Development of Vulnerable Web Application Based on OWASP API Security Risks
Muhammad Zaffwan Idris, Iwan Syarif, Idris Winarno
Abstract
APIs are critical for digital transformation as well as the establishment and development of new business models. They are the foundation of application economics which allows for quicker, better, and less expensive development. In security perspective, OWASP released its first API security report in 2019 which finally differentiate the security risk categories between API and web application. In recent years, there have been many incidents of cyber attacks related to API, while the implementation of the API itself is growing in popularity among organizations. Therefore, the need to understand APIs from a security perspective should be taken seriously and considered as an integral part of the software development life cycle. In this research, we proposed an API security learning environment called Vulnerable Academic Information System (VAIS) based on the OWASP API Security Risks with containerization deployment plan and gamification technique to provide a fun yet challenging environment for people in understanding the API security in a legal environment.