Surface 05
Application & API
What lives here
Custom-built applications, public and internal APIs, source code repositories, build pipelines.
Primary threats
- injection
- broken auth
- business-logic abuse
- API abuse
- vulnerability backlog
Defensive categories
- AppSec
- API security
- ASPM
- WAF
- SCA