When we think of compromised API security, we typically see an image of a hoodie-wearing hacker toiling away in a darkened room, targeting a bank’s server. We can imagine them compiling a custom tool, launching it against the system, and celebrating as your 401k becomes theirs. Alternatively, we may even picture armies of hackers using sophisticated tools and zero day exploits to steal our bank account information, our healthcare records, and other identifiable information. These commonly held stereotypes couldn’t be farther from the truth. According to the Open Web Application Security Project (OWASP) API Security Top 10 list, the vast majority of API breaches come down to simple mistakes from the people designing, building, and deploying our APIs. This makes for both good and bad news. The bad news is that—once again—we’re our own worst enemy. Our permeating “move fast and break things” mindset has opened a world of.