[et_pb_section fb_built=”1″ _builder_version=”4.9.10″ _module_preset=”default” background_color=”RGBA(0,0,0,0)” use_background_color_gradient=”on” background_color_gradient_start=”#2b3669″ background_color_gradient_end=”#36acac”][et_pb_row _builder_version=”4.9.10″ _module_preset=”default” custom_margin=”60px||-10px||false|false”][et_pb_column type=”4_4″ _builder_version=”4.9.10″ _module_preset=”default”][et_pb_text _builder_version=”4.9.10″ _module_preset=”default” text_font=”Barlow|800|||||||” text_text_color=”#242424″ text_font_size=”73px” text_line_height=”1.2em” header_font=”Barlow|800|||||||” header_text_color=”#FFFFFF” header_font_size=”55px” header_2_font=”Barlow|800|||||||” header_2_font_size=”74px” text_font_size_tablet=”” text_font_size_phone=”47px” text_font_size_last_edited=”on|phone” header_font_size_tablet=”62px” header_font_size_phone=”44px” header_font_size_last_edited=”on|phone” header_2_font_size_tablet=”62px” header_2_font_size_phone=”44px” header_2_font_size_last_edited=”on|desktop”]
Help your team master API security best practices
[/et_pb_text][et_pb_text content_tablet=”
Every few years since 2013, OWASP has been releasing their list of the top 10 most common web application security vulnerabilities. Due to the ubiquity of APIs (Application Programming Interfaces) nowadays, in 2019 OWASP created a new list for the first time dealing exclusively with vulnerabilities related to API security. They even incorporated community research and feedback into this list.
” content_phone=”
Every few years since 2013, OWASP has been releasing their list of the top 10 most common web application security vulnerabilities. Due to the ubiquity of APIs (Application Programming Interfaces) nowadays, in 2019 OWASP created a new list for the first time dealing exclusively with vulnerabilities related to API security. They even incorporated community research and feedback into this list.
” content_last_edited=”on|phone” _builder_version=”4.9.10″ _module_preset=”default” text_text_color=”#FFFFFF” text_font_size=”20px” text_line_height=”1.3em” custom_margin=”0px||||false|false” custom_padding=”0px||||false|false”]
Every few years since 2013, OWASP has been releasing their list of the top 10 most common web application security vulnerabilities. Due to the ubiquity of APIs (Application Programming Interfaces) nowadays, in 2019 OWASP created a new list for the first time dealing exclusively with vulnerabilities related to API security. They even incorporated community research and feedback into this list.
[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row _builder_version=”4.9.10″ _module_preset=”default” custom_margin=”||-30px||false|false”][et_pb_column type=”4_4″ _builder_version=”4.9.10″ _module_preset=”default”][et_pb_button button_url=”https://next.avatao.com/direct?orgid=cafdc337-3c84-41d0-9406-447779b06a08&module=6e56e2e0-9c0e-48e7-ac3c-88b717ee3fee” url_new_window=”on” button_text=”Try an API security exercise” button_alignment=”center” _builder_version=”4.9.10″ custom_button=”on” button_text_size=”22px” button_text_color=”#3dffdb” button_bg_color=”RGBA(0,0,0,0)” button_border_width=”2px” button_border_color=”#3dffdb” button_border_radius=”14px” button_letter_spacing=”1px” button_font=”Barlow|700|||||||” button_use_icon=”off” background_layout=”dark” custom_margin=”0px|0px|15px|0px|false|false” custom_margin_tablet=”” custom_margin_phone=”0px|0px||0px|false|false” custom_margin_last_edited=”on|phone” custom_padding=”5px|56px|5px|56px|true|true” animation_style=”zoom” animation_delay=”100ms” animation_intensity_zoom=”10%” button_text_size_tablet=”” button_text_size_phone=”16px” button_text_size_last_edited=”on|phone” button_text_color_tablet=”” button_text_color_phone=”” button_text_color_last_edited=”on|phone” box_shadow_style=”preset2″ box_shadow_color=”rgba(42,50,76,0.21)” button_letter_spacing_hover=”2px” locked=”off” button_text_size__hover_enabled=”off” button_text_size__hover=”null” button_one_text_size__hover_enabled=”off” button_one_text_size__hover=”null” button_two_text_size__hover_enabled=”off” button_two_text_size__hover=”null” button_text_color__hover_enabled=”off” button_text_color__hover=”null” button_one_text_color__hover_enabled=”off” button_one_text_color__hover=”null” button_two_text_color__hover_enabled=”off” button_two_text_color__hover=”null” button_border_width__hover_enabled=”off” button_border_width__hover=”null” button_one_border_width__hover_enabled=”off” button_one_border_width__hover=”null” button_two_border_width__hover_enabled=”off” button_two_border_width__hover=”null” button_border_color__hover_enabled=”off” button_border_color__hover=”null” button_one_border_color__hover_enabled=”off” button_one_border_color__hover=”null” button_two_border_color__hover_enabled=”off” button_two_border_color__hover=”null” button_border_radius__hover_enabled=”off” button_border_radius__hover=”null” button_one_border_radius__hover_enabled=”off” button_one_border_radius__hover=”null” button_two_border_radius__hover_enabled=”off” button_two_border_radius__hover=”null” button_letter_spacing__hover_enabled=”on” button_letter_spacing__hover=”2px” button_one_letter_spacing__hover_enabled=”off” button_one_letter_spacing__hover=”null” button_two_letter_spacing__hover_enabled=”off” button_two_letter_spacing__hover=”null” button_bg_color__hover_enabled=”off” button_bg_color__hover=”null” button_one_bg_color__hover_enabled=”off” button_one_bg_color__hover=”null” button_two_bg_color__hover_enabled=”off” button_two_bg_color__hover=”null”][/et_pb_button][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built=”1″ _builder_version=”4.9.10″ _module_preset=”default” background_color=”RGBA(0,0,0,0)” use_background_color_gradient=”on” background_color_gradient_start=”#36acac” background_color_gradient_end=”#2b3669″ custom_margin=”0px||||false|false” locked=”off”][et_pb_row _builder_version=”4.6.0″ _module_preset=”default” custom_margin=”-25px||-40px||false|false”][et_pb_column type=”4_4″ _builder_version=”4.6.0″ _module_preset=”default”][et_pb_text _builder_version=”4.6.0″ _module_preset=”default” header_2_font=”Barlow|800|||||||” header_2_text_color=”#ffffff” header_2_font_size=”40px” custom_margin=”||0px||false|false” locked=”off”]
Discover Avatao’s API security training
[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row column_structure=”1_2,1_2″ _builder_version=”4.9.10″ _module_preset=”default” custom_margin_tablet=”15px||||false|false” custom_margin_phone=”” custom_margin_last_edited=”on|tablet”][et_pb_column type=”1_2″ _builder_version=”4.6.0″ _module_preset=”default” custom_padding=”|30px|||false|false”][et_pb_text content_tablet=”
There are some core differences between web application security and API security. Traditional web applications manage data handling on the server and the pre-rendered resource is sent to the browser in a completed state. In contrast, the APIs, which work like backend servers, perform only data processing and leave the rendering to the front end.
Avatao lets your developers practice with real-life API security scenarios, such as:
” content_phone=”
There are some core differences between web application security and API security. Traditional web applications manage data handling on the server and the pre-rendered resource is sent to the browser in a completed state. In contrast, the APIs, which work like backend servers, perform only data processing and leave the rendering to the front end.
Avatao lets your developers practice with real-life API security scenarios, such as:
” content_last_edited=”on|phone” _builder_version=”4.9.10″ _module_preset=”default” text_text_color=”#ffffff” text_font_size=”20px” text_line_height=”1.3em” custom_margin=”50px||0px||false|false” custom_margin_tablet=”30px||5px||false|false” custom_margin_phone=”” custom_margin_last_edited=”on|tablet” custom_padding=”0px||||false|false” locked=”off”]
There are some core differences between web application security and API security. Traditional web applications manage data handling on the server and the pre-rendered resource is sent to the browser in a completed state. In contrast, the APIs, which work like backend servers, perform only data processing and leave the rendering to the front end.
Avatao lets your developers practice with real-life API security scenarios, such as:
[/et_pb_text][/et_pb_column][et_pb_column type=”1_2″ _builder_version=”4.6.0″ _module_preset=”default” custom_padding=”|||0px|false|false”][et_pb_image src=”https://staging.avatao.martengartner.com/wp-content/uploads/api-security-training-for-developers.png” alt=”api security training” title_text=”api security training for developers” align=”center” _builder_version=”4.9.10″ _module_preset=”default” width=”60%” custom_margin=”30px||50px||false|false” custom_margin_tablet=”0px||0px||false|false” custom_margin_phone=”” custom_margin_last_edited=”on|tablet”][/et_pb_image][/et_pb_column][/et_pb_row][et_pb_row make_equal=”on” custom_padding_last_edited=”on|phone” _builder_version=”4.9.10″ background_color=”RGBA(0,0,0,0)” width=”100%” max_width=”1445px” max_width_tablet=”” max_width_phone=”120%” max_width_last_edited=”on|phone” custom_margin=”-30px||-30px||false|false” custom_margin_tablet=”0px||||false|false” custom_margin_phone=”-30px||||false|false” custom_margin_last_edited=”on|phone” custom_padding=”|260px||260px|false|true” custom_padding_tablet=”|50px||50px|false|true” custom_padding_phone=”|33px||33px|false|true” locked=”off”][et_pb_column type=”4_4″ _builder_version=”4.9.10″ background_color=”rgba(255,255,255,0.1)” background_enable_image=”off” background_size=”initial” background_position=”top_right” custom_padding=”35px|30px|0px|30px|false|true” custom_padding_tablet=”30px||30px||true|true” custom_padding_phone=”|20px||20px|true|true” custom_padding_last_edited=”on|desktop” border_radii=”on|15px|15px|15px|15px” box_shadow_style=”preset1″ box_shadow_color=”rgba(12,113,195,0.13)”][et_pb_blurb title=”1. Broken object level authorization” content_max_width=”768px” content_tablet=”
Broken object level authentication is the cause for almost half of API-related threats. The attackers will change their own ID into another user’s ID in the API request, and without proper authorization checks are able to access sensitive data.
” content_phone=”
Broken object level authentication is the cause for almost half of API-related threats. The attackers will change their own ID into another user’s ID in the API request, and without proper authorization checks are able to access sensitive data.
” content_last_edited=”on|phone” _builder_version=”4.9.10″ header_level=”h3″ header_font=”Barlow|800|||||||” header_text_align=”left” header_text_color=”#FFFFFF” header_font_size=”30px” header_line_height=”1.3em” body_font=”Barlow|300|||||||” body_text_align=”justify” body_text_color=”#FFFFFF” body_font_size=”20px” body_line_height=”1.3em” body_ul_line_height=”1.5em” background_color=”rgba(0,0,0,0)” background_enable_image=”off” background_size=”contain” background_position=”bottom_right” module_alignment=”center” min_height=”180px” custom_margin=”-20px||0px||false|false” custom_margin_tablet=”” custom_margin_phone=”||0px||false|false” custom_margin_last_edited=”on|phone” custom_padding=”0px|1px||0px|false|false” animation=”off” header_font_size_tablet=”” header_font_size_phone=”26px” header_font_size_last_edited=”on|phone” body_font_size_tablet=”” body_font_size_phone=”17px” body_font_size_last_edited=”on|phone” body_letter_spacing_tablet=”” body_letter_spacing_phone=”” body_letter_spacing_last_edited=”on|desktop” custom_css_blurb_content=”||” border_width_all=”13px” border_color_all=”rgba(0,0,0,0)” locked=”off”]
Broken object level authentication is the cause for almost half of API-related threats. The attackers will change their own ID into another user’s ID in the API request, and without proper authorization checks are able to access sensitive data.
[/et_pb_blurb][/et_pb_column][/et_pb_row][et_pb_row make_equal=”on” custom_padding_last_edited=”on|phone” _builder_version=”4.9.10″ background_enable_color=”off” width=”100%” max_width=”1445px” max_width_tablet=”” max_width_phone=”120%” max_width_last_edited=”on|phone” custom_margin=”0px||-30px||false|false” custom_margin_tablet=”” custom_margin_phone=”-30px||||false|false” custom_margin_last_edited=”on|phone” custom_padding=”|260px||260px|false|true” custom_padding_tablet=”|50px||50px|false|true” custom_padding_phone=”|33px||33px|false|true” locked=”off”][et_pb_column type=”4_4″ _builder_version=”4.9.10″ background_color=”rgba(255,255,255,0.1)” background_enable_image=”off” background_size=”initial” background_position=”top_right” custom_padding=”35px|30px|0px|30px|false|true” custom_padding_tablet=”30px||30px||true|true” custom_padding_phone=”|20px||20px|true|true” custom_padding_last_edited=”on|desktop” border_radii=”on|15px|15px|15px|15px” box_shadow_style=”preset1″ box_shadow_color=”rgba(12,113,195,0.13)”][et_pb_blurb title=”2. Broken authentication” content_max_width=”768px” content_tablet=”
Broken authentication in API allows an attacker to use stolen credentials, authentication tokens, and brute-force attacks to assume other users’ identities.
” content_phone=”
Broken authentication in API allows an attacker to use stolen credentials, authentication tokens, and brute-force attacks to assume other users’ identities.
” content_last_edited=”on|phone” disabled_on=”off|off|off” _builder_version=”4.9.10″ header_level=”h3″ header_font=”Barlow|800|||||||” header_text_align=”left” header_text_color=”#FFFFFF” header_font_size=”30px” header_line_height=”1.3em” body_font=”Barlow|300|||||||” body_text_align=”justify” body_text_color=”#FFFFFF” body_font_size=”20px” body_line_height=”1.3em” body_ul_line_height=”1.5em” background_color=”rgba(0,0,0,0)” background_enable_image=”off” background_size=”contain” background_position=”bottom_right” module_alignment=”center” min_height=”180px” custom_margin=”-20px||-25px||false|false” custom_margin_tablet=”” custom_margin_phone=”||0px||false|false” custom_margin_last_edited=”on|phone” custom_padding=”0px|1px||0px|false|false” animation=”off” header_font_size_tablet=”” header_font_size_phone=”26px” header_font_size_last_edited=”on|phone” body_font_size_tablet=”” body_font_size_phone=”17px” body_font_size_last_edited=”on|phone” body_letter_spacing_tablet=”” body_letter_spacing_phone=”” body_letter_spacing_last_edited=”on|desktop” custom_css_blurb_content=”||” border_width_all=”13px” border_color_all=”rgba(0,0,0,0)” locked=”off”]
Broken authentication in API allows an attacker to use stolen credentials, authentication tokens, and brute-force attacks to assume other users’ identities.
[/et_pb_blurb][/et_pb_column][/et_pb_row][et_pb_row make_equal=”on” custom_padding_last_edited=”on|phone” _builder_version=”4.9.10″ background_enable_color=”off” width=”100%” max_width=”1445px” max_width_tablet=”” max_width_phone=”120%” max_width_last_edited=”on|phone” custom_margin=”-30px||-30px||false|false” custom_margin_tablet=”” custom_margin_phone=”-30px||||false|false” custom_margin_last_edited=”on|phone” custom_padding=”|260px||260px|false|true” custom_padding_tablet=”|50px||50px|false|true” custom_padding_phone=”|33px||33px|false|true” locked=”off”][et_pb_column type=”4_4″ _builder_version=”4.9.10″ background_color=”rgba(255,255,255,0.1)” background_enable_image=”off” background_size=”initial” background_position=”top_right” custom_padding=”35px|30px|0px|30px|false|true” custom_padding_tablet=”30px||30px||true|true” custom_padding_phone=”|20px||20px|true|true” custom_padding_last_edited=”on|desktop” border_radii=”on|15px|15px|15px|15px” box_shadow_style=”preset1″ box_shadow_color=”rgba(12,113,195,0.13)”][et_pb_blurb title=”3. Excessive data exposure” content_max_width=”768px” content_tablet=”
When the API provides more data than the client needs, an attacker can use this “useless” data to further exploitations.
” content_phone=”
When the API provides more data than the client needs, an attacker can use this “useless” data to further exploitations.
” content_last_edited=”on|phone” disabled_on=”off|off|off” _builder_version=”4.9.10″ header_level=”h3″ header_font=”Barlow|800|||||||” header_text_align=”left” header_text_color=”#FFFFFF” header_font_size=”30px” header_line_height=”1.3em” body_font=”Barlow|300|||||||” body_text_align=”justify” body_text_color=”#FFFFFF” body_font_size=”20px” body_line_height=”1.3em” body_ul_line_height=”1.5em” background_color=”rgba(0,0,0,0)” background_enable_image=”off” background_size=”contain” background_position=”bottom_right” module_alignment=”center” min_height=”180px” custom_margin=”-20px||-25px||false|false” custom_margin_tablet=”” custom_margin_phone=”||0px||false|false” custom_margin_last_edited=”on|phone” custom_padding=”0px|1px||0px|false|false” animation=”off” header_font_size_tablet=”” header_font_size_phone=”26px” header_font_size_last_edited=”on|phone” body_font_size_tablet=”” body_font_size_phone=”17px” body_font_size_last_edited=”on|phone” body_letter_spacing_tablet=”” body_letter_spacing_phone=”” body_letter_spacing_last_edited=”on|desktop” custom_css_blurb_content=”||” border_width_all=”13px” border_color_all=”rgba(0,0,0,0)” locked=”off”]
When the API provides more data than the client needs, an attacker can use this “useless” data to further exploitations.
[/et_pb_blurb][/et_pb_column][/et_pb_row][et_pb_row make_equal=”on” custom_padding_last_edited=”on|phone” _builder_version=”4.9.10″ background_enable_color=”off” width=”100%” max_width=”1445px” max_width_tablet=”” max_width_phone=”120%” max_width_last_edited=”on|phone” custom_margin=”0px||-30px||false|false” custom_margin_tablet=”” custom_margin_phone=”-30px||||false|false” custom_margin_last_edited=”on|phone” custom_padding=”|260px||260px|false|true” custom_padding_tablet=”|50px||50px|false|true” custom_padding_phone=”|33px||33px|false|true” locked=”off”][et_pb_column type=”4_4″ _builder_version=”4.9.10″ background_color=”rgba(255,255,255,0.1)” background_enable_image=”off” background_size=”initial” background_position=”top_right” custom_padding=”35px|30px|0px|30px|false|true” custom_padding_tablet=”30px||30px||true|true” custom_padding_phone=”|20px||20px|true|true” custom_padding_last_edited=”on|desktop” border_radii=”on|15px|15px|15px|15px” box_shadow_style=”preset1″ box_shadow_color=”rgba(12,113,195,0.13)”][et_pb_blurb title=”4. Lack of resources and rate limiting” content_max_width=”768px” content_tablet=”
The API needs to be protected against a huge amount of calls or payload sizes. Anyway, the attackers can flood the API with numerous requests and calls. In other words Denial of Service (DoS).
” content_phone=”
The API needs to be protected against a huge amount of calls or payload sizes. Anyway, the attackers can flood the API with numerous requests and calls. In other words Denial of Service (DoS).
” content_last_edited=”on|phone” _builder_version=”4.9.10″ header_level=”h3″ header_font=”Barlow|800|||||||” header_text_align=”left” header_text_color=”#FFFFFF” header_font_size=”30px” header_line_height=”1.3em” body_font=”Barlow|300|||||||” body_text_align=”justify” body_text_color=”#FFFFFF” body_font_size=”20px” body_line_height=”1.3em” body_ul_line_height=”1.5em” background_color=”rgba(0,0,0,0)” background_enable_image=”off” background_size=”contain” background_position=”bottom_right” module_alignment=”center” min_height=”180px” custom_margin=”-20px||0px||false|false” custom_margin_tablet=”” custom_margin_phone=”||0px||false|false” custom_margin_last_edited=”on|phone” custom_padding=”0px|1px||0px|false|false” animation=”off” header_font_size_tablet=”” header_font_size_phone=”26px” header_font_size_last_edited=”on|phone” body_font_size_tablet=”” body_font_size_phone=”17px” body_font_size_last_edited=”on|phone” body_letter_spacing_tablet=”” body_letter_spacing_phone=”” body_letter_spacing_last_edited=”on|desktop” custom_css_blurb_content=”||” border_width_all=”13px” border_color_all=”rgba(0,0,0,0)” locked=”off”]
The API needs to be protected against a huge amount of calls or payload sizes. Anyway, the attackers can flood the API with numerous requests and calls. In other words Denial of Service (DoS).
[/et_pb_blurb][/et_pb_column][/et_pb_row][et_pb_row make_equal=”on” custom_padding_last_edited=”on|phone” _builder_version=”4.9.10″ background_enable_color=”off” width=”100%” max_width=”1445px” max_width_tablet=”” max_width_phone=”120%” max_width_last_edited=”on|phone” custom_margin=”0px||-30px||false|false” custom_margin_tablet=”” custom_margin_phone=”-30px||||false|false” custom_margin_last_edited=”on|phone” custom_padding=”|260px||260px|false|true” custom_padding_tablet=”|50px||50px|false|true” custom_padding_phone=”|33px||33px|false|true” locked=”off”][et_pb_column type=”4_4″ _builder_version=”4.9.10″ background_color=”rgba(255,255,255,0.1)” background_enable_image=”off” background_size=”initial” background_position=”top_right” custom_padding=”35px|30px|0px|30px|false|true” custom_padding_tablet=”30px||30px||true|true” custom_padding_phone=”|20px||20px|true|true” custom_padding_last_edited=”on|desktop” border_radii=”on|15px|15px|15px|15px” box_shadow_style=”preset1″ box_shadow_color=”rgba(12,113,195,0.13)”][et_pb_blurb title=”5. Broken function level authorization” content_max_width=”768px” content_tablet=”
If the API authorization is poorly implemented, attackers can find a way to use admin-level API paths to add, update, or delete customer records or user roles.
” content_phone=”
If the API authorization is poorly implemented, attackers can find a way to use admin-level API paths to add, update, or delete customer records or user roles.
” content_last_edited=”on|phone” _builder_version=”4.9.10″ header_level=”h3″ header_font=”Barlow|800|||||||” header_text_align=”left” header_text_color=”#FFFFFF” header_font_size=”30px” header_line_height=”1.3em” body_font=”Barlow|300|||||||” body_text_align=”justify” body_text_color=”#FFFFFF” body_font_size=”20px” body_line_height=”1.3em” body_ul_line_height=”1.5em” background_color=”rgba(0,0,0,0)” background_enable_image=”off” background_size=”contain” background_position=”bottom_right” module_alignment=”center” min_height=”180px” custom_margin=”-20px||-20px||false|false” custom_margin_tablet=”” custom_margin_phone=”||0px||false|false” custom_margin_last_edited=”on|phone” custom_padding=”0px|1px||0px|false|false” animation=”off” header_font_size_tablet=”” header_font_size_phone=”26px” header_font_size_last_edited=”on|phone” body_font_size_tablet=”” body_font_size_phone=”17px” body_font_size_last_edited=”on|phone” body_letter_spacing_tablet=”” body_letter_spacing_phone=”” body_letter_spacing_last_edited=”on|desktop” custom_css_blurb_content=”||” border_width_all=”13px” border_color_all=”rgba(0,0,0,0)” locked=”off”]
If the API authorization is poorly implemented, attackers can find a way to use admin-level API paths to add, update, or delete customer records or user roles.
[/et_pb_blurb][/et_pb_column][/et_pb_row][et_pb_row make_equal=”on” custom_padding_last_edited=”on|phone” _builder_version=”4.9.10″ background_enable_color=”off” width=”100%” max_width=”1445px” max_width_tablet=”” max_width_phone=”120%” max_width_last_edited=”on|phone” custom_margin=”0px||-30px||false|false” custom_margin_tablet=”” custom_margin_phone=”-30px||||false|false” custom_margin_last_edited=”on|phone” custom_padding=”|260px||260px|false|true” custom_padding_tablet=”|50px||50px|false|true” custom_padding_phone=”|33px||33px|false|true” locked=”off”][et_pb_column type=”4_4″ _builder_version=”4.9.10″ background_color=”rgba(255,255,255,0.1)” background_enable_image=”off” background_size=”initial” background_position=”top_right” custom_padding=”35px|30px|0px|30px|false|true” custom_padding_tablet=”30px||30px||true|true” custom_padding_phone=”|20px||20px|true|true” custom_padding_last_edited=”on|desktop” border_radii=”on|15px|15px|15px|15px” box_shadow_style=”preset1″ box_shadow_color=”rgba(12,113,195,0.13)”][et_pb_blurb title=”6. Mass assignment” content_max_width=”768px” content_tablet=”
When the API consumes input data directly without proper filtering and writes it to the business logic, the API is vulnerable to mass assignment. The attackers can try to find out critical data properties or provide additional ones that can lead to privilege escalation.
” content_phone=”
When the API consumes input data directly without proper filtering and writes it to the business logic, the API is vulnerable to mass assignment. The attackers can try to find out critical data properties or provide additional ones that can lead to privilege escalation.
” content_last_edited=”on|phone” _builder_version=”4.9.10″ header_level=”h3″ header_font=”Barlow|800|||||||” header_text_align=”left” header_text_color=”#FFFFFF” header_font_size=”30px” header_line_height=”1.3em” body_font=”Barlow|300|||||||” body_text_align=”justify” body_text_color=”#FFFFFF” body_font_size=”20px” body_line_height=”1.3em” body_ul_line_height=”1.5em” background_color=”rgba(0,0,0,0)” background_enable_image=”off” background_size=”contain” background_position=”bottom_right” module_alignment=”center” min_height=”180px” custom_margin=”-20px||0px||false|false” custom_margin_tablet=”” custom_margin_phone=”||0px||false|false” custom_margin_last_edited=”on|phone” custom_padding=”0px|1px||0px|false|false” animation=”off” header_font_size_tablet=”” header_font_size_phone=”26px” header_font_size_last_edited=”on|phone” body_font_size_tablet=”” body_font_size_phone=”17px” body_font_size_last_edited=”on|phone” body_letter_spacing_tablet=”” body_letter_spacing_phone=”” body_letter_spacing_last_edited=”on|desktop” custom_css_blurb_content=”||” border_width_all=”13px” border_color_all=”rgba(0,0,0,0)” locked=”off”]
When the API consumes input data directly without proper filtering and writes it to the business logic, the API is vulnerable to mass assignment. The attackers can try to find out critical data properties or provide additional ones that can lead to privilege escalation.
[/et_pb_blurb][/et_pb_column][/et_pb_row][et_pb_row make_equal=”on” custom_padding_last_edited=”on|phone” _builder_version=”4.9.10″ background_enable_color=”off” width=”100%” max_width=”1445px” max_width_tablet=”” max_width_phone=”120%” max_width_last_edited=”on|phone” custom_margin=”0px||-30px||false|false” custom_margin_tablet=”” custom_margin_phone=”-30px||||false|false” custom_margin_last_edited=”on|phone” custom_padding=”|260px||260px|false|true” custom_padding_tablet=”|50px||50px|false|true” custom_padding_phone=”|33px||33px|false|true” locked=”off”][et_pb_column type=”4_4″ _builder_version=”4.9.10″ background_color=”rgba(255,255,255,0.1)” background_enable_image=”off” background_size=”initial” background_position=”top_right” custom_padding=”35px|30px|0px|30px|false|true” custom_padding_tablet=”30px||30px||true|true” custom_padding_phone=”|20px||20px|true|true” custom_padding_last_edited=”on|desktop” border_radii=”on|15px|15px|15px|15px” box_shadow_style=”preset1″ box_shadow_color=”rgba(12,113,195,0.13)”][et_pb_blurb title=”7. Security misconfiguration” content_max_width=”768px” content_tablet=”
There are numerous kinds of security misconfigurations like incomplete and ad-hoc, default API configurations, which can negatively impact API security and create vulnerable surfaces in the API.
” content_phone=”
There are numerous kinds of security misconfigurations like incomplete and ad-hoc, default API configurations, which can negatively impact API security and create vulnerable surfaces in the API.
” content_last_edited=”on|phone” _builder_version=”4.9.10″ header_level=”h3″ header_font=”Barlow|800|||||||” header_text_align=”left” header_text_color=”#FFFFFF” header_font_size=”30px” header_line_height=”1.3em” body_font=”Barlow|300|||||||” body_text_align=”justify” body_text_color=”#FFFFFF” body_font_size=”20px” body_line_height=”1.3em” body_ul_line_height=”1.5em” background_color=”rgba(0,0,0,0)” background_enable_image=”off” background_size=”contain” background_position=”bottom_right” module_alignment=”center” min_height=”180px” custom_margin=”-20px||0px||false|false” custom_margin_tablet=”” custom_margin_phone=”||0px||false|false” custom_margin_last_edited=”on|phone” custom_padding=”0px|1px||0px|false|false” animation=”off” header_font_size_tablet=”” header_font_size_phone=”26px” header_font_size_last_edited=”on|phone” body_font_size_tablet=”” body_font_size_phone=”17px” body_font_size_last_edited=”on|phone” body_letter_spacing_tablet=”” body_letter_spacing_phone=”” body_letter_spacing_last_edited=”on|desktop” custom_css_blurb_content=”||” border_width_all=”13px” border_color_all=”rgba(0,0,0,0)” locked=”off”]
There are numerous kinds of security misconfigurations like incomplete and ad-hoc, default API configurations, which can negatively impact API security and create vulnerable surfaces in the API.
[/et_pb_blurb][/et_pb_column][/et_pb_row][et_pb_row make_equal=”on” custom_padding_last_edited=”on|phone” _builder_version=”4.9.10″ background_enable_color=”off” width=”100%” max_width=”1445px” max_width_tablet=”” max_width_phone=”120%” max_width_last_edited=”on|phone” custom_margin=”0px||-30px||false|false” custom_margin_tablet=”” custom_margin_phone=”-30px||||false|false” custom_margin_last_edited=”on|phone” custom_padding=”|260px||260px|false|true” custom_padding_tablet=”|50px||50px|false|true” custom_padding_phone=”|33px||33px|false|true” locked=”off”][et_pb_column type=”4_4″ _builder_version=”4.9.10″ background_color=”rgba(255,255,255,0.1)” background_enable_image=”off” background_size=”initial” background_position=”top_right” custom_padding=”35px|30px|0px|30px|false|true” custom_padding_tablet=”30px||30px||true|true” custom_padding_phone=”|20px||20px|true|true” custom_padding_last_edited=”on|desktop” border_radii=”on|15px|15px|15px|15px” box_shadow_style=”preset1″ box_shadow_color=”rgba(12,113,195,0.13)”][et_pb_blurb title=”8. Injection” content_max_width=”768px” content_tablet=”
The well-known vulnerability among IT developers is the injection. The attacker creates a malicious input that the API forwards blindly to an internal interpreter like SQL, NoSQL, LDAP, etc.
” content_phone=”
The well-known vulnerability among IT developers is the injection. The attacker creates a malicious input that the API forwards blindly to an internal interpreter like SQL, NoSQL, LDAP, etc.
” content_last_edited=”on|phone” _builder_version=”4.9.10″ header_level=”h3″ header_font=”Barlow|800|||||||” header_text_align=”left” header_text_color=”#FFFFFF” header_font_size=”30px” header_line_height=”1.3em” body_font=”Barlow|300|||||||” body_text_align=”justify” body_text_color=”#FFFFFF” body_font_size=”20px” body_line_height=”1.3em” body_ul_line_height=”1.5em” background_color=”rgba(0,0,0,0)” background_enable_image=”off” background_size=”contain” background_position=”bottom_right” module_alignment=”center” min_height=”180px” custom_margin=”-20px||-15px||false|false” custom_margin_tablet=”” custom_margin_phone=”||0px||false|false” custom_margin_last_edited=”on|phone” custom_padding=”0px|1px||0px|false|false” animation=”off” header_font_size_tablet=”” header_font_size_phone=”26px” header_font_size_last_edited=”on|phone” body_font_size_tablet=”” body_font_size_phone=”17px” body_font_size_last_edited=”on|phone” body_letter_spacing_tablet=”” body_letter_spacing_phone=”” body_letter_spacing_last_edited=”on|desktop” custom_css_blurb_content=”||” border_width_all=”13px” border_color_all=”rgba(0,0,0,0)” locked=”off”]
The well-known vulnerability among IT developers is the injection. The attacker creates a malicious input that the API forwards blindly to an internal interpreter like SQL, NoSQL, LDAP, etc.
[/et_pb_blurb][/et_pb_column][/et_pb_row][et_pb_row make_equal=”on” custom_padding_last_edited=”on|phone” _builder_version=”4.9.10″ background_enable_color=”off” width=”100%” max_width=”1445px” max_width_tablet=”” max_width_phone=”120%” max_width_last_edited=”on|phone” custom_margin=”0px||-30px||false|false” custom_margin_tablet=”” custom_margin_phone=”-30px||||false|false” custom_margin_last_edited=”on|phone” custom_padding=”|260px||260px|false|true” custom_padding_tablet=”|50px||50px|false|true” custom_padding_phone=”|33px||33px|false|true” locked=”off”][et_pb_column type=”4_4″ _builder_version=”4.9.10″ background_color=”rgba(255,255,255,0.1)” background_enable_image=”off” background_size=”initial” background_position=”top_right” custom_padding=”35px|30px|0px|30px|false|true” custom_padding_tablet=”30px||30px||true|true” custom_padding_phone=”|20px||20px|true|true” custom_padding_last_edited=”on|desktop” border_radii=”on|15px|15px|15px|15px” box_shadow_style=”preset1″ box_shadow_color=”rgba(12,113,195,0.13)”][et_pb_blurb title=”9. Improper assests management” content_max_width=”768px” content_tablet=”
Attackers find outdated or incomplete versions of the API like staging, beta, and test versions, which suffer from a lack of protection not like the original API in the production. The attackers can use these versions to exploit vulnerabilities.
” content_phone=”
Attackers find outdated or incomplete versions of the API like staging, beta, and test versions, which suffer from a lack of protection not like the original API in the production. The attackers can use these versions to exploit vulnerabilities.
” content_last_edited=”on|phone” _builder_version=”4.9.10″ header_level=”h3″ header_font=”Barlow|800|||||||” header_text_align=”left” header_text_color=”#FFFFFF” header_font_size=”30px” header_line_height=”1.3em” body_font=”Barlow|300|||||||” body_text_align=”justify” body_text_color=”#FFFFFF” body_font_size=”20px” body_line_height=”1.3em” body_ul_line_height=”1.5em” background_color=”rgba(0,0,0,0)” background_enable_image=”off” background_size=”contain” background_position=”bottom_right” module_alignment=”center” min_height=”180px” custom_margin=”-20px||0px||false|false” custom_margin_tablet=”” custom_margin_phone=”||0px||false|false” custom_margin_last_edited=”on|phone” custom_padding=”0px|1px||0px|false|false” animation=”off” header_font_size_tablet=”” header_font_size_phone=”26px” header_font_size_last_edited=”on|phone” body_font_size_tablet=”” body_font_size_phone=”17px” body_font_size_last_edited=”on|phone” body_letter_spacing_tablet=”” body_letter_spacing_phone=”” body_letter_spacing_last_edited=”on|desktop” custom_css_blurb_content=”||” border_width_all=”13px” border_color_all=”rgba(0,0,0,0)” locked=”off”]
Attackers find outdated or incomplete versions of the API like staging, beta, and test versions, which suffer from a lack of protection not like the original API in the production. The attackers can use these versions to exploit vulnerabilities.
[/et_pb_blurb][/et_pb_column][/et_pb_row][et_pb_row make_equal=”on” custom_padding_last_edited=”on|phone” _builder_version=”4.9.10″ background_enable_color=”off” width=”100%” max_width=”1445px” max_width_tablet=”” max_width_phone=”120%” max_width_last_edited=”on|phone” custom_margin=”0px||-10px||false|false” custom_margin_tablet=”” custom_margin_phone=”-30px||||false|false” custom_margin_last_edited=”on|phone” custom_padding=”|260px||260px|false|true” custom_padding_tablet=”|50px||50px|false|true” custom_padding_phone=”|33px||33px|false|true” locked=”off”][et_pb_column type=”4_4″ _builder_version=”4.9.10″ background_color=”rgba(255,255,255,0.1)” background_enable_image=”off” background_size=”initial” background_position=”top_right” custom_padding=”35px|30px|0px|30px|false|true” custom_padding_tablet=”30px||30px||true|true” custom_padding_phone=”|20px||20px|true|true” custom_padding_last_edited=”on|desktop” border_radii=”on|15px|15px|15px|15px” box_shadow_style=”preset1″ box_shadow_color=”rgba(12,113,195,0.13)”][et_pb_blurb title=”10. Insufficient logging and monitoring” content_max_width=”768px” content_tablet=”
Insufficient logging and monitoring do not make the API vulnerable directly but deprive the opportunity to investigate the possible attacks against the API, so these attacks stay unnoticed.
” content_phone=”
Insufficient logging and monitoring do not make the API vulnerable directly but deprive the opportunity to investigate the possible attacks against the API, so these attacks stay unnoticed.
” content_last_edited=”on|phone” _builder_version=”4.9.10″ header_level=”h3″ header_font=”Barlow|800|||||||” header_text_align=”left” header_text_color=”#FFFFFF” header_font_size=”30px” header_line_height=”1.3em” body_font=”Barlow|300|||||||” body_text_align=”justify” body_text_color=”#FFFFFF” body_font_size=”20px” body_line_height=”1.3em” body_ul_line_height=”1.5em” background_color=”rgba(0,0,0,0)” background_enable_image=”off” background_size=”contain” background_position=”bottom_right” module_alignment=”center” min_height=”180px” custom_margin=”-20px||0px||false|false” custom_margin_tablet=”” custom_margin_phone=”||0px||false|false” custom_margin_last_edited=”on|phone” custom_padding=”0px|1px||0px|false|false” animation=”off” header_font_size_tablet=”” header_font_size_phone=”26px” header_font_size_last_edited=”on|phone” body_font_size_tablet=”” body_font_size_phone=”17px” body_font_size_last_edited=”on|phone” body_letter_spacing_tablet=”” body_letter_spacing_phone=”” body_letter_spacing_last_edited=”on|desktop” custom_css_blurb_content=”||” border_width_all=”13px” border_color_all=”rgba(0,0,0,0)” locked=”off”]
Insufficient logging and monitoring do not make the API vulnerable directly but deprive the opportunity to investigate the possible attacks against the API, so these attacks stay unnoticed.
[/et_pb_blurb][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built=”1″ _builder_version=”4.9.10″ _module_preset=”default” background_color=”#2b3669″][et_pb_row _builder_version=”4.9.10″ _module_preset=”default” width=”82%” max_width=”1665px” custom_margin=”-60px||-10px||false|false”][et_pb_column type=”4_4″ _builder_version=”4.5.1″ _module_preset=”default”][et_pb_text _builder_version=”4.9.10″ header_font=”Barlow|800|||||||” header_font_size=”50px” header_line_height=”1.3em” header_2_font=”|800|||||||” header_2_font_size=”50px” text_orientation=”right” background_layout=”dark” module_alignment=”right” custom_margin=”35px|0px|0px|0px|false|false” custom_padding=”0px|25px|0px|0px|false|false” header_font_size_tablet=”” header_font_size_phone=”” header_font_size_last_edited=”on|desktop” header_2_font_size_tablet=”” header_2_font_size_phone=”40px” header_2_font_size_last_edited=”on|tablet” locked=”off”]
Get started with API security training
[/et_pb_text][et_pb_text _builder_version=”4.9.10″ text_font=”Barlow|500|||||||” text_text_color=”#ffffff” text_font_size=”16px” text_line_height=”1.9em” header_5_font_size=”20px” header_5_line_height=”1.3em” background_layout=”dark” width=”95.8%” custom_margin=”0px|-59px|0px|0px|false|false” custom_padding=”30px|0px|30px||false|false” hover_enabled=”0″ locked=”off” sticky_enabled=”0″]
Start onboarding your team right away and introduce API Security security training to your company efficiently.
[/et_pb_text][et_pb_button button_url=”@ET-DC@eyJkeW5hbWljIjp0cnVlLCJjb250ZW50IjoicG9zdF9saW5rX3VybF9wYWdlIiwic2V0dGluZ3MiOnsicG9zdF9pZCI6IjI5OTQzIn19@” button_text=”Choose your plan” button_alignment=”center” module_id=”demo-java-footer” module_class=”avataoevent_contact-cta_security-OWASP_click” _builder_version=”4.9.10″ custom_button=”on” button_text_size=”22px” button_text_color=”#2b3669″ button_bg_color=”#3dffdb” button_border_width=”2px” button_border_color=”RGBA(0,0,0,0)” button_border_radius=”14px” button_letter_spacing=”1px” button_font=”Barlow|700|||||||” button_use_icon=”off” background_layout=”dark” custom_margin=”0px|25px|-10px|0px|false|false” custom_margin_tablet=”” custom_margin_phone=”0px|0px||0px|false|false” custom_margin_last_edited=”on|phone” custom_padding=”5px|56px|5px|56px|true|true” animation_style=”zoom” animation_delay=”100ms” animation_intensity_zoom=”10%” hover_enabled=”0″ button_text_size_last_edited=”off|phone” button_text_color_tablet=”” button_text_color_phone=”” button_text_color_last_edited=”on|phone” box_shadow_style=”preset2″ box_shadow_color=”rgba(42,50,76,0.21)” button_letter_spacing_hover=”2px” locked=”off” button_text_size__hover_enabled=”off” button_text_size__hover=”null” button_one_text_size__hover_enabled=”off” button_one_text_size__hover=”null” button_two_text_size__hover_enabled=”off” button_two_text_size__hover=”null” button_text_color__hover_enabled=”off” button_text_color__hover=”null” button_one_text_color__hover_enabled=”off” button_one_text_color__hover=”null” button_two_text_color__hover_enabled=”off” button_two_text_color__hover=”null” button_border_width__hover_enabled=”off” button_border_width__hover=”null” button_one_border_width__hover_enabled=”off” button_one_border_width__hover=”null” button_two_border_width__hover_enabled=”off” button_two_border_width__hover=”null” button_border_color__hover_enabled=”off” button_border_color__hover=”null” button_one_border_color__hover_enabled=”off” button_one_border_color__hover=”null” button_two_border_color__hover_enabled=”off” button_two_border_color__hover=”null” button_border_radius__hover_enabled=”off” button_border_radius__hover=”null” button_one_border_radius__hover_enabled=”off” button_one_border_radius__hover=”null” button_two_border_radius__hover_enabled=”off” button_two_border_radius__hover=”null” button_letter_spacing__hover_enabled=”on” button_letter_spacing__hover=”2px” button_one_letter_spacing__hover_enabled=”off” button_one_letter_spacing__hover=”null” button_two_letter_spacing__hover_enabled=”off” button_two_letter_spacing__hover=”null” button_bg_color__hover_enabled=”off” button_bg_color__hover=”null” button_one_bg_color__hover_enabled=”off” button_one_bg_color__hover=”null” button_two_bg_color__hover_enabled=”off” button_two_bg_color__hover=”null” _dynamic_attributes=”button_url” sticky_enabled=”0″][/et_pb_button][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built=”1″ admin_label=”Footer” _builder_version=”4.9.10″ background_color=”#2b3669″ positioning=”none” vertical_offset=”1000px” horizontal_offset=”0px” position_origin_a_tablet=”” position_origin_a_phone=”” position_origin_a_last_edited=”on|desktop” position_origin_f_tablet=”” position_origin_f_phone=”” position_origin_f_last_edited=”on|desktop” position_origin_r_tablet=”” position_origin_r_phone=”” position_origin_r_last_edited=”on|desktop” width=”100%” min_height=”378px” overflow-x=”hidden” overflow-y=”hidden” custom_margin=”0px||0px||false|false” custom_margin_tablet=”” custom_margin_phone=”” custom_margin_last_edited=”on|phone” custom_padding=”0px||||false|false” positioning_tablet=”” positioning_phone=”” positioning_last_edited=”on|phone” global_module=”2141″ saved_tabs=”all” locked=”off”][et_pb_row column_structure=”1_5,1_5,1_5,1_5,1_5″ _builder_version=”4.9.10″ width=”86%” max_width=”1288px” custom_margin=”30px||30px||false|false” custom_padding=”10px||0px||false|false” locked=”off”][et_pb_column type=”1_5″ _builder_version=”4.4.5″][et_pb_image src=”https://staging.avatao.martengartner.com/wp-content/uploads/avatao-logo-white.png” alt=”avatao” title_text=”avatao logo white” show_bottom_space=”off” align_tablet=”” align_phone=”center” align_last_edited=”on|phone” _builder_version=”4.9.10″ width_tablet=”65%” width_phone=”50%” width_last_edited=”on|tablet” custom_margin=”60px||0px||false|false” custom_margin_tablet=”||30px||false|false” custom_margin_phone=”||60px||false|false” custom_margin_last_edited=”on|phone” custom_padding=”0px||0px||false|false”][/et_pb_image][et_pb_text _builder_version=”4.9.10″ text_text_color=”#FFFFFF” custom_margin=”20px||0px||false|false” custom_padding=”||15px||false|false” text_orientation_tablet=”” text_orientation_phone=”center” text_orientation_last_edited=”on|phone”]
Follow us
[/et_pb_text][et_pb_social_media_follow admin_label=”Social Media Follow” _builder_version=”4.6.0″ text_orientation_tablet=”” text_orientation_phone=”center” text_orientation_last_edited=”on|phone”][et_pb_social_media_follow_network social_network=”linkedin” url=”https://www.linkedin.com/company/avatao/” _builder_version=”4.5.1″ background_color=”#007bb6″ follow_button=”off” url_new_window=”on”]linkedin[/et_pb_social_media_follow_network][et_pb_social_media_follow_network social_network=”twitter” url=”https://twitter.com/theavatao” _builder_version=”4.5.1″ background_color=”#00aced” follow_button=”off” url_new_window=”on”]twitter[/et_pb_social_media_follow_network][et_pb_social_media_follow_network social_network=”facebook” url=”https://www.facebook.com/theavatao/” _builder_version=”4.5.1″ background_color=”#3b5998″ follow_button=”off” url_new_window=”on”]facebook[/et_pb_social_media_follow_network][et_pb_social_media_follow_network social_network=”instagram” url=”https://www.instagram.com/theavatao/” _builder_version=”4.6.0″ _module_preset=”default” background_color=”#ea2c59″ follow_button=”off” url_new_window=”on”]instagram[/et_pb_social_media_follow_network][/et_pb_social_media_follow][et_pb_text _builder_version=”4.9.10″ text_text_color=”#FFFFFF” text_orientation_tablet=”” text_orientation_phone=”center” text_orientation_last_edited=”on|phone”]
Copyright © 2024 Avatao
[/et_pb_text][/et_pb_column][et_pb_column type=”1_5″ _builder_version=”4.4.8″ custom_padding=”|||10px|false|false”][et_pb_text ul_type=”none” ul_item_indent=”1px” content_tablet=”” content_phone=”
Secure coding training
.
” content_last_edited=”on|phone” disabled_on=”off|off|off” _builder_version=”4.9.10″ text_font=”Barlow||||||||” text_text_color=”#FFFFFF” text_line_height=”1.8em” link_text_color=”#474747″ ul_line_height=”2em” header_font=”Barlow||||||||” header_text_color=”#FFFFFF” header_2_text_color=”#FFFFFF” header_3_font=”Ubuntu|700|||||||” header_3_text_color=”#FFFFFF” header_3_line_height=”1.5em” custom_margin=”50px|0px|||false|false” custom_margin_tablet=”” custom_margin_phone=”||-70px||false|false” custom_margin_last_edited=”on|phone” custom_padding=”|0px||0px|false|false” text_font_size_tablet=”” text_font_size_phone=”14px” text_font_size_last_edited=”on|phone” locked=”off”]
Secure coding training
[/et_pb_text][/et_pb_column][et_pb_column type=”1_5″ _builder_version=”4.4.5″][et_pb_text ul_type=”none” ul_item_indent=”1px” content_tablet=”
Secure coding training
Company
” content_phone=”
Resources
.
” content_last_edited=”on|phone” disabled_on=”off|off|off” _builder_version=”4.9.10″ text_font=”Barlow||||||||” text_line_height=”1.8em” link_text_color=”#474747″ ul_line_height=”2em” header_font=”Barlow||||||||” header_2_text_color=”#000000″ header_3_font=”Ubuntu|700|||||||” header_3_text_color=”#FFFFFF” header_3_line_height=”1.5em” custom_margin=”50px|0px|50px||true|false” custom_margin_tablet=”” custom_margin_phone=”90px||-70px||false|false” custom_margin_last_edited=”on|phone” custom_padding=”|0px||0px|false|false” text_font_size_tablet=”” text_font_size_phone=”14px” text_font_size_last_edited=”on|phone” locked=”off”]
Resources
[/et_pb_text][/et_pb_column][et_pb_column type=”1_5″ _builder_version=”4.4.5″][et_pb_text ul_type=”none” ul_item_indent=”1px” content_tablet=”
Resources
About
Terms of Service & Privacy Policy
Vulnerability Disclosure Policy
” content_phone=”
Company
” content_last_edited=”on|phone” disabled_on=”off|off|off” _builder_version=”4.9.10″ text_font=”Barlow||||||||” text_text_color=”#FFFFFF” text_line_height=”1.8em” link_text_color=”#474747″ ul_line_height=”2em” header_font=”Barlow||||||||” header_2_text_color=”#000000″ header_3_font=”Ubuntu|700|||||||” header_3_text_color=”#FFFFFF” header_3_line_height=”1.5em” custom_margin=”50px|0px|||false|false” custom_margin_tablet=”” custom_margin_phone=”90px|0px|||false|false” custom_margin_last_edited=”on|phone” custom_padding=”|0px||0px|false|false” text_font_size_tablet=”” text_font_size_phone=”14px” text_font_size_last_edited=”on|phone” locked=”off”]
Company
[/et_pb_text][/et_pb_column][et_pb_column type=”1_5″ _builder_version=”4.4.5″][et_pb_text ul_type=”none” ul_item_indent=”1px” content_tablet=”” content_phone=”
About
Terms of Service & Privacy Policy
Vulnerability Disclosure Policy
” content_last_edited=”on|phone” disabled_on=”off|off|off” _builder_version=”4.9.10″ text_font=”Barlow||||||||” text_text_color=”#FFFFFF” text_line_height=”1.8em” link_text_color=”#474747″ ul_line_height=”2em” header_font=”Barlow||||||||” header_2_text_color=”#000000″ header_3_font=”Ubuntu|700|||||||” header_3_text_color=”#FFFFFF” header_3_line_height=”1.5em” custom_margin=”50px|0px|||false|false” custom_margin_tablet=”” custom_margin_phone=”20px||||false|false” custom_margin_last_edited=”on|phone” custom_padding=”|0px||0px|false|false” text_font_size_tablet=”” text_font_size_phone=”14px” text_font_size_last_edited=”on|phone” locked=”off”]
About
Terms of Service & Privacy Policy
Vulnerability Disclosure Policy
[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section]