Our first three articles were about designing and getting an access token. We also established a model for how we move from identity and scopes to the permissions that we base all further access control on. In this article, we discuss what you need to do when implementing your API in order to protect your functions and your data.| Omegapoint Security Blog
This article gives an introduction to ethical hacking and web application penetration testing, and how it differs from for other types of penetration tests. We cover the basic principles of penetration testing and a simplified model for pentesting methodology. It will highlight key aspects of a high-quality security review, where the penetration test plays a big part, and the importance for developers to embrace a hacker's mindset (and vice-versa)| securityblog.omegapoint.se
This article will show how to implement our six-step model for building APIs highlighting key aspects for creating APIs that are secure by design. Example code is available on GitHub.| securityblog.omegapoint.se
The OWASP Top 10 is the reference standard for the most critical web application security risks. Adopting the OWASP Top 10 is perhaps the most effective first step towards changing your software development culture focused on producing secure code.| owasp.org
OWASP API Security Project on the main website for The OWASP Foundation. OWASP is a nonprofit foundation that works to improve the security of software.| owasp.org