Leveraging the OWASP API Security top 10 to build secure web services

Imagine you decide to build an application using web services. What are the main aspects to consider when it comes to security? With the first version of the OWASP API Security top 10 being released, exploring the defensive aspect of each entry in the top 10 will allow us to revisit them and reflect on what could be some good practices to follow. While reviewing a web service on all best-practice security measures might not be in line with an organization's risk appetite, this approach offers the reader the benefit of mitigating the most critical types of vulnerabilities as a starting point. We will showcase the architecture of a straightforward banking application using SOAP, REST and GraphQL respectively. This will allow us to demonstrate diverse attention points specific to these technologies when it comes to finding solutions for each unique OWASP API security API top 10 vulnerability class.