Skip to content


This is the text version of OWASP API Security Top 10, used as source for any official versions of this document such the web site.

Contributions to the project such as comments, corrections, or translations should be done here. For details on How To Contribute, please refer to

  • Erez Yallon
  • Inon Shkedy
  • Paulo Silva