5 Top API configuration and management vulnerabilities
This chapter covers
- Restricting resource consumption
- Mitigating Server-Side Request Forgery (SSRF)
- Configuring our APIs safely
- Managing our API attack surface securely
- Consuming APIs safely
We continue our exploration of the most common API security risks by looking at API configuration and management-related categories from the OWASP API top 10. While the vulnerabilities in the previous chapter involved access controls to our system, resources, and business logic flows, the vulnerabilities in this chapter involve abuse of misconfiguration that allow threat actors to trigger random requests from our system, obtain sensitive system information, and more. You’ll also learn about the importance of managing your API attack surface and how threat actors look for old API versions or internal endpoints that are less protected.