Improper Inventory Management (OWASP API #9)

OWASP API #9 — you cannot defend an API you have forgotten you are running. Zombie versions that were deprecated but never unrouted, shadow staging hosts pointed at prod data, undocumented endpoints that skipped the security review. How attackers inventory your sprawl, and how a gateway, a real registry and a lifecycle shut it down.