Cybersecurity Incidents

UA2SBF-KrishnaG-CEO

OWASP Top 10 API Security Risks – 2023: API6:2023 – Unrestricted Access to Sensitive Business Flows

by

APIs enable various business flows, such as purchasing tickets, booking reservations, or posting comments. However, these flows can become liabilities if they are exposed without sufficient protections. *Unrestricted Access to Sensitive Business Flows* refers to a scenario where APIs fail to:

1. Limit access to sensitive operations.
2. Implement controls to prevent abuse, particularly by automated systems (e.g., bots).
3. Consider the broader business implications of such unrestricted access.

For instance, an API for purchasing event tickets might allow unlimited purchases by the same user or bot, leading to scalping and significant financial losses for legitimate customers.

Client-Code-Quality-KrishnaG-CEO

OWASP Top 10 for Mobile Apps: M7 – Client Code Quality

by

Client code quality refers to the soundness, reliability, and maintainability of the code executed on mobile devices. The “M7” designation in the OWASP Top 10 highlights vulnerabilities resulting from poorly written client-side code. These vulnerabilities can stem from inadequate input validation, insecure coding practices, or the use of deprecated libraries.