're an international organization, as I mentioned, to come out with a loss top 10 list.

00:50

So the overall goal is Web security, and the A P I security Top 10 was created specifically

00:57

because a loss recognized a crucial role that AP eyes play in the organization's application architecture, as well as the overall application security

01:06

so realistically emerging AP I specific issues should be something that are on the security teams radar. So that's why I o us came out with the top 10 list.

01:15

Now, as I mentioned every 3 to 4 years

01:18

from the the normal loss top 10 list, they updated, so we can expect that they're gonna follow a similar process for the A P I. Security top 10.

01:27

So what are the actual items on the top 10 list for FBI security? What? We have broken object level authentication, and by the way, we're gonna be covering each of these. As I mentioned in a separate video coming up so well deep dive into what these are What is going to take a look at the list right now. So I also have broken authentication, excessive data exposure. The lack of resource is the rate limiting

01:47

broken function level authentication,

01:49

mass assignment, security, Miss configurations, which you hear a lot about in the news. You hear about Insecure s tree buckets? That's what we're talking about there.

01:57

Injection. You've heard. Probably heard of injection type of tax like sequel, injection or command, injection and tax. And that's what we'll be talking a little bit about there.

02:07

Improper assets management and insufficient logging in monitoring.

02:10

So a quick quiz question cross site scripting is 1/7 most important item listed on the S B P I. Security Top 10. Is that true or false?

02:21

So that one is false. If you were called the number seven item on the list of security Miss Configuration.