CWEs that violate the 2023 OWASP API Security Top 10 standard
The following table describes which categories in the OWASP 2023 API Security Top 10 that Veracode supports for Dynamic Analysis.
| Category | Description | Dynamic support |
|---|---|---|
| API1:2023 | Broken Object Level Authorization | Partial (fuzzing paths) |
| API2:2023 | Broken Authentication | Full |
| API3:2023 | Broken Object Level Authorization | * |
| API4:2023 | Unrestricted Resource Consumption | * |
| API5:2023 | Broken Function Level Authorization | * |
| API6:2023 | Unrestricted Access to Sensitive Business Flows | * |
| API7:2023 | Server Side Request Forgery | Full |
| API8:2023 | Security Misconfiguration | Full |
| API9:2023 | Improper Inventory Management | Partial |
| API10:2023 | Unsafe Consumption of APIs | * |
- Dynamic Analysis may provide inaccurate results for these categories. For accurate results, Veracode recommends that you test these categories with Manual Penetration Testing (MPT).