2023 OWASP Top-10 Series: Spotlight on Injection
wallarm, Wednesday, October 4,2023
Welcome to the 12th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. In this series we are taking an in-depth look at each category - the details, the impact and what you can do about it
This post will put a spotlight on Injection, which used to be its own category (OWASP API8:2019) but has now been subsumed into OWASP API10:2023 (Unsafe Consumption of APIs).
TL;DR
API injections involve malicious data or code being inserted into an API, posing risks like unauthorized access and data breaches. Our data show injections constitute the largest single API risk group, so we recommend you treat them as a critical part of your API security program.