OWASP API top 10 ‐ 2023 - Ravi-Upadhyay/cyber-security-playground GitHub Wiki

API1:2023 Broken Object Level Authorization

Description

Broken Object Level Authorization (BOLA) is a critical security vulnerability in APIs where attackers can access objects they are not authorized to. This occurs due to improper or missing authorization checks. BOLA can lead to unauthorized data exposure, modification, or deletion, posing significant risks to the security and privacy of sensitive information.

For more details, refer to the OWASP API1:2023 Broken Object Level Authorization page.

Reading notes:

• Here, Object refers to any entity that the API manages, such as a user, file, or record.
• BOLA - Broken Object Level Authorization.
• Look at scenarios given on the vulnerability page.

Resources over web

• OWASP API1:2023 Broken Object Level Authorization

---

API2:2023 Broken User Authentication

Description

Broken User Authentication is a security vulnerability in APIs where attackers can compromise user accounts by exploiting weaknesses in the authentication mechanisms. This can lead to unauthorized access to sensitive data, privilege escalation, and other security issues.

For more details, refer to the OWASP API2:2023 Broken User Authentication page.

Reading notes

• It describes, the gaps in the authentication mechanism.
• One should be aware all ways to authenticate the user in the application.
• Look at the scenarios given on the vulnerability page.

Resources over web

• OWASP API2:2023 Broken User Authentication
• OWASP Authentication Cheatsheet

---