§41 · Lane 8 — Agent Infrastructure Standards & Toolchain
OWASP API Security Top 10 why agent endpoints inherit API failures
OWASP API Security Project (2023) · OWASP API Top 10
Bibliographic data
- Title
- OWASP API Security Top 10 (2023)
- Authors / Issuing body
- OWASP Foundation — OWASP API Security Project
- Venue / Publisher
- OWASP Foundation
- Year
- 2023
- Designation
- Standards Framework
- Licence
- CC BY-SA 4.0 — refer to publisher for full licence terms.
How to cite
OWASP API Security Project (2023). OWASP API Security Top 10 (2023). OWASP Foundation. https://owasp.org/API-Security/editions/2023/en/0x00-header/.
OWASP enumeration of the ten most critical API security risks, 2023 edition, weighted toward broken authorisation and authentication of API endpoints.
Why it matters for NETEVO
Agent endpoints are API endpoints. The OWASP API Security Top 10 catalogues the failure modes that apply to any HTTP-exposed surface, and an agent surface exposed over HTTP inherits those failures verbatim — broken authorisation and authentication chief among them. The 2023 list supersedes the 2019 edition.
At the API boundary, the list supplies the canonical names for the broken-authorisation sub-class of the Implicit Authority Cascade. API1 Broken Object Level Authorization and API5 Broken Function Level Authorization name two of the most common IAC realisations, and API2 Broken Authentication is the prerequisite failure the IAC compounds.
The 2023 edition is HTML-only — OWASP did not publish a standalone PDF, so citation is by URL. The list is maintained by the OWASP API Security Project, which issues revised editions.
Where NETEVO applies this
- Agent Infrastructure Whitepaper — load-bearing — API surface agent endpoints expose