Noname Security Announces Comprehensive Support for New OWASP API Security Top 10

Latest integration enables customers to strengthen vulnerability detection and bolster API security


SAN JOSE, Calif., Aug. 30, 2023 (GLOBE NEWSWIRE) -- Noname Security, the leading provider of complete API security solutions, today announced its API security platform now fully supports the 2023 OWASP API Security Top 10 risk categories. With this new integration Noname Security reinforces its position as the leader in API Security by natively supporting both the 2019 and 2023 frameworks to help customers fight against the ever-evolving threats targeting APIs.

Noname’s API Security Platform detects OWASP API Top 10 related vulnerabilities across the widest possible set of sources including log files, replays of historical traffic, configuration files, and more. This allows customers to find and remediate critical issues like excessive data exposure, broken authentication, lack of resources, and rate limiting, among others.

"APIs have many stakeholders, and frameworks like the OWASP API Security Top 10 allow diverse groups across teams to come together and speak the same language," said Oz Golan, CEO and Co-Founder of Noname Security. "The integration of the 2023 OWASP API Security Top 10 into our platform is a strategic step in helping organizations tackle API security concerns and incorporate API security as part of their broader application security conversations.”

Issued by the Open Worldwide Application Security Project (OWASP), the OWASP API Security Top 10 list serves as a vital resource for identifying the most critical security risks threatening API environments. These vulnerabilities, if left unchecked, can expose sensitive data, compromise user privacy, and wreak havoc on the integrity of software systems.

Originally published in 2019, the OWASP API Security Top 10 was officially updated in June of 2023 with a number of changes to reflect the shifting dynamics of the API security landscape. Besides some consolidated categories, the latest release also includes three new categories including:

  • Unrestricted Access to Sensitive Business Flows (API6:2023) - This category is centered on bots and is an indication of the way security vendors influenced the list and their priorities.
  • Server Side Request Forgery (API7:2023) - This is new to the API Security Top 10 list and is a common vulnerability in security, whereby a client can redirect the server to somewhere not under its own purview, leading to potential external vulnerabilities.
  • Unsafe Consumption of APIs (API10: 2023) - This category is focused on third party APIs and the difference in inherit trust by developers when consuming them versus custom in-house APIs.

Today’s announcement is the latest in a series of product innovations that Noname Security introduced over the past 12 months. In late 2022, Noname Security introduced Recon, the industry’s first API-focused “no touch” external attack surface solution. In March 2023, the company launched a major update to the core Noname API Security Program. In April, the Noname Public Sector Hardened Virtual Appliance was announced making Noname Security’s solution available to the U.S. Federal Government, highly regulated industry customers, and FedRAMP-authorized vendors. In June, the second generation of Noname Security’s Active Testing solution was rolled out to customers to leave no API untested.

On Wednesday, September 13, 2023, Noname will be hosting a special webinar event titled “Addressing the 2023 OWASP API Security Top 10”, featuring Noname speakers Aner Morag, VP of Technology, and Filip Verloy, Field CTO for EMEA. Registration for this event can be found here.

For more information about the OWASP API Security Top 10 and how Noname Security addresses these vulnerabilities, please visit the following:         

About Noname Security
Noname Security provides the most complete, proactive API Security solution. Noname works with 25% of the Fortune 500 and covers the entire API security scope — Discovery, Posture Management, Runtime Protection, and API Security Testing. Noname Security is privately held, remote-first with headquarters in Silicon Valley, California, and an office in Tel Aviv.

Media Contact
Stephanie Schlegel
Offleash for Noname
noname@offleashpr.com