Skip to content

Release Notes

This is the first OWASP API Security Top 10 edition, which we plan to be updated periodically, every three or four years.

Unlike this version, in future versions, we want to make a public call for data, involving the security industry in this effort. In the Methodology and Data section, you'll find more details about how this version was built. For more details about the security risks, please refer to the API Security Risks section.

It is important to realize that over the last few years, architecture of applications has significantly changed. Currently, APIs play a very important role in this new architecture of microservices, Single Page Applications (SPAs), mobile apps, IoT, etc.

The OWASP API Security Top 10 was a required effort to create awareness about modern API security issues. It was only possible due to a great effort of several volunteers, all of them listed in the Acknowledgments section. Thank you!