Broken Object Property Level Authorization - 2023 OWASP Top 10 API Security Risks

Broken Object Property Level Authorization is a vulnerability that allows users to access information from objects they shouldn’t have access to. It combines ‘Excessive Data Exposure’ and ‘Mass Assignment’ from 2019 list. It's #3 on the list of the 2023 #OWASPTop10 security risks for APIs and in this short video Frank Kilcommins and José Haro Peralta, explain the vulnerability and how to mitigate through security-by-design. 0:00 What is Broken Object Property Level Authorization 1:06 Example of the vulnerability 1:28 How to mitigate #API3:2023