forked from OWASP/API-Security
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
d62849d
commit 0530202
Showing
3 changed files
with
116 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,13 @@ | ||
| # top-most EditorConfig file | ||
| root = true | ||
|
|
||
| # Unix-style newlines with a newline ending every file | ||
| [*] | ||
| end_of_line = lf | ||
| insert_final_newline = true | ||
| charset = utf-8 | ||
| indent_style = space | ||
| indent_size = 4 | ||
| trim_trailing_whitespace = true | ||
| max_line_length = 80 | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,53 @@ | ||
| How to Contribute | ||
| ================= | ||
|
|
||
| When contributing to this repository, please first discuss the change you wish | ||
| to make via issue with the owners of this repository before making a change. | ||
| Fixing typos or rephrasing for better understanding DO NOT require discussion. | ||
|
|
||
| ## Branching Model | ||
|
|
||
| This repository holds two main branches with an infinite lifetime: | ||
| * `master` is the default branch which always reflects the latest release. | ||
| * `develop` is the main branch reflecting the latest delivered changes for the | ||
| next release. When the `develop` branch reaches a stable point and is ready to | ||
| be released, then all changes should be merged back into `master`. | ||
|
|
||
| A variety of supporting branches are used to aid parallel development. These | ||
| branches have a limited life time, since they will be removed eventually. | ||
|
|
||
| ## Contributing | ||
|
|
||
| Contributions to this repository are welcome. For ease of managing, please | ||
| follow the steps below: | ||
|
|
||
| 1. Fork this repository to your account | ||
| 2. Clone your copy of this repository, locally | ||
| ``` | ||
| git clone [email protected]:YOU/API-Security-Top-10.git | ||
| ``` | ||
| 3. Create a new branch based on `develop` (e.g. `fix/foreword-section`) | ||
| ``` | ||
| git checkout develop && git checkout -b fix/foreword-section | ||
| ``` | ||
| 4. Apply your changes. | ||
|
|
||
| Please always follow our style conventions. | ||
|
|
||
| Although there's an [`.editorconfig` file][1] on repository's root, your | ||
| editor may not support it. To know more about [EditorConfig][2] and text | ||
| editors/IDEs support check the website: https://editorconfig.org/ | ||
| 5. Commit your changes | ||
| 1. Check modified files and add only required ones (e.g. build artifacts | ||
| SHOULD NOT be tracked) | ||
| 2. Commit message first line should provide a brief description of your | ||
| changes. You can go into details on the optional commit message body. | ||
| 6. Push changes to your public repository | ||
| ``` | ||
| git push origin fix/foreword-section | ||
| ``` | ||
| 7. Open a Pull Request from your `fix/foreword-section` to the upstream | ||
| repository `develop` branch. | ||
|
|
||
| [1]: .editorconfig | ||
| [2]: https://editorconfig.org/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1 +1,50 @@ | ||
| # API-Security-Top-10 | ||
| OWASP API Security Top 10 | ||
| ========================= | ||
|
|
||
| This project is designed to address the ever-increasing number of organizations | ||
| that are deploying potentially sensitive APIs as part of their software | ||
| offerings. These APIs are used for internal tasks and to interface with third | ||
| parties. Unfortunately, many APIs do not undergo the rigorous security testing | ||
| that would render them secure from attack. | ||
|
|
||
| The OWASP API Security Project seeks to provide value to software developers and | ||
| security assessors by underscoring the potential risks in insecure APIs and | ||
| illustrating how these risks may be mitigated. In order to facilitate this goal, | ||
| the OWASP API Security Project will create and maintain a Top 10 API Security | ||
| Risks document, as well as a documentation portal for best practices when | ||
| creating or assessing APIs. | ||
|
|
||
| ## Description | ||
|
|
||
| While working as developers or information security consultants, many people | ||
| have encountered APIs as part of a project. While there are some resources to | ||
| help create and evaluate these projects (such as the OWASP REST Security Cheat | ||
| Sheet), there has not be a comprehensive security project designed to assist | ||
| builders, breakers, and defenders in the community. | ||
|
|
||
| This project aims to create: | ||
|
|
||
| * The OWASP Top Ten API Security Risks document, which can easily underscore the | ||
| most common risks in the area. | ||
| * Create a documentation portal for developers to build APIs in a secure manner. | ||
| * Work with the security community to maintain living documents that evolve with | ||
| security trends. | ||
|
|
||
| ## Project Leaders | ||
|
|
||
| * [Erez Yalon][0] | ||
| * Inon Shkedy | ||
|
|
||
| ## Licensing | ||
|
|
||
| **The OWASP API Security Project documents are free to use!** | ||
|
|
||
| The OWASP API Security Project is licensed under the [Creative Commons | ||
| Attribution-ShareAlike 3.0 license][1], so you can copy, distribute and transmit | ||
| the work, and you can adapt it, and use it commercially, but all provided that | ||
| you attribute the work and if you alter, transform, or build upon this work, you | ||
| may distribute the resulting work only under the same or similar license to this | ||
| one. | ||
|
|
||
| [0]: https://www.owasp.org/index.php/User:ErezYalon | ||
| [1]: http://creativecommons.org/licenses/by-sa/3.0/ |