Surface 05

Application & API

What lives here

Custom-built applications, public and internal APIs, source code repositories, build pipelines.

Primary threats
  • injection
  • broken auth
  • business-logic abuse
  • API abuse
  • vulnerability backlog
Defensive categories
  • AppSec
  • API security
  • ASPM
  • WAF
  • SCA