Explore common API security pitfalls and best practices in this 53-minute conference talk by Philippe De Ryck. Delve into the evolution of API landscapes and the challenges of protecting access to REST APIs in JavaScript and mobile applications. Learn about crucial security features, potential vulnerabilities, and actionable advice to address security problems. Discover how to assess API security, implement best practices, and improve future implementations. Cover topics such as underprotected APIs, over-exposed data, authorization failures, client-side session data mishandling, JWT key management issues, and the importance of compartmentalization. Gain valuable insights to enhance the security of your APIs and prevent unauthorized access to user accounts and sensitive data.