API security testing and defense strategies
- APIs are web apps without a UI, so testing them requires knowledge of HTTP
- Data attacks involve injecting data into a JSON structure, while structural attacks involve manipulating the structure itself
- Gaps in API security testing and defense make it a highly productive area for testing
- Runtime and testing are important for defenders, with posture, insufficient logging and monitoring being strong tools
- API security tools are available for testing and defense