├── _data
    └── ow_attributions.json
├── .gitignore
├── Gemfile
├── assets
    ├── images
    │   ├── roadmap.png
    │   ├── sponsors
    │   │   ├── salt.png
    │   │   ├── impart.png
    │   │   ├── checkmarx.png
    │   │   ├── equixly.png
    │   │   ├── traceable.png
    │   │   └── cequence-security.png
    │   ├── owasp-20th-anniversary.png
    │   └── by-sa.svg
    └── presentations
    │   ├── api-security-top10.pdf
    │   ├── owasp-api-security-project-kick-off.pdf
    │   └── api-security-top10-rc-global-appsec-ams.pdf
├── leaders.md
├── _config.yml
├── tab_roadmap.md
├── announcements
    ├── 2023
    │   └── 02
    │   │   └── api-top10-2023rc.md
    └── cfd
    │   └── 2022
    │       ├── sample-data-submission.csv
    │       ├── sample-data-submission.json
    │       ├── info.md
    │       └── index.md
├── .github
    └── workflows
    │   └── validate-owasp-metadata.yaml
├── 404.html
├── tab_join.md
├── project.owasp.yaml
├── info.md
├── tab_acknowledgments.md
├── tab_news.md
├── tab_translations.md
└── index.md


/_data/ow_attributions.json:
--------------------------------------------------------------------------------
1 | ["John Jeremiah", "Jason Kent", "Traceable"]


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | __pycache__
2 | env
3 | .vscode
4 | _site/
5 | Gemfile.lock
6 | 


--------------------------------------------------------------------------------
/Gemfile:
--------------------------------------------------------------------------------
1 | source 'https://rubygems.org' 
2 | group :jekyll_plugins do
3 |     gem "github-pages"
4 | end


--------------------------------------------------------------------------------
/assets/images/roadmap.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/www-project-api-security/HEAD/assets/images/roadmap.png


--------------------------------------------------------------------------------
/assets/images/sponsors/salt.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/www-project-api-security/HEAD/assets/images/sponsors/salt.png


--------------------------------------------------------------------------------
/assets/images/sponsors/impart.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/www-project-api-security/HEAD/assets/images/sponsors/impart.png


--------------------------------------------------------------------------------
/assets/images/sponsors/checkmarx.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/www-project-api-security/HEAD/assets/images/sponsors/checkmarx.png


--------------------------------------------------------------------------------
/assets/images/sponsors/equixly.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/www-project-api-security/HEAD/assets/images/sponsors/equixly.png


--------------------------------------------------------------------------------
/assets/images/sponsors/traceable.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/www-project-api-security/HEAD/assets/images/sponsors/traceable.png


--------------------------------------------------------------------------------
/assets/images/owasp-20th-anniversary.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/www-project-api-security/HEAD/assets/images/owasp-20th-anniversary.png


--------------------------------------------------------------------------------
/assets/presentations/api-security-top10.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/www-project-api-security/HEAD/assets/presentations/api-security-top10.pdf


--------------------------------------------------------------------------------
/assets/images/sponsors/cequence-security.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/www-project-api-security/HEAD/assets/images/sponsors/cequence-security.png


--------------------------------------------------------------------------------
/assets/presentations/owasp-api-security-project-kick-off.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/www-project-api-security/HEAD/assets/presentations/owasp-api-security-project-kick-off.pdf


--------------------------------------------------------------------------------
/leaders.md:
--------------------------------------------------------------------------------
1 | ### Leaders
2 | 
3 | * [Erez Yalon](mailto:erez.yalon@owasp.org)
4 | * [Inon Shkedy](mailto:inon.shkedy@owasp.org)
5 | * [Paulo Silva](mailto:paulo.silva@owasp.org)
6 | 
7 | 


--------------------------------------------------------------------------------
/assets/presentations/api-security-top10-rc-global-appsec-ams.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/www-project-api-security/HEAD/assets/presentations/api-security-top10-rc-global-appsec-ams.pdf


--------------------------------------------------------------------------------
/_config.yml:
--------------------------------------------------------------------------------
1 | remote_theme: "owasp/www--site-theme@main"
2 | 
3 | #override default star and watch buttons
4 | code_user: OWASP
5 | code_repo: API-Security
6 | 
7 | plugins:
8 |  - jekyll-include-cache-0.2.0
9 | 


--------------------------------------------------------------------------------
/tab_roadmap.md:
--------------------------------------------------------------------------------
 1 | ---
 2 | title: RoadMap
 3 | layout:  null
 4 | tab: true
 5 | order: 1
 6 | tags: roadmap
 7 | ---
 8 | 
 9 | ## Planned Projects
10 | 
11 | * API Security Top 10 
12 | * API Security Cheat Sheet
13 | * crAPI - **C**ompletely **R**idiculous **API**, an intentionally vulnerable API
14 |   project)
15 | 
16 | ## Roadmap
17 | 
18 | ![Roadmap][roadmap]
19 | 
20 | [roadmap]: assets/images/roadmap.png
21 | 


--------------------------------------------------------------------------------
/announcements/cfd/2022/sample-data-submission.csv:
--------------------------------------------------------------------------------
1 | "NumberofAppsTested","CWE","NumberofAppsPer","TimePeriod","ContributorName","ContributorContactEmail","TypeofTesting","APIProtocol","PrimaryLanguage","Region","Industry","Retest"
2 | 100,20,53,2019,"Name","Email","TAH","REST","Node.js","North America","Retail","F"
3 | 100,20,10,2019,"Name","Email","TAH","GraphQL",".NET","North America","Technology","F"
4 | 100,20,30,2019,"Name","Email","TAH","gRPC","Go","North America","Technology","F"
5 | 100,425,5,2019,"Name","Email","TAH","SOAP","PHP","North America","Retail","F"
6 | 


--------------------------------------------------------------------------------
/.github/workflows/validate-owasp-metadata.yaml:
--------------------------------------------------------------------------------
 1 | name: Validate OWASP entity metadata
 2 | 
 3 | on:
 4 |   pull_request:
 5 |     paths:
 6 |       - '*.owasp.yaml'
 7 |   push:
 8 |     paths:
 9 |       - '*.owasp.yaml'
10 | 
11 | concurrency:
12 |   cancel-in-progress: true
13 |   group: ${{ github.repository }}-${{ github.workflow }}-${{ github.ref }}
14 | 
15 | jobs:
16 |   validate-metadata:
17 |     runs-on: ubuntu-latest
18 | 
19 |     steps:
20 |       - name: Checkout code
21 |         uses: actions/checkout@v5
22 | 
23 |       - name: Validate metadata file
24 |         uses: owasp/nest-schema/.github/actions/validate@a733198b4a942eb12d3ee8629cd9e0d409b1b2b9
25 | 


--------------------------------------------------------------------------------
/404.html:
--------------------------------------------------------------------------------
 1 | ---
 2 | 
 3 | title: 404 - Not Found
 4 | layout: col-generic
 5 | 
 6 | ---
 7 | 
 8 | <div class="container">
 9 |   <p><img src="/assets/images/web/404-old-owasp.png"></p>
10 |   <h2>WHOA THAT PAGE CANNOT BE FOUND</h2>
11 |   <p>Try the <strong>SEARCH</strong> function in the main navigation to find something. If you are looking for chapter information, please see <a href="/chapters/">Chapters</a> for the correct chapter. For information about OWASP projects see <a href="/projects/">Projects</a>. For common attacks, vulnerabilities, or information about other community-led contributions see <a href="/www-community/">Contributed Content</a>.</p>
12 |   
13 |   <hr>
14 |   <p><strong>If all else fails you can search our <a href="https://wiki.owasp.org/">historical site</a>.</strong></p>
15 | </div>
16 | 


--------------------------------------------------------------------------------
/tab_join.md:
--------------------------------------------------------------------------------
 1 | ---
 2 | title: Join
 3 | layout:  null
 4 | tab: true
 5 | order: 1
 6 | tags: join
 7 | ---
 8 | 
 9 | ## Google Group
10 | 
11 | Join the discussion on the [OWASP API Security Project Google group][ml].
12 | 
13 | This is the best place to introduce yourself, ask questions, suggest and discuss
14 | any topic that is relevant to the project.
15 | 
16 | ## GitHub Discussions
17 | 
18 | You can also use [GitHub Discussions] as a place to connect with other community
19 | members, asking questions or sharing ideas.
20 | 
21 | ## GitHub
22 | 
23 | The project is maintained in the [OWASP API Security Project repo][repo].
24 | 
25 | **The latest changes are under the [`develop` branch][develop]**.
26 | 
27 | Feel free to open or solve an [issue][issue].
28 | 
29 | Ready to contribute directly into the repo? Great! Just make sure you read the
30 | [How to Contribute guide][contributing]. 
31 | 
32 | [ml]: https://groups.google.com/a/owasp.org/d/forum/api-security-project
33 | [GitHub Discussions]: https://github.com/OWASP/API-Security/discussions
34 | [repo]: https://github.com/OWASP/API-Security
35 | [develop]: https://github.com/OWASP/API-Security/tree/develop
36 | [issue]: https://github.com/OWASP/API-Security/issues
37 | [contributing]: https://github.com/OWASP/API-Security/blob/master/CONTRIBUTING.md
38 | 


--------------------------------------------------------------------------------
/project.owasp.yaml:
--------------------------------------------------------------------------------
 1 | audience:
 2 |   - breaker
 3 |   - builder
 4 |   - defender
 5 | community:
 6 |   - name: project-api-top10
 7 |     platform: slack
 8 |     url: https://owasp.slack.com/archives/C0558AF1QQM
 9 |     description: Discussion of the OWASP API Top 10 Risks
10 | leaders:
11 |   - name: Erez Yalon
12 |     email: erez.yalon@owasp.org
13 |     github: ErezYalon
14 |   - name: Inon Shkedy
15 |     email: inon.shkedy@owasp.org
16 |     github: inonshk
17 |   - name: Paulo Silva
18 |     email: paulo.silva@owasp.org
19 |     github: PauloASilva
20 | level: 3
21 | name: OWASP API Security Project
22 | pitch: >
23 |   The API Security project focuses on strategies and solutions to understand
24 |   and mitigate the unique vulnerabilities and security risks of Application
25 |   Programming Interfaces (APIs)
26 | repositories:
27 |   - name: www-project-api-security
28 |     url: https://github.com/OWASP/www-project-api-security
29 |     description: OWASP Foundation Web Repository
30 |   - name: API-Security
31 |     url: https://github.com/OWASP/API-Security
32 |     description: OWASP API Security Project
33 | tags:
34 |   - api
35 |   - security
36 |   - top10
37 |   - translations
38 |   - acknowledgments
39 |   - join
40 |   - roadmap
41 |   - news
42 | type: documentation
43 | website: https://owasp.org/www-project-api-security
44 | 


--------------------------------------------------------------------------------
/info.md:
--------------------------------------------------------------------------------
 1 | ### API Security Information
 2 | 
 3 | <span class="fa-stack fa-2x" title="Production Project">
 4 |   <i class="fas fa-circle fa-stack-2x" style="color:#800080"></i>
 5 |   <i class="fas fa-city fa-stack-1x fa-inverse"></i>
 6 | </span>
 7 | ![Documentation Project][doc-proj-logo]
 8 | 
 9 | <i class="fas fa-toolbox" style="color:#233e81;"></i> Builders
10 | <i class="fas fa-hammer" style="color:#233e81;"></i> Breakers
11 | <i class="fas fa-shield-alt" style="color:#233e81;"></i> Defenders
12 | 
13 | [![CC BY-SA 4.0][license-logo]{:width="175px"}][license]
14 | 
15 | ### Downloads or Social Links
16 | 
17 | * [API Security Top 10 2023][top10:2023]
18 | * [API Security Top 10 2019][top10:2019] ([PDF][pdf])
19 | * [GraphQL Cheat Sheet][graphql-cs]
20 | * [GitHub Discussions]
21 | * [Mailing List][ml]
22 | 
23 | ### Code Repository
24 | 
25 | * [GitHub][github]
26 | 
27 | [license]: http://creativecommons.org/licenses/by-sa/4.0/
28 | [license-logo]: assets/images/by-sa.svg
29 | [doc-proj-logo]: https://raw.githubusercontent.com/OWASP/www--site-theme/master/assets/images/common/owasp_documentation_project.svg?sanitize=true
30 | [top10:2023]: https://owasp.org/API-Security/editions/2023/en/0x00-header/
31 | [top10:2019]: https://owasp.org/API-Security/editions/2019/en/0x00-header/
32 | [pdf]: https://owasp.org/API-Security/editions/2019/en/dist/owasp-api-security-top-10.pdf
33 | [graphql-cs]: https://cheatsheetseries.owasp.org/cheatsheets/GraphQL_Cheat_Sheet.html
34 | [GitHub Discussions]: https://github.com/OWASP/API-Security/discussions
35 | [ml]: https://groups.google.com/a/owasp.org/d/forum/api-security-project
36 | [github]: https://github.com/OWASP/API-Security
37 | 


--------------------------------------------------------------------------------
/announcements/2023/02/api-top10-2023rc.md:
--------------------------------------------------------------------------------
 1 | ---
 2 | 
 3 | layout: col-sidebar
 4 | title: OWASP API Security Project
 5 | tags: api security top10 translations acknowledgments join roadmap news
 6 | 
 7 | ---
 8 | 
 9 | [&#8962; Home](/www-project-api-security)
10 | 
11 | ## OWASP API Security Top 10 2023RC
12 | 
13 | Dear security enthusiasts and developers,
14 | 
15 | The OWASP API Security Project team is proud to announce the [OWASP API Security
16 | Top 10 2023 release candidate is now available][1]! The OWASP API Security Top
17 | 10 is a comprehensive guide to help organizations understand the risks and
18 | threats associated with their APIs and how to secure them.
19 | 
20 | As a community-driven project, we are seeking contributions and feedback to
21 | help improve [the 2023 release candidate][1]. If you have expertise in API
22 | security, we encourage you to [review the OWASP API Security Top 10 on
23 | GitHub][1] and provide your comments and suggestions. Your contributions will
24 | play a crucial role in shaping the final version of the guide and making it as
25 | relevant and useful as possible.
26 | 
27 | To contribute, simply [navigate to the OWASP API Security Top 10 2023 release
28 | candidate repository on GitHub][1] and submit your feedback through the issue
29 | tracker. If you have questions or would like to discuss the guide with others
30 | in the community, [join the OWASP API Security Project mailing list][2].
31 | 
32 | Let's work together to make API security more accessible and effective for
33 | everyone!
34 | 
35 | Best regards,<br/>
36 | The OWASP API Security Project Team
37 | 
38 | [1]: https://github.com/OWASP/API-Security/tree/master/2023/en/src
39 | [2]: https://groups.google.com/a/owasp.org/g/api-security-project
40 | 


--------------------------------------------------------------------------------
/announcements/cfd/2022/sample-data-submission.json:
--------------------------------------------------------------------------------
 1 | {
 2 |     "contributions":{
 3 |        "appData" :
 4 |           {
 5 |              "appsSubmitted":100
 6 |           },      
 7 |        "cwe":[
 8 |           {
 9 |              "id":20,
10 |              "occurances":53,
11 |              "timePeriod":2019,
12 |              "language":".NET",
13 |              "region":"North America",
14 |              "industry":"Retail",
15 |              "retest":"F",
16 |              "testingType":"TAH",
17 |              "apiProtocol": "REST"
18 |           },
19 |           {
20 |              "id":20,
21 |              "occurances":10,
22 |              "timePeriod":2019,
23 |              "language":".NET",
24 |              "region":"North America",
25 |              "industry":"Technology",
26 |              "retest":"F",
27 |              "testingType":"TAH",
28 |              "apiProtocol": "GraphQL"
29 |           },
30 |           {
31 |              "id":20,
32 |              "occurances":30,
33 |              "timePeriod":2019,
34 |              "language":"PHP",
35 |              "region":"North America",
36 |              "industry":"Technology",
37 |              "retest":"F",
38 |              "testingType":"TAH",
39 |              "apiProtocol": "gRPC"
40 |           },
41 |           {
42 |              "id":425,
43 |              "occurances":5,
44 |              "timePeriod":2019,
45 |              "language":".NET",
46 |              "region":"North America",
47 |              "industry":"Retail",
48 |              "retest":"F",
49 |              "testingType":"TAH",
50 |              "apiProtocol": "SOAP"
51 |           }
52 |        ],
53 |        "contributor":{
54 |           "name":"First Last",
55 |           "email":"name@owasp.org"
56 |        }
57 |     }
58 |  }


--------------------------------------------------------------------------------
/announcements/cfd/2022/info.md:
--------------------------------------------------------------------------------
 1 | ### API Security Information
 2 | 
 3 | [![Lab Project][lab-proj-logo]{:height="66px"}][inc-proj]
 4 | ![Documentation Project][doc-proj-logo]
 5 | 
 6 | [![Builders][builders-logo]][builders]
 7 | [![Breakers][breakers-logo]][breakers]
 8 | [![Defenders][defenders-logo]][defenders]
 9 | 
10 | [![CC BY-SA 3.0][license-logo]{:width="175px"}][license]
11 | 
12 | ### Downloads or Social Links
13 | 
14 | * [API Security Top 10 2019 (PDF)][pdf]
15 | * [GraphQL Cheat Sheet][graphql-cs]
16 | * [Mailing List][ml]
17 | 
18 | ### Code Repository
19 | 
20 | * [GitHub][github]
21 | 
22 | [inc-proj]: https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects
23 | [lab-proj-logo]: https://raw.githubusercontent.com/OWASP/www--site-theme/master/assets/images/common/owasp_level_labs.svg?sanitize=true
24 | [builders]: https://www.owasp.org/index.php/Builders
25 | [builders-logo]: https://raw.githubusercontent.com/OWASP/www--site-theme/master/assets/images/common/owasp_builders.svg?sanitize=true
26 | [breakers]: https://www.owasp.org/index.php/Breakers
27 | [breakers-logo]: https://raw.githubusercontent.com/OWASP/www--site-theme/master/assets/images/common/owasp_breakers.svg?sanitize=true
28 | [defenders]: https://www.owasp.org/index.php/Defenders
29 | [defenders-logo]: https://raw.githubusercontent.com/OWASP/www--site-theme/master/assets/images/common/owasp_defenders.svg?sanitize=true
30 | [license]: http://creativecommons.org/licenses/by-sa/3.0/
31 | [license-logo]: assets/images/by-sa.svg
32 | [doc-proj-logo]: https://raw.githubusercontent.com/OWASP/www--site-theme/master/assets/images/common/owasp_documentation_project.svg?sanitize=true
33 | [pdf]: https://github.com/OWASP/API-Security/raw/master/2019/en/dist/owasp-api-security-top-10.pdf
34 | [github]: https://github.com/OWASP/API-Security
35 | [ml]: https://groups.google.com/a/owasp.org/d/forum/api-security-project
36 | [graphql-cs]: https://cheatsheetseries.owasp.org/cheatsheets/GraphQL_Cheat_Sheet.html
37 | 
38 | 


--------------------------------------------------------------------------------
/tab_acknowledgments.md:
--------------------------------------------------------------------------------
 1 | ---
 2 | title: Acknowledgments
 3 | layout:  null
 4 | tab: true
 5 | order: 1
 6 | tags: acknowledgments
 7 | ---
 8 | 
 9 | ## Founders
10 | 
11 | * [Erez Yalon][erez-yalon]
12 | * [Inon Shkedy][inon-shkedy]
13 | 
14 | ## Leaders
15 | 
16 | * [Erez Yalon][erez-yalon]
17 | * [Inon Shkedy][inon-shkedy]
18 | * [Paulo Silva][paulo-silva]
19 | 
20 | ## 2023 Sponsors
21 | 
22 | ![Cequence Security][cequence]{:height="96px"}
23 | 
24 | ![Checkmarx][checkmarx]{:height="96px"}
25 | 
26 | ![Equixly][equixly]{:height="96px"}
27 | 
28 | ![Impart Security][impart]{:height="96px"}
29 | 
30 | ![Salt Security][salt]{:height="96px"}
31 | 
32 | ![Traceable][traceable]{:height="96px"}
33 | 
34 | ## 2023 Contributors
35 | 
36 | 247arjun, abunuwas, Alissa Knight, Arik Atar, aymenfurter, Corey J. Ball, cyn8,
37 | d0znpp, Dan Gordon, donge, Dor Tumarkin, faizzaidi, gavjl, guybensimhon, Inês
38 | Martins, Isabelle Mauny, Ivan Novikov, jmanico, Juan Pablo, k7jto, LaurentCB,
39 | llegaz, Maxim Zavodchik, MrPRogers, planetlevel, rahulk22, Roey Eliyahu, Roshan
40 | Piyush, securitylevelup, sudeshgadewar123, Tatsuya-hasegawa, tebbers, vanderaj,
41 | wenz, xplo1t-sec, Yaniv Balmas, ynvb
42 | 
43 | ## 2019 Contributors
44 | 
45 | 007divyachawla, Abid Khan, Adam Fisher, anotherik, bkimminich, caseysoftware,
46 | Chris Westphal, dsopas, DSotnikov, emilva, ErezYalon, flascelles, Guillaume
47 | Benats, IgorSasovets, Inonshk, JonnySchnittger, jmanico, jmdx, Keith Casey,
48 | kozmic, LauraRosePorter, Matthieu Estrade, nathanawmk, PauloASilva, pentagramz,
49 | philippederyck, pleothaud, r00ter, Raj kumar, Sagar Popat, Stephen Gates,
50 | thomaskonrad, xycloops123, Raphael Hagi, Eduardo Bellis, Bruno Barbosa
51 | 
52 | [erez-yalon]: https://www.owasp.org/index.php/User:ErezYalon
53 | [inon-shkedy]: https://www.owasp.org/index.php/User:Inon
54 | [paulo-silva]: https://www.owasp.org/index.php/User:PauloASilva
55 | [checkmarx]: assets/images/checkmarx-logo.png
56 | [salt]: assets/images/sponsors/salt.png
57 | [cequence]: assets/images/sponsors/cequence-security.png
58 | [traceable]: assets/images/sponsors/traceable.png
59 | [impart]: assets/images/sponsors/impart.png
60 | [checkmarx]: assets/images/sponsors/checkmarx.png
61 | [equixly]: assets/images/sponsors/equixly.png
62 | 
63 | 


--------------------------------------------------------------------------------
/tab_news.md:
--------------------------------------------------------------------------------
 1 | ---
 2 | title: News
 3 | layout:  null
 4 | tab: true
 5 | order: 1
 6 | tags: news
 7 | ---
 8 | 
 9 | * **Jun 28th, 2024**
10 | 
11 |   OWASP API Security Project - Past Present and Future @ OWASP Global AppSec
12 |   Lisbon 2024 ([YouTube][lisbon24])
13 | * **Jun 3rd, 2024**
14 | 
15 |   [OWASP API Security Top 10 2023 French translation][top10-2023-fr] release.
16 | * **Jun 5th, 2023**
17 | 
18 |   [OWASP API Security Top 10 2023][top10:2023] stable version was publicly
19 |   released.
20 | * **Feb 14, 2023**
21 | 
22 |   [OWASP API Security Top 10 2023 Release Candidate][2023rc-announcement] is
23 |   now available.
24 | * **Aug 30, 2022**
25 | 
26 |   [OWASP API Security Top 10 2022 call for data](announcements/cfd/2022/)
27 |   is open.
28 | * **Oct 30, 2020**
29 | 
30 |   [GraphQL Cheat Sheet][graphql-cs] release.
31 |   A truly community effort whose [log and contributors list are available at
32 |   GitHub][graphql-cs-pr].
33 | * **Apr 4, 2020**
34 | 
35 |   [OWASP API Security Top 10 2019 pt-PT translation][top10-pt-PT] release.
36 | * **Mar 27, 2020**
37 | 
38 |   [OWASP API Security Top 10 2019 pt-BR translation][top10-pt-BR] release.
39 | * **Dec 26, 2019**
40 | 
41 |   OWASP API Security Top 10 2019 stable version release.
42 | * **Sep 30, 2019**
43 | 
44 |   The RC of API Security Top-10 List was published during [OWASP Global AppSec
45 |   Amsterdam][ams] ([slide deck][ams-slides])
46 | * **Sep 13, 2019**
47 | 
48 |   The RC of API Security Top-10 List was published during [OWASP Global AppSec
49 |   DC][dc] ([slide deck][dc-slides])
50 | * **May 30, 2019**
51 | 
52 |   The API Security Project was Kicked-Off during [OWASP Global AppSec Tel
53 |   Aviv][telaviv] ([slide deck][telaviv-slides])
54 | 
55 | [ams]: https://ams.globalappsec.org/
56 | [ams-slides]: https://github.com/OWASP/www-project-api-security/raw/master/assets/presentations/api-security-top10-rc-global-appsec-ams.pdf
57 | [dc]: https://dc.globalappsec.org/
58 | [dc-slides]: https://github.com/OWASP/www-project-api-security/raw/master/assets/presentations/api-security-top10.pdf
59 | [telaviv]: https://telaviv.appsecglobal.org/
60 | [telaviv-slides]: https://github.com/OWASP/www-project-api-security/raw/master/assets/presentations/owasp-api-security-project-kick-off.pdf
61 | [top10-pt-BR]: https://github.com/OWASP/API-Security/raw/master/2019/pt-br/dist/owasp-api-security-top-10-pt-br.pdf
62 | [top10-pt-PT]: https://github.com/OWASP/API-Security/raw/master/2019/pt-pt/dist/owasp-api-security-top-10.pdf
63 | [graphql-cs]: https://cheatsheetseries.owasp.org/cheatsheets/GraphQL_Cheat_Sheet.html
64 | [graphql-cs-pr]: https://github.com/OWASP/CheatSheetSeries/pull/434
65 | [2023rc-announcement]: announcements/2023/02/api-top10-2023rc
66 | [top10:2023]: https://owasp.org/API-Security/editions/2023/en/0x00-header/
67 | [top10-2023-fr]: https://owasp.org/API-Security/editions/2023/fr/0x00-header/
68 | [lisbon24]: https://www.youtube.com/watch?v=hn4mgTu5izg
69 | 


--------------------------------------------------------------------------------
/announcements/cfd/2022/index.md:
--------------------------------------------------------------------------------
 1 | ---
 2 | 
 3 | layout: col-sidebar
 4 | title: OWASP API Security Project
 5 | tags: api security top10 translations acknowledgments join roadmap news
 6 | 
 7 | ---
 8 | 
 9 | [&#8962; Home](/www-project-api-security)
10 | 
11 | ## Call for Data
12 | 
13 | The OWASP API Security Project team plans to build and release a new edition of
14 | the OWASP API Security Top 10 in 2022.
15 | 
16 | This is the first time we're calling for data. Unlike in 2019 when the API
17 | Security Top 10 was first published, we believe the API industry is now more
18 | mature and should be able to contribute valuable data.
19 | 
20 | ### Goals
21 | 
22 | Collect comprehensive data regarding **API** vulnerabilities to-date in order
23 | to build a new top 10 of the most critical **API** security risks.
24 | 
25 | ### Contributions
26 | 
27 | To make things smoother we're adhering to the OWASP Top Ten Project
28 | contribution process and data contribution templates that most vendors/security
29 | practitioners are already familiar with.
30 | 
31 | #### Contributors
32 | 
33 | We're expecting data coming from a variety of sources, such as security
34 | vendors and consultancies, bug bounties programs, and security practitioners in
35 | general such as pentesters.
36 | 
37 | #### Period
38 | 
39 | This call for data will be open during September-November of 2022.
40 | 
41 | Contribute data should date **from 2019 to the end of 2021** and it **should be
42 | API-specific** e.g. REST, GraphQL, gRPC, JSON-RPC, XML-RPC, etc.
43 | 
44 | #### Process
45 | 
46 | Data can be [uploaded here].
47 | 
48 | If for some reason you're not comfortable using the form to contribute data,
49 | please reach out to `paulo.silva@owasp.org` for an alternative method.
50 | 
51 | #### Data Structure
52 | 
53 | We're providing two submission templates: [CSV] and [JSON].
54 | 
55 | The data structure is very similar to the one used by the OWASP Top Ten Project
56 | with an additional attribute: `apiProtocol`. In case you already have automated
57 | tools to compile and output one of these file formats, you should be able to
58 | use it with little changes.
59 | 
60 | ##### Per Dataset
61 | 
62 | | Attribute | Required? | Description |
63 | | :-------- | :-------: | :---------- |
64 | | NumberofAppsTested | Yes | How many APIs were tested |
65 | | CWE | Yes | ID of the weakness found in tested APIs |
66 | | NumberofAppsPer | Yes | Number of APIs the CWE was found in |
67 | | TimePeriod | No | When (year) the weakness was first found: 2021/2020/2019 |
68 | | ContributorName | No | Who's contributing the data |
69 | | ContributorContactEmail | No | Email of who is contributing the data |
70 | | TypeofTesting | No | Type of test performed to identify the weakness: TaH<sup>1</sup>/HaT<sup>2</sup>/Tool |
71 | | APIProtocol | No | Type of API protocol: REST/GraphQL/gRPC/SOAP/... |
72 | | PrimaryLanguage | No | What programming language was used to implement the API logic |
73 | | Region | No | Global/North America/EU/Asia/Other |
74 | | Industry | No | Primary industry: Multiple/Financial/Industrial/Software/...|
75 | | Retest | No | Whether the data contains retests or the same applications multiple times: T/F |
76 | 
77 | ---
78 | 
79 | 1. Tool assisted Human
80 | 2. Human assisted Tool
81 | 
82 | [uploaded here]: https://docs.google.com/forms/d/e/1FAIpQLSdcZU3cbkcGtpS9-2wMH0WMbT3H4ZFC9QOOSh2d0v67B2nUuA/viewform
83 | [CSV]: ./sample-data-submission.csv
84 | [JSON]: ./sample-data-submission.json
85 | 


--------------------------------------------------------------------------------
/tab_translations.md:
--------------------------------------------------------------------------------
  1 | ---
  2 | title: Translations
  3 | layout:  null
  4 | tab: true
  5 | order: 1
  6 | tags: translations
  7 | ---
  8 | 
  9 | ## OWASP API Security Top 10 2023
 10 | 
 11 | * [Bahasa (Indonesian)][27]
 12 | 
 13 |   [Faiz Ahmed Zaidi] 
 14 | * [French][25]
 15 | 
 16 |   [Aurélien Troncy], [Laurent Legaz]
 17 | * [Persian][26]
 18 | 
 19 |   [Alireza Mostame], [Maryam Javadi Hoseini], [Mohammad Reza Ismaeli Taba],
 20 |   [RNPG](https://www.linkedin.com/company/raspina-net-pars/){:rel="nofollow"}
 21 | * [Português (Portugal)][28]
 22 | 
 23 |   [Rui Silva][rui-silva]
 24 | 
 25 | ## OWASP API Security Top 10 2019
 26 | 
 27 | * [Arabic][7] (also available in [PDF][8], [ODT][9])
 28 | 
 29 |   [Malek Aldossary], [Sabri Hassanyah], [Mostafa Alaqsm], [Fahad Alduraibi],
 30 |   [Thamer Alshammeri], [Mohammed Alsuhaymi]
 31 | * [French][13] (also available in [PDF][14], [ODT][15])
 32 | 
 33 |   [Fred][datakime], [Laurent Legaz]
 34 | * [German][22] (also available in [PDF][23], [ODT][24])
 35 | 
 36 |   [Moritz Gruber][aware7-moritz], [Nick Lorenz], [Steffen Thamm], [Tim B.]
 37 | * [Greek][19] ([PDF][20], [ODT][21])
 38 | 
 39 |   [Athanasios Emmanouilidis], [Apostolos Giannakidis]
 40 | * [Persian][16] (also available in [PDF][17], [ODT][18])
 41 | 
 42 |   [Alireza Mostame], [Mohammad Reza Ismaeli Taba], [Amirmahdi Nowbakht],
 43 |   [RNPG](https://www.linkedin.com/company/raspina-net-pars/){:rel="nofollow"}
 44 | * [Portuguese (Brazil)][1] (also available in [PDF][2], [ODT][3])
 45 | 
 46 |   [Raphael Hagi][raphael-hagi], [Eduardo Bellis][eduardo-bellis],
 47 |   [Bruno Barbosa][bruno-barbosa]
 48 | * [Portuguese (Portugal)][4] (also available in [PDF][5], [ODT][6])
 49 | 
 50 |   [Paulo A. Silva][pauloasilva], [Rui Silva][rui-silva]
 51 | * [Russian][10] (also available in [PDF][11], [ODT][12])
 52 | 
 53 |   [Eugene Rojavski], [act1on3], keni0k
 54 | 
 55 | [1]: https://owasp.org/API-Security/editions/2019/pt-BR/0x00-header/
 56 | [2]: https://owasp.org/API-Security/editions/2019/pt-BR/dist/owasp-api-security-top-10-pt-br.pdf
 57 | [3]: https://owasp.org/API-Security/editions/2019/pt-BR/dist/owasp-api-security-top-10-pt-br.odt
 58 | [4]: https://owasp.org/API-Security/editions/2019/pt-pt/0x00-header/
 59 | [5]: https://owasp.org/API-Security/editions/2019/pt-pt/dist/owasp-api-security-top-10.pdf
 60 | [6]: https://owasp.org/API-Security/editions/2019/pt-pt/dist/owasp-api-security-top-10.odt
 61 | [7]: https://owasp.org/API-Security/editions/2019/ar/0x00-header/
 62 | [8]: https://owasp.org/API-Security/editions/2019/ar/dist/owasp-api-security-top-10-ar.pdf
 63 | [9]: https://owasp.org/API-Security/editions/2019/ar/dist/owasp-api-security-top-10-ar.odt
 64 | [10]: https://owasp.org/API-Security/editions/2019/ru/0x00-header/
 65 | [11]: https://owasp.org/API-Security/editions/2019/ru/dist/owasp-api-security-top-10.pdf
 66 | [12]: https://owasp.org/API-Security/editions/2019/ru/dist/owasp-api-security-top-10.odt
 67 | [13]: https://owasp.org/API-Security/editions/2019/fr/0x00-header/
 68 | [14]: https://owasp.org/API-Security/editions/2019/fr/dist/owasp-api-security-top-10.pdf
 69 | [15]: https://owasp.org/API-Security/editions/2019/fr/dist/owasp-api-security-top-10.odt
 70 | [16]: https://owasp.org/API-Security/editions/2019/fa/0x00-header/
 71 | [17]: https://owasp.org/API-Security/editions/2019/fa/dist/owasp-api-security-top-10.pdf
 72 | [18]: https://owasp.org/API-Security/editions/2019/fa/dist/owasp-api-security-top-10.odt
 73 | [19]: https://owasp.org/API-Security/editions/2019/el-gr/0x00-header/
 74 | [20]: https://owasp.org/API-Security/editions/2019/el-gr/dist/owasp-api-security-top-10.pdf
 75 | [21]: https://owasp.org/API-Security/editions/2019/el-gr/dist/owasp-api-security-top-10.odt
 76 | [22]: https://owasp.org/API-Security/editions/2019/de/0x00-header/
 77 | [23]: https://owasp.org/API-Security/editions/2019/de/dist/owasp-api-security-top-10.pdf
 78 | [24]: https://owasp.org/API-Security/editions/2019/de/dist/owasp-api-security-top-10.odt
 79 | [25]: https://owasp.org/API-Security/editions/2023/fr/0x00-header/
 80 | [26]: https://owasp.org/API-Security/editions/2023/fa/0x00-header/
 81 | [27]: https://owasp.org/API-Security/editions/2023/id/0x00-header/
 82 | [28]: https://owasp.org/API-Security/editions/2023/pt-pt/0x00-header/
 83 | 
 84 | [raphael-hagi]: https://www.linkedin.com/in/raphael-hagi/
 85 | [eduardo-bellis]: https://www.linkedin.com/in/eduardo-bellis-92482534/
 86 | [bruno-barbosa]: https://www.linkedin.com/in/bbarbosa85/
 87 | [pauloasilva]: https://www.linkedin.com/in/devpauloasilva/
 88 | [rui-silva]: https://www.linkedin.com/in/rspro/
 89 | [Malek Aldossary]: http://twitter.com/malajab
 90 | [Sabri Hassanyah]: https://twitter.com/kingsabri
 91 | [Mostafa Alaqsm]: https://twitter.com/malaqsm
 92 | [Fahad Alduraibi]: https://twitter.com/fahad_alduraibi
 93 | [Thamer Alshammeri]: https://twitter.com/t44t_
 94 | [Mohammed Alsuhaymi]: https://twitter.com/msuhaymi
 95 | [Eugene Rojavski]: https://twitter.com/eugenerojavski
 96 | [act1on3]: https://twitter.com/act1on3
 97 | [datakime]: https://github.com/datakime
 98 | [Laurent Legaz]: https://github.com/llegaz
 99 | [Alireza Mostame]: https://www.linkedin.com/in/alireza-mostame-29970b242
100 | [Mohammad Reza Ismaeli Taba]: https://www.linkedin.com/in/rezataba
101 | [Amirmahdi Nowbakht]: https://www.linkedin.com/in/amirmahdi-nowbakht-3b8865200
102 | [Athanasios Emmanouilidis]: https://www.linkedin.com/in/athanasiosem/
103 | [Apostolos Giannakidis]: https://www.linkedin.com/in/giannakidisapostolos/
104 | [aware7-moritz]: https://www.linkedin.com/in/moritz-gruber-734a43199/
105 | [Steffen Thamm]: https://www.linkedin.com/in/steffen-thamm-a8341a27b/
106 | [Nick Lorenz]: https://www.linkedin.com/in/nick-lorenz-16b211222/
107 | [Tim B.]: https://www.linkedin.com/in/domai-tb/
108 | [Aurélien Troncy]: https://www.linkedin.com/in/aur%C3%A9lien-troncy-214075229/
109 | [Maryam Javadi Hoseini]: https://www.linkedin.com/in/maryam-javadi-353b1744/
110 | [Faiz Ahmed Zaidi]: https://github.com/faizzaidi
111 | 


--------------------------------------------------------------------------------
/index.md:
--------------------------------------------------------------------------------
  1 | ---
  2 | 
  3 | layout: col-sidebar
  4 | title: OWASP API Security Project
  5 | tags: api security top10 translations acknowledgments join roadmap news
  6 | level: 3
  7 | type: documentation
  8 | pitch: The API Security project focuses on strategies and solutions to understand and mitigate the unique vulnerabilities and security risks of Application Programming Interfaces (APIs)
  9 | 
 10 | ---
 11 | 
 12 | <div class="alert">
 13 |   <p style="text-align:center">
 14 |     Check out the new 
 15 |     <a href="https://owasp.org/API-Security/editions/2023/en/0x00-header/">
 16 |       OWASP API Security Top 10 2023
 17 |     </a>! 
 18 |   </p>
 19 | </div>
 20 | 
 21 | ## What is API Security?
 22 | 
 23 | A foundational element of innovation in today’s app-driven world is the API.
 24 | From banks, retail and transportation to IoT, autonomous vehicles and smart
 25 | cities, APIs are a critical part of modern mobile, SaaS and web applications and
 26 | can be found in customer-facing, partner-facing and internal applications. By
 27 | nature, APIs expose application logic and sensitive data such as Personally
 28 | Identifiable Information (PII) and because of this have increasingly become a
 29 | target for attackers. Without secure APIs, rapid innovation would be impossible.
 30 | 
 31 | API Security focuses on strategies and solutions to understand and mitigate the
 32 | unique vulnerabilities and security risks of Application Programming Interfaces
 33 | (APIs).
 34 | 
 35 | ## API Security Top 10 2023
 36 | 
 37 | Here is a sneak peek of the 2023 version:
 38 | 
 39 | * **[API1:2023 - Broken Object Level Authorization][API1:2023]**
 40 | 
 41 |   APIs tend to expose endpoints that handle object identifiers, creating a wide
 42 |   attack surface of Object Level Access Control issues. Object level
 43 |   authorization checks should be considered in every function that accesses a
 44 |   data source using an ID from the user. [Continue reading][API1:2023].
 45 | * **[API2:2023 - Broken Authentication][API2:2023]**
 46 | 
 47 |   Authentication mechanisms are often implemented incorrectly, allowing
 48 |   attackers to compromise authentication tokens or to exploit implementation
 49 |   flaws to assume other user's identities temporarily or permanently.
 50 |   Compromising a system's ability to identify the client/user, compromises API
 51 |   security overall. [Continue reading][API2:2023].
 52 | * **[API3:2023 - Broken Object Property Level Authorization][API3:2023]**
 53 | 
 54 |   This category combines [API3:2019 Excessive Data Exposure][API3:2019] and
 55 |   [API6:2019 - Mass Assignment][API6:2019], focusing on the root cause: the lack
 56 |   of or improper authorization validation at the object property level. This
 57 |   leads to information exposure or manipulation by unauthorized parties.
 58 |   [Continue reading][API3:2023].
 59 | * **[API4:2023 - Unrestricted Resource Consumption][API4:2023]**
 60 | 
 61 |   Satisfying API requests requires resources such as network bandwidth, CPU,
 62 |   memory, and storage. Other resources such as emails/SMS/phone calls or
 63 |   biometrics validation are made available by service providers via API
 64 |   integrations, and paid for per request. Successful attacks can lead to Denial
 65 |   of Service or an increase of operational costs. [Continue reading][API4:2023].
 66 | * **[API5:2023 - Broken Function Level Authorization][API5:2023]**
 67 | 
 68 |   Complex access control policies with different hierarchies, groups, and roles,
 69 |   and an unclear separation between administrative and regular functions, tend
 70 |   to lead to authorization flaws. By exploiting these issues, attackers can gain
 71 |   access to other users’ resources and/or administrative functions. [Continue
 72 |   reading][API5:2023].
 73 | * **[API6:2023 - Unrestricted Access to Sensitive Business Flows][API6:2023]**
 74 | 
 75 |   APIs vulnerable to this risk expose a business flow - such as buying a ticket,
 76 |   or posting a comment - without compensating for how the functionality could
 77 |   harm the business if used excessively in an automated manner. This doesn't
 78 |   necessarily come from implementation bugs. [Continue reading][API6:2023].
 79 | * **[API7:2023 - Server Side Request Forgery][API7:2023]**
 80 | 
 81 |   Server-Side Request Forgery (SSRF) flaws can occur when an API is fetching a
 82 |   remote resource without validating the user-supplied URI. This enables an
 83 |   attacker to coerce the application to send a crafted request to an unexpected
 84 |   destination, even when protected by a firewall or a VPN. [Continue
 85 |   reading][API7:2023].
 86 | * **[API8:2023 - Security Misconfiguration][API8:2023]**
 87 | 
 88 |   APIs and the systems supporting them typically contain complex configurations,
 89 |   meant to make the APIs more customizable. Software and DevOps engineers can
 90 |   miss these configurations, or don't follow security best practices when it
 91 |   comes to configuration, opening the door for different types of attacks.
 92 |   [Continue reading][API8:2023].
 93 | * **[API9:2023 - Improper Inventory Management][API9:2023]**
 94 | 
 95 |   APIs tend to expose more endpoints than traditional web applications, making
 96 |   proper and updated documentation highly important. A proper inventory of hosts
 97 |   and deployed API versions also are important to mitigate issues such as
 98 |   deprecated API versions and exposed debug endpoints. [Continue
 99 |   reading][API9:2023].
100 | * **[API10:2023 - Unsafe Consumption of APIs][API10:2023]**
101 | 
102 |   Developers tend to trust data received from third-party APIs more than user
103 |   input, and so tend to adopt weaker security standards. In order to compromise
104 |   APIs, attackers go after integrated third-party services instead of trying to
105 |   compromise the target API directly. [Continue reading][API10:2023].
106 | 
107 | ## Licensing
108 | 
109 | **The OWASP API Security Project documents are free to use!**
110 | 
111 | The OWASP API Security Project is licensed under the [Creative Commons
112 | Attribution-ShareAlike 4.0 license][license], so you can copy, distribute and
113 | transmit the work, and you can adapt it, and use it commercially, but all
114 | provided that you attribute the work and if you alter, transform, or build upon
115 | this work, you may distribute the resulting work only under the same or similar
116 | license to this one.
117 | 
118 | [license]: https://creativecommons.org/licenses/by-sa/4.0/
119 | [API1:2023]: https://owasp.org/API-Security/editions/2023/en/0xa1-broken-object-level-authorization/
120 | [API2:2023]: https://owasp.org/API-Security/editions/2023/en/0xa2-broken-authentication/
121 | [API3:2023]: https://owasp.org/API-Security/editions/2023/en/0xa3-broken-object-property-level-authorization/
122 | [API3:2019]: https://owasp.org/API-Security/editions/2019/en/0xa3-excessive-data-exposure/
123 | [API6:2019]: https://owasp.org/API-Security/editions/2019/en/0xa6-mass-assignment/
124 | [API4:2023]: https://owasp.org/API-Security/editions/2023/en/0xa4-unrestricted-resource-consumption/
125 | [API5:2023]: https://owasp.org/API-Security/editions/2023/en/0xa5-broken-function-level-authorization/
126 | [API6:2023]: https://owasp.org/API-Security/editions/2023/en/0xa6-unrestricted-access-to-sensitive-business-flows/
127 | [API7:2023]: https://owasp.org/API-Security/editions/2023/en/0xa7-server-side-request-forgery/
128 | [API8:2023]: https://owasp.org/API-Security/editions/2023/en/0xa8-security-misconfiguration/
129 | [API9:2023]: https://owasp.org/API-Security/editions/2023/en/0xa9-improper-inventory-management/
130 | [API10:2023]: https://owasp.org/API-Security/editions/2023/en/0xaa-unsafe-consumption-of-apis/
131 | 


--------------------------------------------------------------------------------
/assets/images/by-sa.svg:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="UTF-8" standalone="no"?>
  2 | <!-- Created with Inkscape (http://www.inkscape.org/) -->
  3 | <svg
  4 |    xmlns:dc="http://purl.org/dc/elements/1.1/"
  5 |    xmlns:cc="http://web.resource.org/cc/"
  6 |    xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
  7 |    xmlns:svg="http://www.w3.org/2000/svg"
  8 |    xmlns="http://www.w3.org/2000/svg"
  9 |    xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
 10 |    xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
 11 |    width="120"
 12 |    height="42"
 13 |    id="svg2759"
 14 |    sodipodi:version="0.32"
 15 |    inkscape:version="0.45+devel"
 16 |    version="1.0"
 17 |    sodipodi:docname="by-sa.svg"
 18 |    inkscape:output_extension="org.inkscape.output.svg.inkscape">
 19 |   <defs
 20 |      id="defs2761" />
 21 |   <sodipodi:namedview
 22 |      id="base"
 23 |      pagecolor="#ffffff"
 24 |      bordercolor="#8b8b8b"
 25 |      borderopacity="1"
 26 |      gridtolerance="10000"
 27 |      guidetolerance="10"
 28 |      objecttolerance="10"
 29 |      inkscape:pageopacity="0.0"
 30 |      inkscape:pageshadow="2"
 31 |      inkscape:zoom="1"
 32 |      inkscape:cx="179"
 33 |      inkscape:cy="89.569904"
 34 |      inkscape:document-units="px"
 35 |      inkscape:current-layer="layer1"
 36 |      width="120px"
 37 |      height="42px"
 38 |      inkscape:showpageshadow="false"
 39 |      inkscape:window-width="1198"
 40 |      inkscape:window-height="624"
 41 |      inkscape:window-x="488"
 42 |      inkscape:window-y="401" />
 43 |   <metadata
 44 |      id="metadata2764">
 45 |     <rdf:RDF>
 46 |       <cc:Work
 47 |          rdf:about="">
 48 |         <dc:format>image/svg+xml</dc:format>
 49 |         <dc:type
 50 |            rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
 51 |       </cc:Work>
 52 |     </rdf:RDF>
 53 |   </metadata>
 54 |   <g
 55 |      inkscape:label="Layer 1"
 56 |      inkscape:groupmode="layer"
 57 |      id="layer1">
 58 |     <g
 59 |        transform="matrix(0.9937807,0,0,0.9936694,-177.69409,-74.436409)"
 60 |        id="g287"
 61 |        inkscape:export-filename="/mnt/hgfs/Bov/Documents/Work/2007/cc/identity/srr buttons/big/by-sa.png"
 62 |        inkscape:export-xdpi="300.23013"
 63 |        inkscape:export-ydpi="300.23013">
 64 | 	<path
 65 |    id="path3817_2_"
 66 |    nodetypes="ccccccc"
 67 |    d="M 182.23532,75.39014 L 296.29928,75.59326 C 297.89303,75.59326 299.31686,75.35644 299.31686,78.77344 L 299.17721,116.34033 L 179.3569,116.34033 L 179.3569,78.63379 C 179.3569,76.94922 179.51999,75.39014 182.23532,75.39014 z"
 68 |    style="fill:#aab2ab" />
 69 | 
 70 | 	<g
 71 |    id="g5908_2_"
 72 |    transform="matrix(0.872921,0,0,0.872921,50.12536,143.2144)">
 73 | 		
 74 | 			<path
 75 |    id="path5906_2_"
 76 |    cx="296.35416"
 77 |    ry="22.939548"
 78 |    cy="264.3577"
 79 |    type="arc"
 80 |    rx="22.939548"
 81 |    d="M 187.20944,-55.6792 C 187.21502,-46.99896 180.18158,-39.95825 171.50134,-39.95212 C 162.82113,-39.94708 155.77929,-46.97998 155.77426,-55.66016 C 155.77426,-55.66687 155.77426,-55.67249 155.77426,-55.6792 C 155.76922,-64.36054 162.80209,-71.40125 171.48233,-71.40631 C 180.16367,-71.41193 187.20441,-64.37842 187.20944,-55.69824 C 187.20944,-55.69263 187.20944,-55.68591 187.20944,-55.6792 z"
 82 |    style="fill:#ffffff" />
 83 | 
 84 | 		<g
 85 |    id="g5706_2_"
 86 |    transform="translate(-289.6157,99.0653)">
 87 | 			<path
 88 |    id="path5708_2_"
 89 |    d="M 473.88455,-167.54724 C 477.36996,-164.06128 479.11294,-159.79333 479.11294,-154.74451 C 479.11294,-149.69513 477.40014,-145.47303 473.9746,-142.07715 C 470.33929,-138.50055 466.04281,-136.71283 461.08513,-136.71283 C 456.18736,-136.71283 451.96526,-138.48544 448.42003,-142.03238 C 444.87419,-145.57819 443.10158,-149.81537 443.10158,-154.74451 C 443.10158,-159.6731 444.87419,-163.94049 448.42003,-167.54724 C 451.87523,-171.03375 456.09728,-172.77618 461.08513,-172.77618 C 466.13342,-172.77618 470.39914,-171.03375 473.88455,-167.54724 z M 450.76657,-165.20239 C 447.81982,-162.22601 446.34701,-158.7395 446.34701,-154.74005 C 446.34701,-150.7417 447.80529,-147.28485 450.72125,-144.36938 C 453.63778,-141.45288 457.10974,-139.99462 461.1383,-139.99462 C 465.16683,-139.99462 468.66848,-141.46743 471.64486,-144.41363 C 474.47076,-147.14947 475.88427,-150.59069 475.88427,-154.74005 C 475.88427,-158.85809 474.44781,-162.35297 471.57659,-165.22479 C 468.70595,-168.09546 465.22671,-169.53131 461.1383,-169.53131 C 457.04993,-169.53131 453.59192,-168.08813 450.76657,-165.20239 z M 458.52106,-156.49927 C 458.07074,-157.4809 457.39673,-157.9715 456.49781,-157.9715 C 454.90867,-157.9715 454.11439,-156.90198 454.11439,-154.763 C 454.11439,-152.62341 454.90867,-151.55389 456.49781,-151.55389 C 457.54719,-151.55389 458.29676,-152.07519 458.74647,-153.11901 L 460.94923,-151.94598 C 459.8993,-150.0805 458.32417,-149.14697 456.22374,-149.14697 C 454.60384,-149.14697 453.30611,-149.64367 452.33168,-150.63653 C 451.35561,-151.62994 450.86894,-152.99926 450.86894,-154.7445 C 450.86894,-156.46008 451.37123,-157.82159 452.37642,-158.83013 C 453.38161,-159.83806 454.63347,-160.34264 456.13423,-160.34264 C 458.35435,-160.34264 459.94407,-159.46776 460.90504,-157.71978 L 458.52106,-156.49927 z M 468.8844,-156.49927 C 468.43353,-157.4809 467.77292,-157.9715 466.90201,-157.9715 C 465.28095,-157.9715 464.46988,-156.90198 464.46988,-154.763 C 464.46988,-152.62341 465.28095,-151.55389 466.90201,-151.55389 C 467.95304,-151.55389 468.68918,-152.07519 469.10925,-153.11901 L 471.36126,-151.94598 C 470.31301,-150.0805 468.74007,-149.14697 466.64358,-149.14697 C 465.02587,-149.14697 463.73095,-149.64367 462.75711,-150.63653 C 461.78494,-151.62994 461.29773,-152.99926 461.29773,-154.7445 C 461.29773,-156.46008 461.79221,-157.82159 462.78061,-158.83013 C 463.76843,-159.83806 465.02588,-160.34264 466.55408,-160.34264 C 468.77027,-160.34264 470.35776,-159.46776 471.3154,-157.71978 L 468.8844,-156.49927 z" />
 90 | 
 91 | 		</g>
 92 | 
 93 | 	</g>
 94 | 
 95 | 	<path
 96 |    d="M 297.29639,74.91064 L 181.06688,74.91064 C 179.8203,74.91064 178.80614,75.92529 178.80614,77.17187 L 178.80614,116.66748 C 178.80614,116.94922 179.03466,117.17822 179.31639,117.17822 L 299.04639,117.17822 C 299.32813,117.17822 299.55713,116.94922 299.55713,116.66748 L 299.55713,77.17188 C 299.55713,75.92529 298.54297,74.91064 297.29639,74.91064 z M 181.06688,75.93213 L 297.29639,75.93213 C 297.97998,75.93213 298.53565,76.48828 298.53565,77.17188 C 298.53565,77.17188 298.53565,93.09131 298.53565,104.59034 L 215.4619,104.59034 C 212.41698,110.09571 206.55077,113.83399 199.81835,113.83399 C 193.083,113.83399 187.21825,110.09913 184.1748,104.59034 L 179.82666,104.59034 C 179.82666,93.09132 179.82666,77.17188 179.82666,77.17188 C 179.82664,76.48828 180.38329,75.93213 181.06688,75.93213 z"
 97 |    id="path294" />
 98 | 
 99 | 	<g
100 |    enable-background="new    "
101 |    id="g296">
102 | 		<path
103 |    d="M 265.60986,112.8833 C 265.68994,113.03906 265.79736,113.16504 265.93115,113.26172 C 266.06494,113.35791 266.22119,113.42969 266.40088,113.47608 C 266.58154,113.52296 266.76807,113.54639 266.96045,113.54639 C 267.09033,113.54639 267.22998,113.53565 267.3794,113.51368 C 267.52784,113.4922 267.66749,113.44972 267.79835,113.3877 C 267.92823,113.32569 268.03761,113.23975 268.12355,113.13086 C 268.21144,113.02197 268.25441,112.88379 268.25441,112.71533 C 268.25441,112.53515 268.19679,112.38916 268.08156,112.27685 C 267.9673,112.16455 267.81594,112.07177 267.62941,111.99658 C 267.44386,111.92236 267.23195,111.85693 266.9966,111.80078 C 266.76027,111.74463 266.52101,111.68262 266.27883,111.61377 C 266.02981,111.55176 265.78762,111.47559 265.55129,111.38525 C 265.31594,111.29541 265.10402,111.17822 264.9175,111.03515 C 264.73098,110.89208 264.58059,110.71337 264.46535,110.49853 C 264.35109,110.28369 264.29347,110.02392 264.29347,109.71923 C 264.29347,109.37646 264.36671,109.07958 264.51222,108.82763 C 264.6587,108.57568 264.85011,108.36572 265.08644,108.19726 C 265.32179,108.02929 265.58937,107.90478 265.8882,107.82372 C 266.18605,107.74315 266.48488,107.70263 266.78273,107.70263 C 267.13136,107.70263 267.46535,107.74169 267.78566,107.81982 C 268.105,107.89746 268.39015,108.02392 268.6382,108.19824 C 268.88722,108.37256 269.08449,108.59521 269.23097,108.86621 C 269.37648,109.13721 269.44972,109.46582 269.44972,109.85156 L 268.02784,109.85156 C 268.01514,109.65234 267.97315,109.4873 267.90284,109.35693 C 267.83155,109.22607 267.73682,109.12353 267.61964,109.04834 C 267.50148,108.97412 267.36671,108.9209 267.21534,108.89014 C 267.063,108.85889 266.89796,108.84326 266.71827,108.84326 C 266.60108,108.84326 266.48292,108.85596 266.36573,108.88037 C 266.24757,108.90576 266.14112,108.94922 266.04542,109.01123 C 265.94874,109.07373 265.86964,109.15137 265.80812,109.24463 C 265.7466,109.33838 265.71535,109.45654 265.71535,109.59961 C 265.71535,109.73047 265.73976,109.83643 265.78957,109.91699 C 265.83937,109.99804 265.93801,110.07275 266.08352,110.14111 C 266.22903,110.20947 266.43118,110.27832 266.68899,110.34668 C 266.9468,110.41504 267.28372,110.50244 267.70071,110.60791 C 267.82473,110.63281 267.99661,110.67822 268.21731,110.74365 C 268.43801,110.80908 268.65676,110.91308 268.87454,111.05615 C 269.09231,111.1997 269.27981,111.39111 269.43899,111.63037 C 269.59719,111.87012 269.67629,112.17676 269.67629,112.55029 C 269.67629,112.85547 269.61672,113.13867 269.49856,113.3999 C 269.3804,113.66162 269.20461,113.8872 268.97122,114.07666 C 268.73782,114.26709 268.44876,114.41455 268.10403,114.52051 C 267.75833,114.62647 267.35794,114.6792 266.90481,114.6792 C 266.53762,114.6792 266.18118,114.63379 265.83547,114.54346 C 265.49074,114.45313 265.18508,114.31104 264.92043,114.11768 C 264.65676,113.92432 264.4468,113.67774 264.29055,113.37891 C 264.13528,113.07959 264.06106,112.7251 264.06692,112.31397 L 265.4888,112.31397 C 265.48877,112.53809 265.52881,112.72803 265.60986,112.8833 z"
104 |    id="path298"
105 |    style="fill:#ffffff" />
106 | 
107 | 		<path
108 |    d="M 273.8667,107.8667 L 276.35986,114.53076 L 274.8374,114.53076 L 274.33349,113.04638 L 271.84033,113.04638 L 271.31787,114.53076 L 269.84326,114.53076 L 272.36377,107.8667 L 273.8667,107.8667 z M 273.95068,111.95264 L 273.11084,109.50928 L 273.09229,109.50928 L 272.22315,111.95264 L 273.95068,111.95264 z"
109 |    id="path300"
110 |    style="fill:#ffffff" />
111 | 
112 | 	</g>
113 | 
114 | 	<g
115 |    enable-background="new    "
116 |    id="g302">
117 | 		<path
118 |    d="M 239.17821,107.8667 C 239.49559,107.8667 239.78563,107.89502 240.04735,107.95068 C 240.30907,108.00683 240.53368,108.09863 240.72118,108.22607 C 240.9077,108.35351 241.05321,108.52295 241.15575,108.73437 C 241.25829,108.94579 241.31005,109.20703 241.31005,109.51806 C 241.31005,109.854 241.23388,110.13329 241.08056,110.35742 C 240.92822,110.58154 240.70165,110.76465 240.40283,110.90771 C 240.81494,111.02587 241.12256,111.23291 241.32568,111.5288 C 241.5288,111.82469 241.63037,112.18114 241.63037,112.59814 C 241.63037,112.93408 241.56494,113.22509 241.43408,113.47119 C 241.30322,113.7168 241.12646,113.91748 240.90576,114.07324 C 240.68408,114.229 240.43115,114.34424 240.14795,114.41845 C 239.86377,114.49365 239.57275,114.53075 239.27295,114.53075 L 236.03662,114.53075 L 236.03662,107.86669 L 239.17821,107.86669 L 239.17821,107.8667 z M 238.99071,110.56201 C 239.25243,110.56201 239.46727,110.5 239.63622,110.37597 C 239.80419,110.25146 239.88817,110.05029 239.88817,109.77099 C 239.88817,109.61572 239.85985,109.48828 239.80419,109.38915 C 239.74755,109.28954 239.67333,109.21239 239.57958,109.15624 C 239.48583,109.10058 239.37841,109.06151 239.25731,109.04003 C 239.13524,109.01806 239.00926,109.00732 238.8784,109.00732 L 237.50535,109.00732 L 237.50535,110.56201 L 238.99071,110.56201 z M 239.07664,113.39014 C 239.22019,113.39014 239.35691,113.37647 239.48777,113.34815 C 239.61863,113.32032 239.73484,113.27344 239.83445,113.2085 C 239.93406,113.14307 240.01316,113.0542 240.07273,112.94239 C 240.1323,112.83058 240.1616,112.68751 240.1616,112.51319 C 240.1616,112.17139 240.06492,111.92725 239.87156,111.78126 C 239.6782,111.63527 239.42234,111.56202 239.10496,111.56202 L 237.50535,111.56202 L 237.50535,113.39014 L 239.07664,113.39014 z"
119 |    id="path304"
120 |    style="fill:#ffffff" />
121 | 
122 | 		<path
123 |    d="M 241.88914,107.8667 L 243.53269,107.8667 L 245.09324,110.49854 L 246.64402,107.8667 L 248.27781,107.8667 L 245.80418,111.97315 L 245.80418,114.53077 L 244.33543,114.53077 L 244.33543,111.93604 L 241.88914,107.8667 z"
124 |    id="path306"
125 |    style="fill:#ffffff" />
126 | 
127 | 	</g>
128 | 
129 | 	<g
130 |    id="g6316_1_"
131 |    transform="matrix(0.624995,0,0,0.624995,391.2294,176.9332)">
132 | 		
133 | 			<path
134 |    id="path6318_1_"
135 |    cx="475.97119"
136 |    ry="29.209877"
137 |    cy="252.08646"
138 |    type="arc"
139 |    rx="29.209877"
140 |    d="M -175.0083,-139.1153 C -175.00204,-129.7035 -182.62555,-122.06751 -192.03812,-122.06049 C -201.44913,-122.05341 -209.08512,-129.67774 -209.09293,-139.09028 C -209.09293,-139.09809 -209.09293,-139.10749 -209.09293,-139.1153 C -209.09919,-148.52784 -201.47413,-156.1623 -192.06311,-156.17011 C -182.65054,-156.17713 -175.01456,-148.55207 -175.0083,-139.14026 C -175.0083,-139.13092 -175.0083,-139.1239 -175.0083,-139.1153 z"
141 |    style="fill:#ffffff" />
142 | 
143 | 		<g
144 |    id="g6320_1_"
145 |    transform="translate(-23.9521,-89.72962)">
146 | 			<path
147 |    id="path6322_1_"
148 |    d="M -168.2204,-68.05536 C -173.39234,-68.05536 -177.76892,-66.25067 -181.35175,-62.64203 C -185.02836,-58.90759 -186.86588,-54.48883 -186.86588,-49.38568 C -186.86588,-44.28253 -185.02836,-39.89416 -181.35175,-36.22308 C -177.67673,-32.55114 -173.29859,-30.71521 -168.2204,-30.71521 C -163.07974,-30.71521 -158.62503,-32.56677 -154.85312,-36.26996 C -151.30307,-39.78558 -149.52652,-44.15827 -149.52652,-49.38568 C -149.52652,-54.6123 -151.33432,-59.03265 -154.94843,-62.64203 C -158.5625,-66.25067 -162.98599,-68.05536 -168.2204,-68.05536 z M -168.17352,-64.69519 C -163.936,-64.69519 -160.33752,-63.20221 -157.37655,-60.21466 C -154.38748,-57.25836 -152.89214,-53.64899 -152.89214,-49.38568 C -152.89214,-45.09186 -154.35466,-41.52856 -157.28438,-38.69653 C -160.36876,-35.64727 -163.99849,-34.12304 -168.17351,-34.12304 C -172.34856,-34.12304 -175.94701,-35.63244 -178.96892,-38.64965 C -181.9908,-41.66918 -183.50176,-45.24657 -183.50176,-49.38567 C -183.50176,-53.52398 -181.97518,-57.13414 -178.92205,-60.21465 C -175.9939,-63.20221 -172.41107,-64.69519 -168.17352,-64.69519 z" />
149 | 
150 | 			<path
151 |    id="path6324_1_"
152 |    d="M -176.49548,-52.02087 C -175.75171,-56.71856 -172.44387,-59.22949 -168.30008,-59.22949 C -162.33911,-59.22949 -158.70783,-54.90448 -158.70783,-49.1372 C -158.70783,-43.50982 -162.57194,-39.13793 -168.39383,-39.13793 C -172.39856,-39.13793 -175.98297,-41.60277 -176.63611,-46.43877 L -171.93292,-46.43877 C -171.7923,-43.92778 -170.1626,-43.04418 -167.83447,-43.04418 C -165.1813,-43.04418 -163.4563,-45.50908 -163.4563,-49.27709 C -163.4563,-53.22942 -164.94693,-55.32244 -167.74228,-55.32244 C -169.79074,-55.32244 -171.55948,-54.57787 -171.93292,-52.02087 L -170.56418,-52.02789 L -174.26734,-48.32629 L -177.96894,-52.02789 L -176.49548,-52.02087 z" />
153 | 
154 | 		</g>
155 | 
156 | 	</g>
157 | 
158 | 	<g
159 |    id="g313">
160 | 		<circle
161 |    cx="242.56226"
162 |    cy="90.224609"
163 |    r="10.8064"
164 |    id="circle315"
165 |    sodipodi:cx="242.56226"
166 |    sodipodi:cy="90.224609"
167 |    sodipodi:rx="10.8064"
168 |    sodipodi:ry="10.8064"
169 |    style="fill:#ffffff" />
170 | 
171 | 		<g
172 |    id="g317">
173 | 			<path
174 |    d="M 245.68994,87.09766 C 245.68994,86.68116 245.35205,86.34424 244.93603,86.34424 L 240.16357,86.34424 C 239.74755,86.34424 239.40966,86.68115 239.40966,87.09766 L 239.40966,91.87061 L 240.74071,91.87061 L 240.74071,97.52295 L 244.3579,97.52295 L 244.3579,91.87061 L 245.68993,91.87061 L 245.68993,87.09766 L 245.68994,87.09766 z"
175 |    id="path319" />
176 | 
177 | 			<circle
178 |    cx="242.5498"
179 |    cy="84.083008"
180 |    r="1.63232"
181 |    id="circle321"
182 |    sodipodi:cx="242.5498"
183 |    sodipodi:cy="84.083008"
184 |    sodipodi:rx="1.63232"
185 |    sodipodi:ry="1.63232" />
186 | 
187 | 		</g>
188 | 
189 | 		<path
190 |    clip-rule="evenodd"
191 |    d="M 242.53467,78.31836 C 239.30322,78.31836 236.56641,79.4458 234.32715,81.70215 C 232.0293,84.03516 230.88086,86.79736 230.88086,89.98633 C 230.88086,93.1753 232.0293,95.91846 234.32715,98.21338 C 236.625,100.50781 239.36133,101.65527 242.53467,101.65527 C 245.74756,101.65527 248.53272,100.49853 250.88819,98.18359 C 253.10889,95.98681 254.21827,93.2539 254.21827,89.98632 C 254.21827,86.71874 253.08936,83.95751 250.83057,81.70214 C 248.57178,79.4458 245.80615,78.31836 242.53467,78.31836 z M 242.56396,80.41797 C 245.2124,80.41797 247.46142,81.35156 249.31103,83.21875 C 251.18115,85.06592 252.11572,87.32227 252.11572,89.98633 C 252.11572,92.66992 251.20068,94.89746 249.36963,96.66699 C 247.4419,98.57275 245.17334,99.52539 242.56397,99.52539 C 239.9546,99.52539 237.70557,98.58252 235.81739,96.6958 C 233.92774,94.80957 232.98389,92.57324 232.98389,89.98633 C 232.98389,87.3999 233.93799,85.14404 235.84619,83.21875 C 237.67676,81.35156 239.9165,80.41797 242.56396,80.41797 z"
192 |    id="path323"
193 |    style="fill-rule:evenodd" />
194 | 
195 | 	</g>
196 | 
197 | </g>
198 |   </g>
199 | </svg>
200 | 


--------------------------------------------------------------------------------