Explore the fundamentals of API security assessment in this 39-minute conference talk from AppSecEU 2015 in Amsterdam. Delve into why API security is crucial and often overlooked, learn key considerations for API testing, and discover common vulnerabilities. Gain insights on developer tips, information leakage prevention, and mobile app security. Examine topics such as hidden functionality, access control, transport security, and injection concerns. Understand the importance of fuzzing, parameter validation, and API key management. Conclude with takeaways on implementing least privilege and valuable resources for further learning in API security.