Hot off the press: the OWASP API Security Top 10 list!

Last week, a new OWASP project was launched at the Global AppSec conference in Tel Aviv: the API Security Top 10 list. The project information and initial Top 10 list were presented by Erez Yalon (Checkmarx) and Inon Shkedy and you can download the presentation PDF.

We have also created an OWASP API Security Top 10 Cheat Sheet that you may download.

The initial list  is:

Back in 2017, the standard OWASP Top10 list was updated and references to APIs were added to all but one entry. This new project recognizes two things:

  1. The crucial role APIs play in application architecture today, and therefore application security
  2. The emergence of API-specific issues that need to be on the security radar.

We are certainly aware of the role of APIs have played in attacks in the last 18 months: since we launched the community site last October, we have pushed more than 150 news related to breaches via APIs!

We are looking forward to our continued participation in this project and helping developers and companies become more aware of security issues brought by APIs.

Below you can view the latest OWASP API Security Top 10 webinar presented by 42Crunch.


Latest Resources


Webinar Series - Defending APIs with Jim Manico

Defending APIs with Jim Manico – Episode 1

Episode 1: Request Forgery on the Web – CSRF & SSRF

November 10, 2022 | 9am PST | 5pm BST

Join Jim Manico, CEO of Manicode and Colin Domoney from 42Crunch, as they deliver a 2-part webinar series to help developers better defend APIs.


42Crunch Announce OWASP Membership

42Crunch becomes a member of OWASP to Advance API Security 

By Newsdesk | November 14, 2022

November 14, 2022, San Francisco, CA –  42Crunch is pleased to announce our corporate membership of the Open Web Application Security Project (OWASP), a worldwide not-for-profit charitable organization focused on improving the security of software. At 42Crunch we have always been inspired by OWASP’s role as an enabler […]


Datasheet Cover Images P1-02

Product Datasheet Addressing API Security Challenges

APIs are the core building block of every enterprise’s digital strategy, yet they are also the number one attack surface for hackers. 42Crunch makes developers’ and security practitioners' lives easier by protecting APIs, with a platform that automates security into the API development pipeline and gives full oversight of security policy enforcement at every stage of the API lifecycle.

Ready to Learn More?

Developer-first solution for delivering API security as code.