OWASP API Security Top 10 report 2023
APIs, or application program interfaces, are vital tools for businesses in all industries. Since there is a rise in use of APIs in many domains and APIs are a critical part of modern mobile, SaaS and web applications, it is inevitable to release the importance of API security and its unique vulnerabilities as compared to web applications. OWASP API Security Top 10 report help developers, testers, and users — as well as project managers, security researchers, and educators — provide insight into the most severe and current security weaknesses related to APIs.
Why it matters
The threat landscape for APIs constantly changes. APIs expose application logic and sensitive data such as Personally Identifiable Information (PII) and hence become a target for attackers. These factors make APIs more difficult to analyze, and can significantly change the threat landscape. To keep pace, the OWASP organization came up with the OWASP API Security Top 10 report that focuses on strategies and solutions to understand and mitigate the unique vulnerabilities and security risks of APIs.OWASP API Security Top 10 Vulnerabilities
ID | Name |
---|---|
API1 | Broken Object Level Authorization |
API2 | Broken Authentication |
API3 | Broken Object Property Level Authorization |
API4 | Unrestricted Resource Consumption |
API5 | Broken Function Level Authorization |
API6 | Unrestricted Access to Sensitive Business Flows |
API7 | Server Side Request Forgery |
API8 | Security Misconfiguration |
API9 | Improper Inventory Management |
API10 | Unsafe Consumption of APIs |