The OWASP Business Logic Abuse Top 10, released this year, formalizes this growing class of attacks. And with 82% of businesses now describing themselves as API-first, the logic layer has become a lucrative new target.
Security Misconfiguration (API8) once again topped the list with 605 cases, up 33% quarter over quarter.
Broken Authorization (API5, API1) accounted for roughly 28% of all API vulnerabilities.
Broken Authentication (API2) climbed sharply, driven by weak credential enforcement in REST and SOAP APIs.
The OWASP Business Logic Abuse Top 10, released this year, formalizes this growing class of attacks. And with 82% of businesses now describing themselves as API-first, the logic layer has become a lucrative new target.
Security Misconfiguration (API8) once again topped the list with 605 cases, up 33% quarter over quarter.
Broken Authorization (API5, API1) accounted for roughly 28% of all API vulnerabilities.
Broken Authentication (API2) climbed sharply, driven by weak credential enforcement in REST and SOAP APIs.