OWASP API Top 10

Final Words

While OWASP has provided this Top 10 API vulnerability list as a function of their exploitability, prevalence, detectability, and severity, it is important to recognize that APIs may contain several of these security issues at the same time. This in turn affects the API’s overall security, allowing attackers to find and exploit the combination of vulnerabilities. As an API is updated to allow for new functionality, some errors may be introduced in the process. Thankfully, the listed vulnerabilities span various aspects of APIs, from user authentication to securing endpoints and ensuring that there is sufficient logging and monitoring to catch malicious actors as fast as possible; therefore, API developers reading this report and article will be able to enhance the security around their API from various perspectives. As OWASP aims to release such a report on API security every couple of years, we expect to see a report soon covering the latest vulnerabilities; we anticipate that some of the ones that figure in this list will be present in the next iteration too.