Explore common REST API security pitfalls and best practices in this 37-minute conference talk from OWASP BeNeLux Day. Delve into the evolution of application development, focusing on the rise of JavaScript and mobile applications that have led to an explosion of easily-accessible REST APIs. Learn how to protect API access, identify outdated security aspects, and implement essential security features. Discover the root causes of common API security issues that often result in compromised user accounts and unauthorized data access. Gain actionable advice to address these security problems and assess the security of your own APIs. Cover topics such as HTTP guidelines, strict transport security, application layer security, endpoint protection, state-changing operations, authorization, session management, JSON Web Tokens, CSRF prevention, CORS, input validation, and more. Equip yourself with the knowledge to build secure REST APIs and improve existing ones for future-proof security.