So far, we've looked at attacking a traditional application — one with a user interface and a login panel, and maybe a dashboard of some sort. Modern applications tend to implement a decoupled infrastructure and, unlike traditional applications, they are split into smaller applications or microservices, all working together to provide functionality for the user. Application programming interfaces (APIs) are not a new concept. The term API is used for anything from the Windows library of code, which allows our user-land code to interact with the operating system kernel, to the service exposed on the web that powers our note-taking apps. Obviously, we will not be focusing on the Windows API (WinAPI), but we will look at ...