The exploits your API team should know by name.

An attacker changes one number in a request and reads records that are not theirs. No password. No alarm. In January 2023, a single exposed API was abused this exact way to take data on 37,000,000 customers of one US carrier — and it ran undetected for 41 days. It is the number one API risk on record. This file documents all ten.