3 Principles of API security by Intesar Mohammed

1. If you have not tested your APIs against a vulnerability type, it is least likely you're protected against the exploit.
2. If you don't understand a vulnerability type, it is least likely you'll be able to mitigate it when it's exploited.
3. If you're not aware of a vulnerability, it doesn't mean you don't have one.