What’s happening with APIs: These days almost all mobile and web applications are powered by APIs.

What is the problem: API security and validation are hard to achieve

Why the problem exists: Most of the time mobile and web front ends are either tested manually or automatically for security. But APIs rarely get the same treatment. What we have seen is most of the APIs are either leaking data or not properly secured.

How to solve it: The best practice is to build automation for testing API security or use open source tools as much as possible including

EthicalCheck — automated testing, free

Burp — write your own security test, free