HOME / SUPPORT / OWASP API Top Ten 2023 Report

OWASP API Top Ten 2023 Report

The Open Web Application Security Project (OWASP) API Top 10 2023 is a list of top security concerns specific to web Application Programming Interface (API) security.

  • APIs are a critical part of modern mobile, Software as a Service (SaaS), and web applications and expose application logic and sensitive data, so APIs have become a target for attackers.
  • While general web application security best practices also apply to APIs, the OWASP API Security project has prepared a list of top 10 security concerns specific to web API security.
  • Thanks to the OWASP Top Ten API Report, you can identify the common weaknesses in your web application that malicious attackers can exploit.

A sample OWASP API Top 10 2023 report can be found here.

IMPORTANT:
Your web applications may contain other vulnerabilities and security issues that are not listed in the OWASP API Top Ten Report.

For more information, refer to Overview of Reports, Report Templates, and Built-In Reports.

How to generate an OWASP API Top Ten 2023 Report

  • In Acunetix 360, select Scans > Recent Scans from the left-side menu.
  • Next to the relevant scan, select Report.

  • On the Scan Summary page, click Export.

  • From the Report drop-down, select OWASP API Top Ten 2023.

  • From the Format drop-down, select PDF or HTML.
  • Use the checkboxes to configure your report:
  • Exclude Addressed Issues: Filters out issues that have already been acted upon. (By default, all Information-level findings are automatically marked as Accepted Risk. To modify this setting, go to Do not mark Information issues as accepted risks in General settings.)
    Exclude History of Issues: If enabled, the report will not include issue history. If disabled, the last 10 history logs will be included. For more information, refer to Viewing Issues in Acunetix 360.
    Export Confirmed: Includes only confirmed issues in the export.
    Export Unconfirmed: Includes only unconfirmed issues in the export.
  • Select Export to save the report at your selected location.

OWASP API Top Ten 2023 Report sections

There are four sections in the OWASP API Top Ten Report:

Scan metadata

This section provides details on the following items:

  • Scan Target
  • Scan Time
  • Scan Duration
  • Description
  • Total Requests
  • Average Speed
  • Risk Level

Vulnerabilities

This provides a numerical and graphical overview of:

  • Numbers: The number of issues detected at various Vulnerability severity levels
  • Identified Vulnerabilities: The total number of detected vulnerabilities
  • Confirmed Vulnerabilities: The total number of vulnerabilities that Acunetix 360 verified by taking extra steps such as extracting some data from the target

Vulnerability Names and Details

This section describes all identified issues and vulnerabilities, along with their Impact and Proof of Exploit. It also explains what Actions to Take and a Remedy for each one, including External References for more information.

This table lists and explains the headings in the Vulnerability Names and Details section.

Headings

Description

Name

This is the name of the identified issue.

Tag

This is the label to group, organize, and filter issues in the target web application.

Proof of exploit

This is a piece of evidence supplied to prove that the vulnerability exists, showing information that is extracted from the target using the vulnerability.

For more information, refer to Benefits of Proof-Based Scanning™ Technology.

Vulnerability details

This displays further details about the vulnerability.

Certainty value

This indicates how much Acunetix 360 is sure about the identified issue.

Impact

This shows the effect of the issue or vulnerability on the Target URL.

Required Skills for Successful Exploitation

This gives details on how malicious hackers could exploit this issue.

Actions to Take

These are the immediate steps you can take to decrease the impact or prevent exploitation.

Remedy

This offers further steps to resolve the identified issue.

External references

This provides links to other websites where you can find more information.

Classification

OWASP API Top Ten 2023: This provides further information about this vulnerability according to the 2023 Edition of the Open Web Application API Security Project (OWASP) Top 10 list.

Remedy references

This provides further information on the solution for identified issues.

Proof of Concept Notes

These notes demonstrate in principle how a system may be compromised.

Request

This is the whole HTTP request that Acunetix 360 sent in order to detect the issue.

Response

This is the reply from the system against the payload.

Show/Hide Scan Details

This section provides some profile and policy settings that Acunetix 360 uses to adjust its scanning to reach more coverage. For example, it lists all enabled security checks.

It provides information on your preference in selecting this scan so that developers have more details on how this scan was run.

For more information, refer to the Setting Security Check options.

« Back to the Acunetix Support Page