Smartphone apps, single page web applications and most other applications are required to use various APIs in order to accomplish work. While this technology is wonderfully powerful, many developers are unaware of all the ways in which an improperly implemented API can cause data breaches and lead to expensive publicity disasters or compromise of internal systems. In this session we will dive into ways to investigate and compromise web based APIs in order to increase the security and stability of our applications.