Apigee does cover OWASP top 10 Vulnerabilities ?

Hi,

1. Referring to OWASP top 10 Vulnerabilities one of it ‘Using components with known Vulnerabilities’ does Apigee covers such instances with inbuild Threat policies. Then which policy is refereed for such be Threat ?

2. If we already have existing front end/or another tool facing user doing OWASP top 10 Vulnerabilities before Gateway (in North), then do i need to enable all such (OWASP top 10 Vulnerabilities) feature in Gateway ? will that not be duplicating same feature across two system ?

3. Gateway usage of special characters (for Client ID) is restricted to not have * @ and restricted special charecters.

Do we have detailed document with such scenario why such usage of special characters in client ID can cause the OWASP Vulnerabilities across systems ?

If we still try to use the @ and * or any other spl charter in Client ID will categorize such issues to which OWASP Vulnerabilities

See here for a great explaination on how Apigee can help for OWASP vulnerabilities:https://docs.apigee.com/api-platform/faq/owasp-protection

@Kevin This link indicates about “Apigee solutions for the 2017 OWASP Top 10” do we have any updates based on 2019 ?

I’m not aware that anything newer than 2017 has been published from OWASP. Could you please share.

Thanks @dane knezic which link do we refer to know about latest reference to latest OWASP changes

https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project

Thanks @dane knezic for response and details