Businesses of all sizes and across all industries routinely rely on internal APIs to unite their line-of-business apps, and on external APIs to share data or services with vendors, customers, or partners. Because a single API may have access to multiple applications or services, compromising the API is an easy way to compromise a broad set of business assets with minimal effort.

APIs have become a popular attack vector, and the frequency of API attacks has increased by an astounding 681%, according to recent research from Salt Labs. The first step in securing your APIs is to follow best practices, such as those that OWASP recommends to protect against common API security risks.