Magdalena König,
"API Security Analysis Dashboard auf Basis der OWASP Top 10 API-Sicherheitsrisiken"
, 12-2024
Original Titel:
API Security Analysis Dashboard auf Basis der OWASP Top 10 API-Sicherheitsrisiken
Sprache des Titels:
Englisch
Original Kurzfassung:
Service interfaces (APIs) are an indispensable concept in software development. However, with the growing number of APIs and increasing communication via these interfaces, their attack surface is also growing. Cyber criminals are increasingly using APIs to gain access to systems and steal or manipulate data. API security is therefore an area of current and future relevance. The OWASP Foundation (OWASP API Security Project Team, 2023) published an updated ranking of the top 10 risks for service interfaces in 2023 to help API operators develop and operate secure APIs. As part of this master's thesis, an API Security Analysis Dashboard has been developed that uses the OWASP Top 10 as a basis and enables users to identify vulnerabilities in a simple and understandable way. The methodology chosen is the design science approach according to Johannesson and Perjons (2014). The focus of the dashboard is primarily on the visualization of vulnerabilities and the associated OWASP categories, but user-friendliness and integration options are also at the forefront in order to clearly display vulnerabilities and to be able to integrate the dashboard into existing systems. By categorizing security tools in the field of web applications and analyzing as well as comparing API scanners, the tool ZAProxy (ZAP Dev Team, 2024a) is selected as an example and integrated into the dashboard. In addition, requirements for the dashboard are derived as part of the tool comparison, which the implementation can cover well in the final argumentative evaluation and on the basis of case studies.