API misconfiguration Archives

OWASP Top 10 API Security Risks – 2023: API10:2023 – Unsafe Consumption of APIs

21 February 2025 by Krishna

The term “unsafe consumption of APIs” refers to the practice where developers trust data received from third-party APIs more than they trust user input, leading to weaker security standards for the data coming from these integrated services. Typically, this occurs because third-party APIs are seen as more “trusted” than direct user input, so developers may not apply the same level of scrutiny or security measures when consuming data from these external sources.

Improper-API-Inventory-Mgmt-KrishnaG-CEO

OWASP Top 10 API Security Risks – 2023: API9:2023 – Improper Inventory Management

20 February 2025 by Krishna

Improper inventory management refers to the failure to adequately track and manage the lifecycle of APIs within an organisation. This includes:

– Keeping track of all deployed API versions.
– Documenting endpoints, their functions, and access control requirements.
– Managing deprecated or unused versions.
– Ensuring that sensitive or debug information is not exposed via endpoints.
– Auditing and monitoring API usage regularly.

When APIs are not properly inventoried, organisations may unknowingly expose insecure or deprecated API versions to the public. This can lead to serious security issues, as older versions may lack critical patches or expose debugging functionality that provides attackers with valuable information.

OWASP Top 10 API Security Risks – 2023: API3:2023 – Broken Object Property Level Authorisation

14 February 2025 by Krishna

API3:2023 represents a nuanced security challenge where improper or absent authorisation checks allow attackers to access or manipulate sensitive properties of an object within an API. Unlike broader access control issues, this risk focuses specifically on granular authorisation, which determines the visibility or modifiability of individual object properties.