Since 2003, OWASP (the Open Worldwide Application Security Project) has, every few years, released a ranking of its top 10 most relevant web application security risks. These rankings are informed entirely by contemporary research and feedback accumulated from the non-profit’s global “open community” of dedicated cybersecurity professionals, and they tend to impact the way organizations around the world analyze and plan out their future web application security practices.

The most recent OWASP Top 10 API Security Risks ranking, published in early July 2023, features several changes from the previous ranking published in September 2021.

Included on this list are several returning threats - some of which have been renamed - along with five new additions.

The below chart depicts the OWASP 2021 & 2023 rankings side by side with color-coded cells for new and returning threat inclusions:

In the above chart, the five threats removed from the 2021 list are highlighted in red, while the new additions to the 2023 list are highlighted in green. Of the returning inclusions, the three renamed threats are highlighted in beige on both lists, while the two unchanged inclusions are highlighted in light blue on both lists.

Broken Access Control is now referred to as Broken Object Level Authorization, while Identification and Authentication Failures are now referred to as Broken Authentication and Vulnerable and Outdated Components are renamed as Improper Inventory Management.

For more information regarding Cloudmersive API Security practices & solutions for mitigating common web application security risks, please do not hesitate to contact a member of our sales team.