1 hour 43 minutes
everyone welcome back to the course. So in this video, we're gonna talk about who owe us actually is. So we'll talk about the organization. And then we'll also talk about the items on the A P I security Top 10 list and will cover each one of those individually in separate videos coming up in this module.
So who is a WASP Will? A WASP itself stands for the open Web application security projects. So as the name implies, there all about Web security. So always comes out with a top 10 list
for Web application vulnerabilities about every 3 to 4 years, the last one coming out in 2017.
Now what they realized was that
AP I. Security also plays a crucial role across the organization will talk about that in just a little bit. So they're an international organization, as I mentioned, to come out with a loss top 10 list.
So the overall goal is Web security, and the A P I security Top 10 was created specifically
because a loss recognized a crucial role that AP eyes play in the organization's application architecture, as well as the overall application security
so realistically emerging AP I specific issues should be something that are on the security teams radar. So that's why I o us came out with the top 10 list.
Now, as I mentioned every 3 to 4 years
from the the normal loss top 10 list, they updated, so we can expect that they're gonna follow a similar process for the A P I. Security top 10.
So what are the actual items on the top 10 list for FBI security? What? We have broken object level authentication, and by the way, we're gonna be covering each of these. As I mentioned in a separate video coming up so well deep dive into what these are What is going to take a look at the list right now. So I also have broken authentication, excessive data exposure. The lack of resource is the rate limiting
broken function level authentication,
mass assignment, security, Miss configurations, which you hear a lot about in the news. You hear about Insecure s tree buckets? That's what we're talking about there.
Injection. You've heard. Probably heard of injection type of tax like sequel, injection or command, injection and tax. And that's what we'll be talking a little bit about there.
Improper assets management and insufficient logging in monitoring.
So a quick quiz question cross site scripting is 1/7 most important item listed on the S B P I. Security Top 10. Is that true or false?
So that one is false. If you were called the number seven item on the list of security Miss Configuration.
So in this video, we just talked a little bit about who all speak is kind of the mission of a lost again. It's around Web security. And then we also went through the list of the Ola's. Maybe I Security Top 10 again. We're gonna be talking about each one of those items individually in upcoming video.
Introduction To OWASP Top Ten: A6 - Security Misconfiguration - Scored
This module for the Introduction to OWASP Top Ten Module covers A6: Security Misconfiguration.
Introduction To OWASP Top Ten: A1 - Injection - Scored
This module for the Introduction to OWASP Top Ten Module covers A1: Injection.