Welcome to the 12th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. In this series we are taking an in-depth look at each category – the details, the impact and what you can do about it. To see previous posts you might have missed, click here.
This post will put a spotlight on Injection, which used to be its own category (OWASP API8:2019) but has now been subsumed into OWASP API10:2023 (Unsafe Consumption of APIs).
TL;DR
API injections involve malicious data or code being inserted into an API, posing risks like unauthorized access and data breaches. Our data show injections constitute the largest single API risk group, so we recommend you treat them as a critical part of your API security program.
The Details
An API injection attack, often referred to as Injection, is a type of security vulnerability that occurs when an attacker is able to manipulate or inject malicious code into an API request. This malicious code is typically designed to exploit the API’s processing mechanism and execute unintended actions on the server. However, the most recent OWASP Top-10 2021 moved client-side injections (aka Cros ..
Support the originator by clicking the read the rest link below.
