review comments

gitName · gitName · commit d18f61f7de23 · 2024-10-29T08:57:28.000-07:00
diff --git a/articles/api-management/mitigate-owasp-api-threats.md b/articles/api-management/mitigate-owasp-api-threats.md
@@ -4,21 +4,21 @@ description: Learn how to protect against common API-based vulnerabilities, as i
 author: mikebudzynski
 ms.service: azure-api-management
 ms.topic: conceptual
-ms.date: 10/18/2024
+ms.date: 10/29/2024
 ms.author: mibudz
 ---
 
 # Recommendations to mitigate OWASP API Security Top 10 threats using API Management
 
 [!INCLUDE [api-management-availability-all-tiers](../../includes/api-management-availability-all-tiers.md)]
 
+> [!NOTE]
+> This article has been updated to reflect the latest OWASP API Security Top 10 list for 2023.
+
 The Open Web Application Security Project ([OWASP](https://owasp.org/about/)) Foundation works to improve software security through its community-led open source software projects, hundreds of chapters worldwide, tens of thousands of members, and by hosting local and global conferences.
 
 The OWASP [API Security Project](https://owasp.org/www-project-api-security/) focuses on strategies and solutions to understand and mitigate the unique *vulnerabilities and security risks of APIs*. In this article, we discuss the latest recommendations to mitigate the top 10 API threats identified by OWASP in their *2023* list using Azure API Management.
 
-> [!NOTE]
-> This article has been updated to reflect the latest OWASP API Security Top 10 list for 2023.
-
 Even though API Management provides comprehensive controls for API security, other Microsoft services provide complementary functionality to detect or protect against OWASP API threats:
 
 - [Defender for APIs](/azure/defender-for-cloud/defender-for-apis-introduction), a capability of [Microsoft Defender for Cloud](/azure/defender-for-cloud/defender-for-cloud-introduction) [that integrates natively with API Management](/azure/api-management/protect-with-defender-for-apis), provides API security insights, recommendations, and threat detection. [Learn how to protect against OWASP API threats with Defender for APIs](https://techcommunity.microsoft.com/t5/microsoft-defender-for-cloud/protect-against-owasp-api-top-10-security-risks-using-defender/ba-p/4093913).
@@ -34,7 +34,7 @@ Even though API Management provides comprehensive controls for API security, oth
 
 API objects that aren't protected with the appropriate level of authorization may be vulnerable to data leaks and unauthorized data manipulation through weak object access identifiers. For example, an attacker could exploit an integer object identifier, which can be iterated. 
 
-More information about this threat: [API1:2019 Broken Object Level Authorization](https://github.com/OWASP/API-Security/blob/master/editions/2023/en/0xa1-broken-object-level-authorization.md)
+More information about this threat: [API1:2023 Broken Object Level Authorization](https://github.com/OWASP/API-Security/blob/master/editions/2023/en/0xa1-broken-object-level-authorization.md)
 
 ### Recommendations 
 
