Hi friends - I am looking for some guidance on what are the best tools and practices for testing the security of your API?
I don’t mean things like OWASP ZAP which are mostly focused on web application scans but tooling for auditing e.g. REST API backends of mobile apps or headless pages.