The recently published “OWASP API security top 10” report analyzes the anti-patterns that lead to vulnerabilities and security risks in APIs. In this 10 part series, we introduce these API anti-patterns. Every API professional should know about these anti-patterns.
API security anti-pattern for Insufficient Logging & Monitoring
Insufficient logging and monitoring, coupled with missing or ineffective integration with incident response, allows attackers to further attack systems, maintain persistence, pivot to more systems to tamper with, extract, or destroy data. Most breach studies demonstrate the time to detect a breach is over 200 days, typically detected by external parties rather than internal processes or monitoring.
Want to learn more?
- Part 1 Broken Object Level Authorization
- Part 2 Broken User Authentication
- Part 3 Excessive Data Exposure
- Part 4 Lack of Resources & Rate Limiting
- Part 5 Broken Function Level Authorization
- Part 6 Mass Assignment
- Part 7 Security Misconfiguration
- Part 8 Injection
- Part 9 Improper Assets Management
- Part 10 Insufficient Logging & Monitoring
Check out the complete OWASP API security paper. To secure access to your APIs, learn more about the OAuth in the OAuth Book, or the OAuth Course. To provide and use identity data in apps and APIs, learn more about OpenID Connect in the OpenID Connect Book, or the OpenID Connect Course.