§41 · Lane 8 — Agent Infrastructure Standards & Toolchain
OWASP API Security Top 10
OWASP API Security Project (2023) · OWASP API Top 10
Bibliographic data
- Title
- OWASP API Security Top 10 (2023)
- Authors / Issuing body
- OWASP Foundation — OWASP API Security Project
- Venue / Publisher
- OWASP Foundation
- Year
- 2023
- Designation
- standards-framework
- Licence
- CC BY-SA 4.0 — refer to publisher for full licence terms.
How to cite
OWASP API Security Project (2023). OWASP API Security Top 10 (2023). OWASP Foundation. https://owasp.org/API-Security/editions/2023/en/0x00-header/.
OWASP enumeration of the ten most critical API security risks, 2023 edition, weighted toward broken authorisation and authentication of API endpoints.
Why it matters for NETEVO
Agent endpoints are API endpoints. The OWASP API Security Top 10 catalogues the failure modes that apply to any HTTP-exposed surface, and the Agent Infrastructure Whitepaper explicitly cites API1, API2 and API5 because the agent surface inherits these failures verbatim. The 2023 list supersedes the 2019 edition that earlier NETEVO drafts referenced.
The list is the most direct API-surface anchor for the Implicit Authority Cascade framing in its broken-authorisation sub-class. API1 Broken Object Level Authorization and API5 Broken Function Level Authorization are the canonical names for two of the most common IAC realisations at the API boundary, and API2 Broken Authentication is the prerequisite failure the IAC compounds.
The 2023 edition is HTML-only — OWASP did not publish a standalone PDF, so citation is by URL. NETEVO tracks the OWASP API Security Project for any new edition.
Where NETEVO applies this
- Agent Infrastructure Whitepaper — load-bearing — API surface agent endpoints expose