Distributed Cloud Services
API Docs Knowledge Base Training

OWASP Top10 API widget and filters

• Feature Description
CISO wants to get a score of OWASP API top 10 attacks detected per App.

Required features on the dashboard "WAAP >> API endpoints":
- Widget "OWASP API top 10" that shows the number of API endpoint where a vulnerabily with an "OWASP API top 10 attack" is present.
- Widget "OWASP API top 10" should be clickable to update the Table of API endpoints
- Filter:
	- support regex on value for the key "API enpoint". This feature will allow administrator to define a custom Base Path filter. Once set, the widgets values will be updated.
	- new key "owasp_api_type", value from 1 to 10, to filter API endpoints where a vulnerabily with an "OWASP API top 10 attack" is present, accordingly to the selected attack type (1 to 10). 
- Widget "OWASP API top 10" info icon should be clickable to redirect to the right chapter of the doc https://docs.cloud.f5.com/docs-v2/web-app-and-api-protection/how-to/api-security/owasp-api-security per OWASP API attack type (1-10)
- security incident: add a formated and documented key "owasp_api_type" (https://docs.cloud.f5.com/docs-v2/api/app-security?searchQuery=incidents#operation/ves.io.schema.app_security.AppSecurityMonitoringAPI.SecurityIncidentsQuery)

• Problem Statement
The current dashboard "WAAP >> API endpoints" doesn't have a widget to summarize OWASP relative vulnerabilities.
OWASP API information is present in "Security Analytics >> Incident" page but it's not linked to "WAAP >> API endpoints" page
No OWASP API top 10 attack type filtering.
Security incident has a non-formated field "description" or "Intent", or at least the format is not documented.

• Business Impact
CISO wants to see an improvement of the counter-mesures over time, the threat evolution AND compare it to the application release dates.
Without the mandatory input from API Discovery (OWASP API top 10 score per App), CISO will not agree to subscribe to XC API Discovery.

• Security Considerations
none

• Competitive Landscape
I don't know

• Existing Workarounds
None

• Risks of Not Implementing
Loss of API Discovery revenue

  • Matthieu Dierick
  • Feb 20 2026
XC Console / Ease of Use
  • Attach files

Related ideas

© 2022 F5, Inc. All rights reserved | Trademarks | Policies | Privacy | California Privacy | Do Not Sell My Personal Information