A talk given by Amjad Afanah from FX Labs at the 2019 Austin API Summit in Austin, Texas. With the increased adoption of shift-left testing, more and more software engineering teams are moving application quality considerations closer to the developer (that is, to the “left” of the delivery chain) so that potential issues are avoided or resolved sooner, even before code is committed. Unfortunately, API security is often neglected by engineering teams, leaving their applications vulnerable to serious security risks. Unlike a quality bug where there is an upper limit, the actual cost of a security issue is unbounded. In this session, you will learn about the most common API vulnerabilities including login attacks, RBAC, ABAC, distributed denial of service, injections, data attacks and others. You will also learn about the best practices to integrate security as part of API testing workflows and how to implement effective DevSecOps programs that start at the earliest points in the development process and follow the workload throughout its life cycle.