Forum Discussion

DavidFernandes's avatar
DavidFernandes
Former Employee
Mar 25, 2024

New Blog | Protect Against OWASP API Top 10 Security Risks Using Defender for APIs

By harissohail

 

Overview

The Open Web Application Security Project (OWASP) Foundation is a nonprofit foundation dedicated to improving software security through community-led open-source projects, education, and transparency. The OWASP API Security Project focuses on strategies and solutions to understand and mitigate the unique vulnerabilities and security risks of APIs. In this post, we'll dive into how Defender for APIs (a plan provided by Microsoft Defender for Cloud) provides security coverage for the OWASP API Top 10 security risks.

 

Defender for APIs offers full lifecycle protection, detection, and response coverage for APIs. Defender for APIs helps you to gain visibility into business-critical APIs. You can investigate and improve your API security posture, prioritize vulnerability fixes, and quickly detect active real-time threats.

 

Concepts

Security recommendations – Recommendations in Defender for Cloud are based on the Microsoft cloud security benchmark. The Microsoft cloud security benchmark is the Microsoft-authored set of guidelines for security and compliance best practices based on common compliance frameworks. This widely respected benchmark builds on the controls from the Center for Internet Security (CIS) and the National Institute of Standards and Technology (NIST) with a focus on cloud-centric security. For a complete list of API security recommendations, see Security recommendations - a reference guide

 

Security alerts – Security alerts are the notifications generated by Defender for Cloud's workload protection plans when runtime threats are identified in your Azure, hybrid, or multi-cloud environments. For a complete list of API security alerts, see Security alerts - a reference guide

 

Attack path analysis - Defender for Cloud uses environment context to perform a risk assessment of your security issues and subsequently identifies the biggest security risk issues. Defender for Cloud then analyzes which security issues are part of potential attack paths that attackers could use to breach your environment. To learn more, see Identify and remediate attack paths

 

Read the full story here: Protect Against OWASP API Top 10 Security Risks Using Defender for APIs

No RepliesBe the first to reply