According to Gartner, Mobile, Web APIs account for the majority of the application attack surface. Most exploited vulnerabilities no longer come from webserver misconfiguration, SQL injections, or browser hacks. Instead, the most widely exploited vulnerabilities now come from application logic, access controls, and other non-conventional flaws. This session will go over the top vulnerabilities in APIs and build an automated & continuous API security testing strategy. The Shift-Left strategy will deliver secure and faster releases while significantly reducing manual and penetration testing security costs.