What’s happening with APIs: These days almost all mobile and web applications are powered by APIs.
What is the problem: API security and validation are hard to achieve
Why the problem exists: Most of the time mobile and web front ends are either tested manually or automatically for security. But APIs rarely get the same treatment. What we have seen is most of the APIs are either leaking data or not properly secured.
How to solve it: The best practice is to build automation for testing API security or use open source tools as much as possible including
EthicalCheck - automated testing, free
Burp - write your own security test, free
Top comments (0)