Ask HN: How do you test the security of your API?
There are various security tools targeting standard web applications but how do you test the security of your APIs, e.g. when powering your mobile or frontend apps?
What practical tools would you recommend and why?
my favourites are
- owasp cheatsheets
- latacora cryptographic right answers, and their other blog posts