The Open Web Application Security Project (OWASP) And API Security

This is a story from my latest API Evangelist API security industry guide. My partner ElasticBeam has underwritten my API security research, allowing me to publish a formal PDF of my guide, providing business and technical users with a walk-through of the moving parts, tools, and companies doing interesting things with API security. When I publish each guide, I publish each story here on the blog, helping build awareness around my research–this is a short one on OWASP.

The Open Web Application Security Project (OWASP) is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of software, with a mission to make software security visible, so that individuals and organizations are able to make informed decisions. OWASP is looking to provide impartial, practical information about application security (AppSec) to individuals, corporations, universities, government agencies and other organizations worldwide. Operating as a community of like-minded professionals, OWASP issues software tools and knowledge-based documentation on application security.

As the web API space has expanded OWASP has expanded its focus to include the most common threats to APIs. OWASP has acknowledged the overlap between web applications, and web APIs, and quickly becoming a valuable source for API specific security knowledge, expanding beyond its web application roots. Providing one of the best resources to find security related information, and tooling you can apply throughout your API operations.

OWASP doesn’t endorse commercial services, and is a member driven organization, so you will find all the information they provide to be vendor neutral, and focused on the task at hand. You will find me regularly anchoring my API security work in what the OWASP community is doing, as security should always be a team effort. API security isn’t my primary focus as API Evangelist, but helping guide you to where you can find the latest information is what this guide is about.

OWASP is your source for unbiased API security information!

You can download or purchase my API Evangelist API security industry guide over at my API security research, and if you want to point out any corrections, and share your thoughts on what is missing, feel free to submit a Github issue on the research project’s Github repository. I appreciate your support of my work, and depend on folks like you, and ElasticBeam to make this all work.