OWASP published a new API top 10 list in July of 2023. There are some old favorites hanging around (I'm looking at you Authentication) and some new comers like Server Side Request Forgery and Unrestricted Access to Sensitive Business Flows. This session will cover the new top 10 list and take a look at why each of these flaws is a real world problem.

Get ready to dig into API authorization and authentication gotchas, API inventory challenges and resource management strategies. Anyone who is designing, developing, testing or securing APIs will want to join the discussion and learn how to defend against the most common security issues facing engineers today in API development.