The API and Application Protection Blog

ThreatX platform updates, threat research on the latest critical CVEs and 0 days impacting APIs and web applications, alongside strategies and tactics for overcoming the challenges of modern security teams.

Subscribe for API and application protection tactics

Sign up for exclusive threat research, company and content updates, and the occasional fun contest.

  • Blog
  • Application Security
  • Threat Intelligence
  • News
  • Product Updates
  • People & Culture
  • Vulnerabilities
  • Cloud Security
  • API Security
Blog BY Sydney Coffaro

Unrestricted Access to Sensitive Business Flows

No. 6 on the 2023 OWASP API Top 10 Vulnerabilities list — Unrestricted Access to Sensitive Business Flows is both a common and easily exploitable API security vulnerability.    OWASP says of this vulnerability,  “When creating an API Endpoint, it is important to understand which business flow it exposes. Some business flows are more sensitive than […]

VIEW MORE