OWASP API Security Top-10 for 2023 Risk Ratings
wallarm, Wednesday, June 7,2023
As you know by now, the final version of the OWASP API Security Top-10 2023 has been released. At first blush, the final 2023 release seems to retain most of the changes in category naming, language and intent from the 2019 edition which we saw in the RC version.
In this post, we are going to further explore the comment in yesterday's post about risk ratings- because it turns out the changes buried in them are probably impactful to your API security program.
First, what are these risk ratings?
Basically, Risk = Likelihood x Impact - the likelihood of an attacker finding and exploiting a particular category, and the potential impact of that exploit. As OWASP writes in the Note About Risks: