We have all heard about these high-level attacks in the last few years. The truth is many of them are through a company’s APIs. While APIs have been around for a bit over 20 years, the security landscape is still minimal. WAF, API gateways, and pen-testing just aren’t doing the job. This talk will go over why your APIs could be at risk and why it might not be that hard to protect them.