In this talk I review the current security landscape, particularly as it relates to API-based applications, and explore the OWASP API Security Top 10 vulnerabilities in order to understand the top security threats to our APIs, which ones we might have missed in our systems, and what practical mitigations we can use to address them in our everyday work.