Merge tag 'v0.2.1' into develop

v0.2.1

* Update API3:2019 description

Author: PauloASilva

2019/en/dist/owasp-api-security-top-10.odt

@@ -5,7 +5,7 @@ OWASP Top 10 API Security Risks – 2019
 | ---- | ----------- |
 | API1:2019 - Broken Object Level Authorization | APIs tend to expose endpoints that handle object identifiers, creating a wide attack surface Level Access Control issue. Object level authorization checks should be considered in every function that accesses a data source using an input from the user. |
 | API2:2019 - Broken User Authentication | Authentication mechanisms are often implemented incorrectly, allowing attackers to compromise authentication tokens or to exploit implementation flaws to assume other user's identities temporarily or permanently. Compromising system's ability to identify the client/user, compromises API security overall. |
-| API3:2019 - Excessive Data Exposure | Looking forward to generic implementations, developers tend to expose all object properties without considering their individual sensitivity, relying on clients to perform the data filtering before displaying it to the user. Without controlling the client's state, servers receive more-and-more filters which can be abused to gain access to sensitive data. |
+| API3:2019 - Excessive Data Exposure | Looking forward to generic implementations, developers tend to expose all object properties without considering their individual sensitivity, relying on clients to perform the data filtering before displaying it to the user. |
 | API4:2019 - Lack of Resources & Rate Limiting | Quite often, APIs do not impose any restrictions on the size or number of resources that can be requested by the client/user. Not only can this impact the API server performance, leading to Denial of Service (DoS), but also leaves the door open to authentication flaws such as brute force. |
 | API5:2019 - Broken Function Level Authorization | Complex access control policies with different hierarchies, groups, and roles, and an unclear separation between administrative and regular functions, tend to lead to authorization flaws. By exploiting these issues, attackers gain access to other users’ resources and/or administrative functions. |
 | API6:2019 - Mass Assignment | Binding client provided data (e.g., JSON) to data models, without proper properties filtering based on a whitelist, usually lead to Mass Assignment. Either guessing objects properties, exploring other API endpoints, reading the documentation, or providing additional object properties in request payloads, allows attackers to modify object properties they are not supposed to. |

2019/en/dist/owasp-api-security-top-10.pdf

@@ -1 +1 @@
-0.2.0
+0.2.1