OWASP API Security Top 10 Dasboards¶
The OWASP API Security Top 10 is a gold standard for the evaluation of security risk in APIs. To help you measure your API's security posture against these API threats, Wallarm offers the dashboards that provide clear visibility and metrics for threat mitigation.
By using these dashboards, you can assess the overall security state and proactively address discovered security issues by setting up appropriate security controls.
Wallarm estimates the risk for each API threat based on applied security controls and discovered vulnerabilities:
Red - it happens if there are no security controls applied or your APIs have active high risk vulnerabilities.
Yellow - it happens if security controls are only partially applied or your APIs have active medium or low risk vulnerabilities.
Green indicates that your APIs are protected and do not have open vulnerabilities.
For each OWASP API Top 10 threat you can find detailed info about the threat, available security controls, corresponding vulnerabilities, and investigate related attacks:
Wallarm security controls for OWASP API 2019¶
Wallarm security platform provides full-fledged protection against OWASP API Security Top 10 2019 by the following security controls:
|OWASP API Top 10 threat 2019||Wallarm security controls|
|API1:2019 Broken Object Level Authorization|| |
|API2:2019 Broken User Authentication|
|API3:2019 Excessive Data Exposure|| |
|API4:2019 Lack of Resources & Rate Limiting|
|API5:2019 Broken Function Level Authorization|
|API6:2019 Mass Assignment|| |
|API7:2019 Security Misconfiguration|
|API8:2019 Injection|| |
|API9:2019 Improper Assets Management|| |
|API10:2019 Insufficient Logging & Monitoring|| |
Wallarm security controls for OWASP API 2023¶
Wallarm security platform provides full-fledged protection against OWASP API Security Top 10 2023 by the following security controls:
Comparison of OWASP API Top 10 2019 and 2023¶
According to the OWASP project, the top security threats for 2023 are largely similar to those identified in 2019, with a few notable exceptions:
The API6:2019 Mass Assignment threat has been combined with API3:2023 Broken Object Property Level Authorization.
The API10:2019 Insufficient Logging & Monitoring threat has been removed from the OWASP API Security Top 10.
The list now includes two new API threats, namely API6:2023 Unrestricted Access to Sensitive Business Flows, which introduces automated threats, and API7:2023 Server Side Request Forgery, thereby underscoring the significance of these threats.