Key takeaways and learning
Hopefully, by now, you understand how easily API vulnerabilities can be exploited. Although none of the vulnerabilities featured resulted in dire consequences or financial loss, this is in some cases down to good fortune.
Firstly, the root cause of nearly all the flaws in the APIs resulted from either human error (where developers made basic mistakes) or a lack of security skills (where developers lacked an understanding of how their APIs could be attacked). Both can be addressed by developer training in the form of computer-based lessons or instructor-led courses.
Secondly, many of the vulnerabilities could have been avoided in the first place using a combination of secure design (threat modeling and risk assessments), secure coding best practices, and, most importantly, testing at every stage of the software development life cycle.
Thirdly, most of the attacks used simple methods and were unsophisticated in nature. Certainly, no advanced tools...
