Understanding common vulnerabilities will help you identify weaknesses when you’re testing APIs. In this chapter, I cover most of the vulnerabilities included in the Open Web Application Security Project (OWASP) API Security Top 10 list, plus two other useful weaknesses: information disclosure and business logic flaws. I’ll describe each vulnerability, its significance, and the techniques used to exploit it. In later chapters, you’ll gain hands-on experience finding and exploiting many of these vulnerabilities.