The recently published “OWASP API security top 10” report analyzes the anti-patterns that lead to vulnerabilities and security risks in APIs. In this 10 part series, we introduce these API anti-patterns. Every API professional should know about these anti-patterns.


Broken User Authentication from the OWASP API security paper


API security anti-pattern for Broken User Authentication

The authentication mechanisms for clients and end-users are sometimes not properly specified and implemented. Attackers can use flawed implementations to compromise authentication tokens and assume the identity of another user. If the system’s ability to identify the client/user is compromised, the overall API security is compromised.

Want to learn more?

Check out the complete OWASP API security paper. To secure access to your APIs, learn more about the OAuth in the OAuth Book, or the OAuth Course. To provide and use identity data in apps and APIs, learn more about OpenID Connect in the OpenID Connect Book, or the OpenID Connect Course.

The 10 most critical API security risks – Part 2: Broken User Authentication

Also published on Medium.