From the course: The OWASP API 2023 Top 10: An Overview
Join today to access over 24,100 courses taught by industry experts.
API6:2023 Unrestricted Access to Sensitive Business Flows
From the course: The OWASP API 2023 Top 10: An Overview
API6:2023 Unrestricted Access to Sensitive Business Flows
- [Narrator] Next on the OWASP API Security top 10 is another newcomer. At number 6, we have unrestricted access to sensitive business flows. OWASP says API is vulnerable to this risk expose a business flow such as buying a ticket or posting a comment without compensating for how the functionality could harm the business if used excessively in an automated manner. This doesn't necessarily come from implementation bugs. This occurs when attackers gain automated access to sensitive business processes via an API and manipulate them. For example, attackers may block legitimate users from buying products or making reservations on a calendar, or automate a purchasing process to buy up inventory and resell it for a higher price. So if you've had trouble getting the latest video game consoles recently, or if you're a collector like me who has stayed up all night for the latest collector's item only to find it sold out within seconds…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
(Locked)
API1:2023 Broken Object-Level Authorization3m 39s
-
(Locked)
API2:2023 Broken Authentication2m 54s
-
(Locked)
API3:2023 Broken Object-Property-Level Authorization3m 46s
-
(Locked)
API4:2023 Unrestricted Resource Consumption3m 9s
-
(Locked)
API5:2023 Broken Function-Level Authorization3m 8s
-
(Locked)
API6:2023 Unrestricted Access to Sensitive Business Flows2m 54s
-
(Locked)
API7:2023 Server-Side Request Forgery2m 11s
-
(Locked)
API8:2023 Security Misconfigurations3m 40s
-
(Locked)
API9:2023 Improper Inventory Management3m 5s
-
(Locked)
API10:2023 Unsafe Consumption of APIs3m 33s
-
(Locked)
-