Mike Elissen
Mike Elissen
Another workaround would be to use Download Delivery instead as a delivery product if that is available on the account. Both delivery products should offer similar caching and performance benefits....
Thanks for reporting this issue. On inspection, it seems that the cli-cloudlets package does not have the option to specify edgerc section yet. Adding the specific cloudlets section to the...
Seconded on the many Broken X Level Authorization categories in place in the new draft. Mostly BOLA, BOPLA and BFLA. While it makes sense to combine Excessive Data Exposure and...
For instance, missing elements such as proper keys/secrets management/storage, vulnerability scanning, lower-level APIs accessible etc.
Also, the name / wording of API8 does not fit very well / adhere to the others in the list: Lack of Protection from Automated Threats.
Of course, this has been a very helpful resource for API Security for the community out there. As mentioned, it has my preference to combine API4 and API8 together so...
After a GitHub search in the repo, I see two mentions of 'Injection' now in API10 with two additional links. This is definitely not enough focus on API Injection attacks,...
I agree with this as I have seen a similar focus on these types of business logic attacks. That said, it will be hard to classify this, giving proper examples...
I agree that it is becoming harder to see the distinct differences between the Web App Top 10, API Top 10 and now also the CI/CD Top 10. All are...
+1 on planetlevel's comments here. The way I have always interpreted OWASP's top 10 is that they are the most important security threats for a given category at the time...