OWASP: The Top 10 API Security Risks (Greek Translation)

OWASP (Open Web Application Security Project) is an open community that aims to help organizations to produce, procure and maintain applications and APIs that will be secure.



This list was created to make organizations and government agencies focus on the most serious of these security problems. Web application security has become a hot topic as companies rush to
make the services and material they offer accessible through the internet. At the same time, attackers turn their attention to the simple weaknesses that are created during the development of the programs.

When an organization uploads a web application it invites people to send HTTP requests. Attacks based on these requests pass through firewalls, filters, platforms and attack detection systems without being cut because they are embedded within the logical and expected HTTP request. Even secure websites that use SSL simply accept requests that arrive through the encrypted path without stopping it. This means that your web application code is part of your security perimeter. As the number, size and complexity of network applications increases, so does the security perimeter that we must propose.

These security issues created here are not new. In fact, we've been aware of some of these for decades. But still, for many reasons, in large software development projects, these mistakes are still made, offending not only the security of their customers, but also the security of the entire Internet. There is no golden solution to cure this problem. Today's technology for protection
of web applications is constantly evolving, but at the moment it can only address a limited number of sub-cases of the issues that arise, at best. To summarize the issues outlined in this essay, organizations will need to change the way they develop their applications, train their developers, revamp their software development processes
them and to use technology where needed.

The OWASP Top Ten is a list of security issues that require immediate attention. Existing code should be checked for these security issues immediately, as these points are prime targets for attackers. Software developers must address these issues in their documentation, design, implement, and test their applications to ensure they are not at risk from any of them. The managers of these programs must dedicate
time and money for application security activities including developer training, application security policy development, security mechanism design, attack control, and code review.

This list represents the combined wisdom of OWASP's experts, whose experience includes many years of working to secure government applications, financial, pharmaceutical, and industrial services, as well as development tools and technology. This document is designed to present the most serious network application security issues. There are many books and guides that describe them
these problems in more detail and provide detailed guidance on how to get rid of them.

The OWASP Top Ten is a dynamic document that is constantly evolving. It includes instructions and links to additional information helpful in fixing these types of security problems. We are constantly updating the list and guidelines as more and more critical threats appear all the time, while more and more recently updated
methods are discovered every now and then. We constantly encourage your contribution to this effort. This document is community-driven, and your experience in dealing with attackers and eliminating the security issues we present can help those who come after us.

A fundamental element of innovation in today's application-driven world is the application programming interface (API). From banking, retail and transportation to IoT, autonomous vehicles and smart cities, APIs are a critical part of modern mobile, SaaS and web applications. APIs can be found in customer-facing applications, partner-facing applications, and intra-company applications.

By their very nature, APIs leave some aspects of your business logic exposed
application (business logic) as well as sensitive data such as Personally Identifiable Information (PII) (S.T.M. information that allows the identification of a person). This is why APIs are increasingly being targeted by malicious users. Without secure APIs, rapid innovation would be impossible.

Although a generalized Top 10 list of security risks for web applications still makes sense, due to the special nature of APIs, an API-specific list of security risks is required. API security focuses on strategies and solutions to understand and address the unique security vulnerabilities and risks associated with APIs.

If you are familiar with the OWASP Top 10 Project, then you will notice the similarities between the two records: their goal is readability and adoption.

If you are new to the OWASP Top 10 series it may be best to read the sections API Security Risk and Methodology and Data before going to the Top 10 list.


List of Top 10 API Security Risks

  1. API1:2019 – Broken Object Level Authorization
  2. API2:2019 – Broken User Authentication
  3. API3:2019 – Excessive Data Exposure
  4. API4:2019 – Lack of Resources & Rate Limiting
  5. API5:2019 – Broken Function Level Authorization
  6. API6:2019 – Mass Assignment
  7. API7:2019 – Security Misconfiguration
  8. API8:2019 – Injection
  9. API9:2019 – Improper Asset Management
  10. API10:2019 – Insufficient Logging & Monitoring


You can contribute to the OWASP API Security Top 10 with your questions, comments, and ideas in the project's GitHub repository:


You can find the OWASP API Security Top 10 here:


You can download the Greek pdf from here.

The Greek translation resulted from the efforts of the following:

iGuRu.gr The Best Technology Site in Greecegns

every publication, directly to your inbox

Join the 2.113 registrants.

Written by Anastasis Vasileiadis

Translations are like women. When they are beautiful they are not faithful and when they are faithful they are not beautiful.

Leave a reply

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).