In an era where mobile applications are a crucial part of our daily lives, the security of these applications, especially Android apps, has become paramount. As per a report by Statista, in 2022, there were 1802 data breaches in the United States, with over 422.14 million individuals affected.
Welcome to the 6th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. This post will focus on API5:2023 Broken Function Level Authorization. In this series we are taking an in-depth look at each category – the details, the impact and what you can do about it.
It’s been reported that 2.6 million user records sourced from the Duolingo app are for sale. The attacker apparently obtained them from an open API provided by the company. There’s a more technical explanation available here. While we talk a lot about the vulnerabilities in the OWASP API Top-10 and the exploits associated with those vulnerabilities, this incident provides a good reminder that not all vulnerabilities are flaws in code. In fact, this API was working as designed.
At the heart of nearly every digital transformation strategy is a core focus on flexibility, scalability, and, most importantly, security. Amazon Web Services (AWS), a leader in the cloud services sector, empowers organizations to execute complex business processes while ensuring priority is given to robust AWS security practices. When you choose to move your data and applications to the cloud, security certainly takes a front-and-center role.
Imagine constructing a building without a blueprint or cooking a complex recipe without a list of ingredients. It would be a chaotic and inefficient process, right? The same principle applies to manufacturing and production. That's where the Bill of Materials (BOM) comes into play. In this article, we will explore the meaning, purpose, and diverse types of BOMs, illustrating how they serve as the foundation for seamless production processes.