Skip to content
OWASP API Security Project
Branch: master
Clone or download
Type Name Latest commit message Commit time
Failed to load latest commit information.
2019/en fix(API3:2019): remove filter manipulation reference Oct 24, 2019
.editorconfig chore: repository bootstrap Apr 25, 2019
.gitignore fix: untrack lock file May 17, 2019 Add various prevention tips Sep 23, 2019 refator: add note about branch `develop` Jun 6, 2019
VERSION Bump version to 0.2.1 Oct 24, 2019

⚠️ OWASP API Security Top 10 2019 RC is waiting for comments and contributions. ⚠️

Please check the PDF and how to contribute. The working draft is in branch develop.

OWASP API Security Top 10

This project is designed to address the ever-increasing number of organizations that are deploying potentially sensitive APIs as part of their software offerings. These APIs are used for internal tasks and to interface with third parties. Unfortunately, many APIs do not undergo the rigorous security testing that would render them secure from attack.

The OWASP API Security Project seeks to provide value to software developers and security assessors by underscoring the potential risks in insecure APIs and illustrating how these risks may be mitigated. In order to facilitate this goal, the OWASP API Security Project will create and maintain a Top 10 API Security Risks document, as well as a documentation portal for best practices when creating or assessing APIs.


While working as developers or information security consultants, many people have encountered APIs as part of a project. While there are some resources to help create and evaluate these projects (such as the OWASP REST Security Cheat Sheet), there has not be a comprehensive security project designed to assist builders, breakers, and defenders in the community.

This project aims to create:

  • The OWASP Top Ten API Security Risks document, which can easily underscore the most common risks in the area.
  • Create a documentation portal for developers to build APIs in a secure manner.
  • Work with the security community to maintain living documents that evolve with security trends.

Project Leaders


The OWASP API Security Project documents are free to use!

The OWASP API Security Project is licensed under the Creative Commons Attribution-ShareAlike 3.0 license, so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

You can’t perform that action at this time.