OWASP API Security Top 10 Dasboards¶
The OWASP API Security Top 10 is a gold standard for the evaluation of security risk in APIs. To help you measure your API's security posture against these API threats, Wallarm offers the dashboards that provide clear visibility and metrics for threat mitigation.
The dashboards cover both the OWASP API Security Top 10 2019 and the upcoming OWASP API Security Top 10 2023 release candidate, expected to launch later this year.
By using these dashboards, you can assess the overall security state and proactively address discovered security issues by setting up appropriate security controls.
Threat assessment¶
Wallarm estimates the risk for each API threat based on applied security controls and discovered vulnerabilities:
-
Red - it happens if there are no security controls applied or your APIs have active high risk vulnerabilities.
-
Yellow - it happens if security controls are only partially applied or your APIs have active medium or low risk vulnerabilities.
-
Green indicates that your APIs are protected and do not have open vulnerabilities.
For each OWASP API Top 10 threat you can find detailed info about the threat, available security controls, corresponding vulnerabilities, and investigate related attacks:
Wallarm security controls for OWASP API 2019¶
Wallarm security platform provides full-fledged protection against OWASP API Security Top 10 2019 by the following security controls:
OWASP API Top 10 threat 2019 | Wallarm security controls |
---|---|
API1:2019 Broken Object Level Authorization |
|
API2:2019 Broken User Authentication |
|
API3:2019 Excessive Data Exposure |
|
API4:2019 Lack of Resources & Rate Limiting |
|
API5:2019 Broken Function Level Authorization |
|
API6:2019 Mass Assignment |
|
API7:2019 Security Misconfiguration |
|
API8:2019 Injection |
|
API9:2019 Improper Assets Management |
|
API10:2019 Insufficient Logging & Monitoring |
|
Wallarm security controls for OWASP API 2023¶
Wallarm security platform provides full-fledged protection against OWASP API Security Top 10 2023 by the following security controls:
OWASP API Top 10 threat 2023 | Wallarm security controls |
---|---|
API1:2023 Broken Object Level Authorization |
|
API2:2023 Broken User Authentication |
|
API3:2023 Broken Object Property Level Authorization |
|
API4:2023 Unrestricted Resource Consumption |
|
API5:2023 Broken Function Level Authorization |
|
API6:2023 Server Side Request Forgery |
|
API7:2023 Security Misconfiguration |
|
API8:2023 Lack of Protection from Automated Threats |
|
API9:2023 Improper Inventory Management |
|
API10:2023 Unsafe Consumption of APIs |
|
Comparison of OWASP API Top 10 2019 and 2023¶
According to the OWASP project, the top security threats for 2023 are largely similar to those identified in 2019, with a few notable exceptions:
-
The API6:2019 Mass Assignment threat has been combined with API3:2023 Broken Object Property Level Authorization.
-
The API8:2019 Injection threat is no longer listed separately and has been included in the new API10:2023 Unsafe Consumption of APIs category.
-
The API10:2019 Insufficient Logging & Monitoring threat has been removed from the OWASP API Security Top 10.
-
The new API6:2023 Server Side Request Forgery and API8:2023 Lack of Protection from Automated Threats risks have been added to the list that underscores the significance of these API threats.