OWASP API Security Top 10 2019 vs 2023RC

API security is critical because APIs (Application Programming Interfaces) are the backbone of many modern applications and allow for communication between different software components.
Hackers can target vulnerabilities in APIs to gain access to sensitive data, execute malicious code, or even take over entire systems.
API security breaches can have severe consequences, including financial losses, damage to reputation, and legal liabilities. Ensuring the security of APIs is crucial for protecting organizations and their customers from cyber threats.

The OWASP (Open Web Application Security Project) API Security Top 10 list provides a framework for identifying and addressing common API security risks.
Recently, OWASP announced the first release candidate for the API Security Top 10 - 2023

Let’s compare API Top 10 2019 with 2023RC in quick-table:

API	2019	2023RC
API01	Broken Object Level Authorization	Broken Object Level Authorization
API02	Broken User Authentication	Broken Authentication
API03	Excessive Data Exposure	Broken Object Property Level Authorization
API04	Lack of Resources & Rate Limiting	Unrestricted Resource Consumption
API05	Broken Function Level Authorization	Broken Function Level Authorization
API06	Mass Assignment	Server Side Request Forgery
API07	Security Misconfiguration	Security Misconfiguration
API08	Injection	Lack of Protection from Automated Threats
API09	Improper Assets Management	Improper Inventory Management
API10	Insufficient Logging & Monitoring	Unsafe Consumption of APIs

OWASP Top 10 APIs 2019 vs 2023