OWASP 2023 API Security Top 10 support
This table describes which categories in the OWASP 2023 API Security Top 10 that Veracode supports for Dynamic Analysis and DAST Essentials.
| Category | Description | Dynamic Analysis | DAST Essentials |
|---|---|---|---|
| API1:2023 | Broken Object Level Authorization | Partial support (fuzzing paths) | Partial support (fuzzing paths) |
| API2:2023 | Broken Authentication | Full support | Full support |
| API3:2023 | Broken Object Level Authorization | * | * |
| API4:2023 | Unrestricted Resource Consumption | * | * |
| API5:2023 | Broken Functiopn Level Authorization | * | * |
| API6:2023 | Unrestricted Access to Sensitive Business Flows | * | * |
| API7:2023 | Server Side Request Forgery | Full support | Full support |
| API8:2023 | Security Misconfiguration | Full support | Full support |
| API9:2023 | Improper Inventory Management | Partial support | Partial support |
| API10:2023 | Unsafe Consumption of APIs | * | * |
- Veracode Dynamic Analysis and DAST Essentials might provide inaccurate results for these categories. For accurate results, Veracode recommends that you test these categories with Manual Penetration Testing (MPT).