API Top 10
7.7 API Top 10
The OWASP API Security Project (API Top 10) explains strategies and solutions to help the understanding and mitigation of the unique vulnerabilities and security risks of Application Programming Interfaces (APIs).
The API Top 10 is an OWASP Laboratory Project which is accessed as a web based document.
What is the API Top 10?
The use of Application Programming Interfaces (APIs) comes with security risks. Given that APIs are widely used in various types of applications, the OWASP API Security Project created and maintains the Top 10 API Security Risks document as well as a documentation portal for best practices when creating or assessing APIs.
- API1:2023 - Broken Object Level Authorization
- API2:2023 - Broken Authentication
- API3:2023 - Broken Object Property Level Authorization
- API4:2023 - Unrestricted Resource Consumption
- API5:2023 - Broken Function Level Authorization
- API6:2023 - Unrestricted Access to Sensitive Business Flows
- API7:2023 - Server Side Request Forgery
- API8:2023 - Security Misconfiguration
- API9:2023 - Improper Inventory Management
- API10:2023 - Unsafe Consumption of APIs
Why use it?
Most software projects use APIs in some form or another. Developers and security engineers should be encouraged to refer to the API Security Top 10 to assist them when acting as security builders, breakers, and defenders for an organization.
The OWASP Developer Guide is a community effort; if there is something that needs changing then submit an issue or edit on GitHub.
\newpage