# OWASP API 2023 Dashboard
The [OWASP API Security Top 10](https://owasp.org/www-project-api-security/) is a gold standard for the evaluation of security risk in APIs. To help you measure your API's security posture against these API threats, Wallarm offers the dashboard that provides clear visibility and metrics for threat mitigation.
Covering the [OWASP API Security Top 10 2023](https://owasp.org/API-Security/editions/2023/en/0x00-header/), the dashboard allows you to assess the overall security state and proactively implement security controls to address identified issues.
## Threat assessment
Wallarm estimates the risk for each API threat based on applied **security controls** and discovered vulnerabilities:
* **Red** - it happens if there are no security controls applied or your APIs have active high risk vulnerabilities.
* **Yellow** - it happens if security controls are only partially applied or your APIs have active medium or low risk vulnerabilities.
* **Green** indicates that your APIs are protected and do not have open vulnerabilities.
## Wallarm security controls for OWASP API 2023
Wallarm security platform provides full-fledged protection against OWASP API Security Top 10 2023 by the following security controls:
| OWASP API Top 10 threat 2023 | Wallarm security controls |
| ----------------------- | ------------------------ |
| [API1:2023 Broken Object Level Authorization](https://github.com/OWASP/API-Security/blob/master/editions/2023/en/0xa1-broken-object-level-authorization.md) | - [BOLA](https://docs.wallarm.com/attacks-vulns-list.md#broken-object-level-authorization-bola) mitigation with [method available](https://docs.wallarm.com/admin-en/configuration-guides/protecting-against-bola-trigger.md#configuration-method) in your subscription plan (mitigation controls or triggers)
|
| [API2:2023 Broken Authentication](https://github.com/OWASP/API-Security/blob/master/editions/2023/en/0xa2-broken-authentication.md) | - [Brute force](https://docs.wallarm.com/attacks-vulns-list.md#brute-force-attack) mitigation with [method available](https://docs.wallarm.com/admin-en/configuration-guides/protecting-against-bruteforce.md#configuration-method) in your subscription plan (mitigation controls or triggers) to protect authentication endpoints
|
| [API3:2023 Broken Object Property Level Authorization](https://github.com/OWASP/API-Security/blob/master/editions/2023/en/0xa3-broken-object-property-level-authorization.md) | - Enabled [Detecting Security Issues](https://docs.wallarm.com/api-attack-surface/security-issues.md) to detect vulnerabilities
- [BOLA](https://docs.wallarm.com/attacks-vulns-list.md#broken-object-level-authorization-bola) mitigation with [method available](https://docs.wallarm.com/admin-en/configuration-guides/protecting-against-bola-trigger.md#configuration-method) in your subscription plan (mitigation controls or triggers)
|
| [API4:2023 Unrestricted Resource Consumption](https://github.com/OWASP/API-Security/blob/master/editions/2023/en/0xa4-unrestricted-resource-consumption.md) | - [DoS protection](https://docs.wallarm.com/api-protection/dos-protection.md) to prevent unrestricted resource consumption
- [Brute force](https://docs.wallarm.com/attacks-vulns-list.md#brute-force-attack) mitigation with [method available](https://docs.wallarm.com/admin-en/configuration-guides/protecting-against-bruteforce.md#configuration-method) in your subscription plan (mitigation controls or triggers) to prevent brute force attacks which often lead to DoS, making the API unresponsive or even unavailable
|
| [API5:2023 Broken Function Level Authorization](https://github.com/OWASP/API-Security/blob/master/editions/2023/en/0xa5-broken-function-level-authorization.md) | - [Forced browsing](https://docs.wallarm.com/attacks-vulns-list.md#forced-browsing) mitigation with [method available](https://docs.wallarm.com/admin-en/configuration-guides/protecting-against-forcedbrowsing.md#configuration-method) in your subscription plan (mitigation controls or triggers) to mitigate forced browsing attempts that are also a way for this threat exploitation
- [File upload restriction policies](https://docs.wallarm.com/api-protection/file-upload-restriction.md) applied with [method available](https://docs.wallarm.com/api-protection/file-upload-restriction.md#configuration-method) in your subscription plan (mitigation controls or rules)
|
| [API6:2023 Unrestricted Access to Sensitive Business Flows](https://github.com/OWASP/API-Security/blob/master/editions/2023/en/0xa6-unrestricted-access-to-sensitive-business-flows.md) | - [API Abuse Prevention](https://docs.wallarm.com/api-abuse-prevention/overview.md) mitigating malicious bot actions
|
| [API7:2023 Server Side Request Forgery](https://github.com/OWASP/API-Security/blob/master/editions/2023/en/0xa7-server-side-request-forgery.md) | - Enabled [Detecting Security Issues](https://docs.wallarm.com/api-attack-surface/security-issues.md) to detect vulnerabilities
- [Filtering node](https://docs.wallarm.com/about-wallarm/overview.md#how-wallarm-works) acting in the appropriate [mode](https://docs.wallarm.com/admin-en/configure-wallarm-mode.md)
|
| [API8:2023 Security Misconfiguration](https://github.com/OWASP/API-Security/blob/master/editions/2023/en/0xa8-security-misconfiguration.md) | - Wallarm node self-checks to keep node versions and security policies up to date (see [how to address the issues](https://docs.wallarm.com/faq/node-issues-on-owasp-dashboards.md))
|
| [API9:2023 Improper Inventory Management](https://github.com/OWASP/API-Security/blob/master/editions/2023/en/0xa9-improper-inventory-management.md) | - [API Discovery](https://docs.wallarm.com/api-discovery/overview.md) to automatically discover actual API inventory based on real traffic
|
| [API10:2023 Unsafe Consumption of APIs](https://github.com/OWASP/API-Security/blob/master/editions/2023/en/0xaa-unsafe-consumption-of-apis.md) | - Enabled [Detecting Security Issues](https://docs.wallarm.com/api-attack-surface/security-issues.md) to detect vulnerabilities
|