#8 - Software and data integrity failures
If APIs deserialize hostile or tampered objects supplied by an attacker, they will become vulnerable. The Clinical Data API should not accept serialized objects from untrusted sources or use serialization mediums that only permit primitive data types.
Parent topic: Overview of the OWASP top ten list