The rise of the APIs is changing the security landscape so fundamentally that a new approach is needed. As a result, OWASP has launched a separate project dedicated purely to API security. The OWASP API Security Top 10 project focuses specifically on the top ten vulnerabilities in API security.
The new project recognizes the crucial role that APIs play in application architecture and application security today. It also recognises the emergence of API-specific issues that need to be on the security radar. The first and only OWASP API Security Top 10 list was released on 31 December 2019.
OWASP API Security Top 10 Vulnerabilities
- API1:2019 — Broken object level authorization
- API2:2019 — Broken authentication
- API3:2019 — Excessive data exposure
- API4:2019 — Lack of resources and rate limiting
- API5:2019 — Broken function level authorization
- API6:2019 — Mass assignment
- API7:2019 — Security misconfiguration
- API8:2019 — Injection
- API9:2019 — Improper assets management
- API10:2019 — Insufficient logging and monitoring