From 6b4e9a747e53d10a1fd3fb0c6a1973eb716e4b6c Mon Sep 17 00:00:00 2001 From: Carlos Souza Date: Sat, 24 Jun 2023 21:32:09 -0300 Subject: [PATCH 1/2] fix: fix links that are redirecting to page not found on github --- editions/2023/en/0x11-t10.md | 6 +++--- .../en/0xa3-broken-object-property-level-authorization.md | 4 ++-- .../0xa6-unrestricted-access-to-sensitive-business-flows.md | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/editions/2023/en/0x11-t10.md b/editions/2023/en/0x11-t10.md index 394d68c81..f86de964d 100644 --- a/editions/2023/en/0x11-t10.md +++ b/editions/2023/en/0x11-t10.md @@ -13,9 +13,9 @@ | [API9:2023 - Improper Inventory Management][api9] | APIs tend to expose more endpoints than traditional web applications, making proper and updated documentation highly important. A proper inventory of hosts and deployed API versions also are important to mitigate issues such as deprecated API versions and exposed debug endpoints. | | [API10:2023 - Unsafe Consumption of APIs][api10] | Developers tend to trust data received from third-party APIs more than user input, and so tend to adopt weaker security standards. In order to compromise APIs, attackers go after integrated third-party services instead of trying to compromise the target API directly. | -[1]: https://github.com/OWASP/API-Security/blob/master/2019/en/src/0xa3-excessive-data-exposure.md -[2]: https://github.com/OWASP/API-Security/blob/master/2019/en/src/0xa6-mass-assignment.md -[3]: https://github.com/OWASP/API-Security/blob/master/2019/en/src/0xa4-lack-of-resources-and-rate-limiting.md +[1]: https://github.com/OWASP/API-Security/blob/master/editions/2019/en/0xa3-excessive-data-exposure.md +[2]: https://github.com/OWASP/API-Security/blob/master/editions/2019/en/0xa6-mass-assignment.md +[3]: https://github.com/OWASP/API-Security/blob/master/editions/2019/en/0xa4-lack-of-resources-and-rate-limiting.md [api1]: 0xa1-broken-object-level-authorization.md [api2]: 0xa2-broken-authentication.md [api3]: 0xa3-broken-object-property-level-authorization.md diff --git a/editions/2023/en/0xa3-broken-object-property-level-authorization.md b/editions/2023/en/0xa3-broken-object-property-level-authorization.md index 94219bfa6..68f22ae4d 100644 --- a/editions/2023/en/0xa3-broken-object-property-level-authorization.md +++ b/editions/2023/en/0xa3-broken-object-property-level-authorization.md @@ -144,8 +144,8 @@ content. * [CWE-213: Exposure of Sensitive Information Due to Incompatible Policies][4] * [CWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes][5] -[1]: https://github.com/OWASP/API-Security/blob/master/2019/en/src/0xa3-excessive-data-exposure.md -[2]: https://github.com/OWASP/API-Security/blob/master/2019/en/src/0xa6-mass-assignment.md +[1]: https://github.com/OWASP/API-Security/blob/master/editions/2019/en/0xa3-excessive-data-exposure.md +[2]: https://github.com/OWASP/API-Security/blob/master/editions/2019/en/0xa6-mass-assignment.md [3]: https://cheatsheetseries.owasp.org/cheatsheets/Mass_Assignment_Cheat_Sheet.html [4]: https://cwe.mitre.org/data/definitions/213.html [5]: https://cwe.mitre.org/data/definitions/915.html diff --git a/editions/2023/en/0xa6-unrestricted-access-to-sensitive-business-flows.md b/editions/2023/en/0xa6-unrestricted-access-to-sensitive-business-flows.md index 1a9220834..871741f9f 100644 --- a/editions/2023/en/0xa6-unrestricted-access-to-sensitive-business-flows.md +++ b/editions/2023/en/0xa6-unrestricted-access-to-sensitive-business-flows.md @@ -103,4 +103,4 @@ The mitigation planning should be done in two layers: * [API10:2019 Insufficient Logging & Monitoring][2] [1]: https://owasp.org/www-project-automated-threats-to-web-applications/ -[2]: https://github.com/OWASP/API-Security/blob/master/2019/en/src/0xaa-insufficient-logging-monitoring.md +[2]: https://github.com/OWASP/API-Security/blob/master/editions/2019/en/0xaa-insufficient-logging-monitoring.md From ea77cba533150900a7d0c3822d75c460f52edef1 Mon Sep 17 00:00:00 2001 From: Carlos Souza Date: Tue, 27 Jun 2023 21:16:04 -0300 Subject: [PATCH 2/2] fix: Fix the url --- editions/2023/en/0x11-t10.md | 6 +++--- .../en/0xa3-broken-object-property-level-authorization.md | 4 ++-- .../0xa6-unrestricted-access-to-sensitive-business-flows.md | 3 ++- 3 files changed, 7 insertions(+), 6 deletions(-) diff --git a/editions/2023/en/0x11-t10.md b/editions/2023/en/0x11-t10.md index f86de964d..230cc8c72 100644 --- a/editions/2023/en/0x11-t10.md +++ b/editions/2023/en/0x11-t10.md @@ -13,9 +13,9 @@ | [API9:2023 - Improper Inventory Management][api9] | APIs tend to expose more endpoints than traditional web applications, making proper and updated documentation highly important. A proper inventory of hosts and deployed API versions also are important to mitigate issues such as deprecated API versions and exposed debug endpoints. | | [API10:2023 - Unsafe Consumption of APIs][api10] | Developers tend to trust data received from third-party APIs more than user input, and so tend to adopt weaker security standards. In order to compromise APIs, attackers go after integrated third-party services instead of trying to compromise the target API directly. | -[1]: https://github.com/OWASP/API-Security/blob/master/editions/2019/en/0xa3-excessive-data-exposure.md -[2]: https://github.com/OWASP/API-Security/blob/master/editions/2019/en/0xa6-mass-assignment.md -[3]: https://github.com/OWASP/API-Security/blob/master/editions/2019/en/0xa4-lack-of-resources-and-rate-limiting.md +[1]: https://owasp.org/API-Security/editions/2019/en/0xa3-excessive-data-exposure/ +[2]: https://owasp.org/API-Security/editions/2019/en/0xa6-mass-assignment/ +[3]: https://owasp.org/API-Security/editions/2019/en/0xa4-lack-of-resources-and-rate-limiting/ [api1]: 0xa1-broken-object-level-authorization.md [api2]: 0xa2-broken-authentication.md [api3]: 0xa3-broken-object-property-level-authorization.md diff --git a/editions/2023/en/0xa3-broken-object-property-level-authorization.md b/editions/2023/en/0xa3-broken-object-property-level-authorization.md index 68f22ae4d..172e75d3b 100644 --- a/editions/2023/en/0xa3-broken-object-property-level-authorization.md +++ b/editions/2023/en/0xa3-broken-object-property-level-authorization.md @@ -144,8 +144,8 @@ content. * [CWE-213: Exposure of Sensitive Information Due to Incompatible Policies][4] * [CWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes][5] -[1]: https://github.com/OWASP/API-Security/blob/master/editions/2019/en/0xa3-excessive-data-exposure.md -[2]: https://github.com/OWASP/API-Security/blob/master/editions/2019/en/0xa6-mass-assignment.md +[1]: https://owasp.org/API-Security/editions/2019/en/0xa3-excessive-data-exposure/ +[2]: https://owasp.org/API-Security/editions/2019/en/0xa6-mass-assignment/ [3]: https://cheatsheetseries.owasp.org/cheatsheets/Mass_Assignment_Cheat_Sheet.html [4]: https://cwe.mitre.org/data/definitions/213.html [5]: https://cwe.mitre.org/data/definitions/915.html diff --git a/editions/2023/en/0xa6-unrestricted-access-to-sensitive-business-flows.md b/editions/2023/en/0xa6-unrestricted-access-to-sensitive-business-flows.md index 871741f9f..46956d1f4 100644 --- a/editions/2023/en/0xa6-unrestricted-access-to-sensitive-business-flows.md +++ b/editions/2023/en/0xa6-unrestricted-access-to-sensitive-business-flows.md @@ -103,4 +103,5 @@ The mitigation planning should be done in two layers: * [API10:2019 Insufficient Logging & Monitoring][2] [1]: https://owasp.org/www-project-automated-threats-to-web-applications/ -[2]: https://github.com/OWASP/API-Security/blob/master/editions/2019/en/0xaa-insufficient-logging-monitoring.md +[2]: https://owasp.org/API-Security/editions/2019/en/0xaa-insufficient-logging-monitoring/ +