OWASP Top 10 API Security Risks – 2023: API3:2023 – Broken Object Property Level Authorisation
API3:2023 represents a nuanced security challenge where improper or absent authorisation checks allow attackers to access or manipulate sensitive properties of an object within an API. Unlike broader access control issues, this risk focuses specifically on granular authorisation, which determines the visibility or modifiability of individual object properties.