OWASP API Security Top Ten 2019
OWASP API Security Top Ten 2019
Epistemic status: Confident this is the OWASP list from 2019. Entirely unsure how much drift has occurred in the 4 years since OWASP published this list.
Epistemic effort: Just beginning to research
Inspired by the OWASP Top 10 Web Application Security Risks 2021 (well, earlier versions of the Top 10 list...), OWASP has published a list of the top 10 issues for API Security.
API Security Top 10 2019
- API1:2019 - Broken Object Level Authorization
- API2:2019 - Broken User Authentication
- API3:2019 - Excessive Data Exposure
- API4:2019 - Lack of Resources & Rate Limiting
- API5:2019 - Broken Function Level Authorization
- API6:2019 - Mass Assignment
- API7:2019 - Security Misconfiguration
- API8:2019 - Injection
- API9:2019 - Improper Assets Management
- API10:2019 - Insufficient Logging & Monitoring