I'm been building an API Security Scanner, and one of the things it does is just fuzz every endpoint with garbage in each parameter to look for stacktraces, errors, etc.
Moreso than any of the security tests I've written, that fuzzing has broken every enterprise API our customers have thrown at it.
Moreso than any of the security tests I've written, that fuzzing has broken every enterprise API our customers have thrown at it.