The Open Web Application Security Project (OWASP) is a global community of security professionals who aim to improve the security of web applications and APIs. One of their most popular projects is the OWASP API top 10, which is a list of the most common and critical security risks for APIs.
The OWASP API top 10 was first released in 2017, based on data from hundreds of real-world API security incidents and expert opinions. Since then, the API landscape has evolved significantly, with new technologies, standards, and threats emerging. Therefore, OWASP has decided to update the API top 10 to reflect the current state of API security.
The new OWASP API top 10 release candidate (RC) 2023 is now available for public review and feedback. The RC 2023 is based on a comprehensive data analysis of over 4000 API security incidents from various sources, such as bug bounty platforms, vulnerability databases, research papers, and industry reports. The RC 2023 also incorporates feedback from over 1000 API security experts and practitioners who participated in a survey conducted by OWASP.
The RC 2023 introduces some major changes to the previous version of the API top 10. Some of the risks have been renamed, restructured, or replaced to better reflect the current reality and severity of API security issues. The RC 2023 also provides more detailed…
