Corey Ball: You can design an API you think is ultra-secure, but if you dont test it, then a cybercriminal somewhere is going to do it for you. You need to be able to scan your APIs – and this means using both open source tools like Burp Suite Professional (which has the ability to parse YAML definitions) as well as commercial products such as OWASP ZAP or Veracode .
How does your organization deal with API security? Do you use any of the above tools? If so, how effective have they been in helping secure your APIs
https://t.co/KoqRYdMGfh