DEV Community

Discussion on: I am a Developer Advocate for Security in Mobile Apps and APIs, Ask Me Anything

exadra37 profile image
Paulo Renato Ask Me Anything • Edited on

Hi Bill,

Thanks for asking ;)

With no order of preference, and with focus on security: is a community website for all things related to API security. Our daily news and weekly API Security newsletter cover the latest breaches, vulnerabilities, standards, best practices, regulations, and technology.

API Security Encylopedia collects together information on the risks, guidelines, and recommendations relating to API security.

For developers with focus on API security for mobile apps I recommend to read this series about Mobile API Security Techniques and to follow the api tag in the blog of my workplace, where I and some of my colleagues write about API security with focus on mobile clients.

OWASP API Security Top 10

A foundational element of innovation in today’s app-driven world is the API. From banks, retail and transportation to IoT, autonomous vehicles and smart cities, APIs are a critical part of modern mobile, SaaS and web applications and can be found in customer-facing, partner-facing and internal applications. By nature, APIs expose application logic and sensitive data such as Personally Identifiable Information (PII) and because of this have increasingly become a target for attackers. Without secure APIs, rapid innovation would be impossible.

This project is designed to address the ever-increasing number of organizations that are deploying potentially sensitive APIs as part of their software offerings. These APIs are used for internal tasks and to interface with third parties. Unfortunately, many APIs do not undergo the rigorous security testing that would render them secure from attack.

The OWASP API Security Project seeks to provide value to software developers and security assessors by underscoring the potential risks in insecure APIs and illustrating how these risks may be mitigated. In order to facilitate this goal, the OWASP API Security Project will create and maintain a Top 10 API Security Risks document, as well as a documentation portal for best practices when creating or assessing APIs.

Keep up to date with the latest API trends

Learn how to make smarter tech decision using APIs. The resource for API practitioners.