Time
1 hour 43 minutes
Difficulty
Beginner
CEU/CPE
2

Video Transcription

00:00
everyone welcome back to the course. So in this video, we're gonna talk about who owe us actually is. So we'll talk about the organization. And then we'll also talk about the items on the A P I security Top 10 list and will cover each one of those individually in separate videos coming up in this module.
00:18
So who is a WASP Will? A WASP itself stands for the open Web application security projects. So as the name implies, there all about Web security. So always comes out with a top 10 list
00:29
for Web application vulnerabilities about every 3 to 4 years, the last one coming out in 2017.
00:37
Now what they realized was that
00:40
AP I. Security also plays a crucial role across the organization will talk about that in just a little bit. So they're an international organization, as I mentioned, to come out with a loss top 10 list.
00:50
So the overall goal is Web security, and the A P I security Top 10 was created specifically
00:57
because a loss recognized a crucial role that AP eyes play in the organization's application architecture, as well as the overall application security
01:06
so realistically emerging AP I specific issues should be something that are on the security teams radar. So that's why I o us came out with the top 10 list.
01:15
Now, as I mentioned every 3 to 4 years
01:18
from the the normal loss top 10 list, they updated, so we can expect that they're gonna follow a similar process for the A P I. Security top 10.
01:27
So what are the actual items on the top 10 list for FBI security? What? We have broken object level authentication, and by the way, we're gonna be covering each of these. As I mentioned in a separate video coming up so well deep dive into what these are What is going to take a look at the list right now. So I also have broken authentication, excessive data exposure. The lack of resource is the rate limiting
01:47
broken function level authentication,
01:49
mass assignment, security, Miss configurations, which you hear a lot about in the news. You hear about Insecure s tree buckets? That's what we're talking about there.
01:57
Injection. You've heard. Probably heard of injection type of tax like sequel, injection or command, injection and tax. And that's what we'll be talking a little bit about there.
02:07
Improper assets management and insufficient logging in monitoring.
02:10
So a quick quiz question cross site scripting is 1/7 most important item listed on the S B P I. Security Top 10. Is that true or false?
02:21
So that one is false. If you were called the number seven item on the list of security Miss Configuration.
02:28
So in this video, we just talked a little bit about who all speak is kind of the mission of a lost again. It's around Web security. And then we also went through the list of the Ola's. Maybe I Security Top 10 again. We're gonna be talking about each one of those items individually in upcoming video.

Up Next

Introduction to the OWASP API Security Top 10

The Introduction to the OWASP API Security Top 10 course will teach students why API security is needed. Students will get a brief refresher on the CIA triad and AAA, then move into learning about the OWASP Top 10 from an API security perspective.

Instructed By

Instructor Profile Image
Ken Underhill
Master Instructor at Cybrary
Master Instructor