Menu Icon

Cobalt Vulnerability Wiki

Cobalt Vulnerability Wiki

Categories

Toggle Arrow IconV2 - AuthenticationToggle Arrow IconV3 - Session ManagementToggle Arrow IconV4 - Access ControlToggle Arrow IconV5 - Validation/SanitizationToggle Arrow IconV6 - CryptographyToggle Arrow IconV7 - Error LoggingToggle Arrow IconV8 - Data ProtectionToggle Arrow IconV9 - CommunicationsToggle Arrow IconV10 - Malicious CodeToggle Arrow IconV11 - Business LogicToggle Arrow IconV12 - Files ResourcesToggle Arrow IconV13 - API
Toggle Arrow IconV14 - Config
Arrow Left

V13 - API

Ensure that a verified application that uses trusted service layer APIs (commonly using JSON or XML or GraphQL) has:


• Adequate authentication, session management and authorization of all web services.


• Input validation of all parameters that transit from a lower to higher trust level.


• Effective security controls for all API types, including cloud and Serverless API


Please read this chapter in combination with all other chapters at this same level; we no longer duplicate authentication or API session management concerns.


Ready to get started?

our platformschedule a demo
Aircall logoAlgolia logoCangageCredit KarmaDattoEgnyteHubspotMovinimageMulesoftPendoSentaraSmarshSnowSolarisTalkdeskVerifoneKubraAxel SpringerNuna

Join some of these great clients we're proud to have helped