OWASP Security Checklist Reference Target Agents - - Primary: applies checklist during security audits - - Secondary: applies during API implementation OWASP API Security Top 10 | Rank | Vulnerability | Check | Defense | |------|-------------|-------|---------| | A1 | BOLA (Broken Object Level Authorization) | Can user A access user B's resources? | Verify object ownership at every endpoint | | A2 | Broken Authentication | Weak passwords, unlimited login attempts? | bcrypt (cost 12+), rate limit, MFA | | A3 | Broken Object Property Level Authorization | Are hidden fields exposed in responses?…