OWASP API9: 2019 Improper Assets Management

【Improper Assets Management】Definition and Examples

Nov 24, 2022

6 min read

Sudip Sengupta

In this article:

Modern application delivery relies on the extensive use of application programming interfaces (APIs) to exchange data and services with external and internal entities. Though the interface offers several benefits that reduce the effort overhead of integrating different services, API security remains a crucial concern, as a security flaw on one API endpoint can compromise the entire application layer. Improper assets management (OWASP API9: 2019) is a prevalent vulnerability due to the lack of oversight and ownership of production API endpoints.

This article delves into improper asset management vulnerability, scenarios that lead to the vulnerability, and prevention techniques.

What is Improper Assets Management Vulnerability?

APIs enable the access and management of digital services using programming calls and create-read-update-delete (CRUD) operations. Unlike other security risks in APIs that arise from coding mistakes, improper asset management results from human errors in API management. Improper management of APIs refers to instances when the production APIs are built, utilized, and then no longer managed without being terminated. Such API endpoints remain unpatched and may use older libraries with outdated versions of security controls. This grants unlimited access to production data over the API environment, allowing malicious actors to compromise and exploit information flows of the application layer.

The improper assets management vulnerability also allows malicious actors

Read more

Explore the site

More from the blog

Latest News