2019 OWASP API Security Top 10

Looking for an updated version? Download the 2023 OWASP API Security Best Practices Guide here.

The OWASP Top 10 is a standard awareness document and is the closest approximation of a set of rules for how to build secure applications that the development and web application security community has. We created this ebook to provide an overview of the OWASP top 10 API security vulnerabilities, and the methodologies used to mitigate them.

Vulnerabilities covered in this ebook include:

• API1:2019 – Broken Object Level Authorization
• API2:2019 – Broken User Authentication
• API3:2019 – Excessive Data Exposure
• API4:2019 – Lack of Resource & Rate Limiting
• API5:2019 – Broken Function Level Authorization
• API6:2019 – Mass Assignment
• API7:2019 – Security Misconfiguration
• API8:2019 – Injection
• API9:2019 – Improper Assets Management
• API10:2019 – Insufficient Logging and Monitoring