Under active development — Content is continuously updated and improved

Home / Risk Lists / OWASP API Security Top 10

OWASP API Security Top 10 v2023

The OWASP API Security Top 10 represents the most critical security risks to APIs

This is a reference tool, not an authoritative source. For official documentation, visit owasp.org.

10 risks

Asset Management — Risks related to asset management

API9Improper Inventory Management

Authentication — Risks related to authentication

API2Broken Authentication

Authorization — Risks related to authorization

API1Broken Object Level Authorization

API3Broken Object Property Level Authorization

API5Broken Function Level Authorization

Business Logic — Risks related to business logic

API6Unrestricted Access to Sensitive Business Flows

Configuration — Risks related to configuration

API8Security Misconfiguration

Integration Security — Risks related to integration security

API10Unsafe Consumption of APIs

Resource Management — Risks related to resource management

API4Unrestricted Resource Consumption

Server Security — Risks related to server security

API7Server Side Request Forgery