API Security

  • API security is critical because APIs (Application Programming Interfaces) are the backbone of many modern applications and allow for communication between different software components.
  • Hackers can target vulnerabilities in APIs to gain access to sensitive data, execute malicious code, or even take over entire systems.
  • API security breaches can have severe consequences, including financial losses, damage to reputation, and legal liabilities. Ensuring the security of APIs is crucial for protecting organizations and their customers from cyber threats.

OWASP API Security Project

  • The OWASP (Open Web Application Security Project) API Security Top 10 list provides a framework for identifying and addressing common API security risks.
  • Recently, OWASP announced the first release candidate for the API Security Top 10 - 2023

OWASP Top 10 APIs 2019 vs 2023RC

Let’s compare API Top 10 2019 with 2023RC in quick-table:

API20192023RC
API01Broken Object Level AuthorizationBroken Object Level Authorization
API02Broken User AuthenticationBroken Authentication
API03Excessive Data ExposureBroken Object Property Level Authorization
API04Lack of Resources & Rate LimitingUnrestricted Resource Consumption
API05Broken Function Level AuthorizationBroken Function Level Authorization
API06Mass AssignmentServer Side Request Forgery
API07Security MisconfigurationSecurity Misconfiguration
API08InjectionLack of Protection from Automated Threats
API09Improper Assets ManagementImproper Inventory Management
API10Insufficient Logging & MonitoringUnsafe Consumption of APIs

Akto’s Blog Infographic

OWASP Top 10 APIs 2019 vs 2023

References