Introduction to API09:2023 Improper Inventory Management
Improper Inventory Management occurs when organizations fail to properly track and manage all their API endpoints, including older versions, hidden endpoints, or undocumented APIs. Attackers can discover and target these forgotten or shadow APIs, which often lack proper security controls, logging, or monitoring. This creates a larger attack surface and increases the risk of breaches. Causes include poor versioning practices, lack of asset inventory, and inconsistent deployment processes. To prevent this, maintain an up-to-date API inventory, deprecate unused versions, and apply consistent security policies across all endpoints—public, private, and internal. Visibility and control are key to reducing risk.
