Akamai:2025年巧用对策防范OWASP十大API安全风险白皮书

OWASP十大API安全风险为企业应对API漏洞提供了重要指南,涵盖了各类常见安全隐患及应对方向。这十大风险包括失效的对象级授权、失效的身份验证、失效的对象属性级授权、不受限制的资源消耗、失效的功能级授权、不受限制的敏感业务流访问、服务器端请求伪造、 ...

2025年巧用对策防范OWASP十大API安全风险白皮书-Akamai

白皮书核心聚焦 OWASP 十大 API 安全风险,逐一明确漏洞本质、危害及防范方向。失效的对象级授权(BOLA)与属性级授权(BOPLA)是高频漏洞,前者因未验证客户端授权导致资源被非法访问,后者因过度暴露数据属性违背最小权限原则;失效的身份验证与功能级授权则源于认证机制薄弱、访问控制模式不当,让攻击者有机可乘。此外,不受限制的资源消耗易引发 DoS ...
DOIT

Akamai发布互联网安全报告:Web与API攻击激增,AI技术双刃剑效应明显

AI正深刻重塑网络攻防格局,成为推动攻击更复杂、防御更智能的“双刃剑”。4月23日,Akamai发布了《2025年Web应用与API安全态势分享》报告,强调AI既加剧了安全工作的挑战,也为企业带来了全新防御思路。 作为全球最大级别的边缘云服务和CDN提供商之一,Akamai ...
Business Wire

42Crunch Becomes a Member of OWASP to Advance API Security

SAN FRANCISCO--(BUSINESS WIRE)--42Crunch is pleased to announce our corporate membership of the Open Web Application Security Project (OWASP), a worldwide not-for ...
Fox2Now St. Louis

Noname Security Announces Comprehensive Support for New OWASP API Security Top 10

SAN JOSE, Calif., Aug. 30, 2023 (GLOBE NEWSWIRE) -- Noname Security, the leading provider of complete API security solutions, today announced its API security platform now fully supports the 2023 ...
CSOonline

What you need to know about the new OWASP API Security Top 10 list

According to a report released by Akamai earlier this year, API calls now represent 83% of all web traffic. Web-enabled applications already have 40% of their attack surface in the form of APIs ...