Unsafe Consumption of APIs (OWASP API #10)

OWASP API #10 — the risk that flows the other way. Your service trusts the third-party and upstream APIs it calls as if their responses were safe: piping their data into queries unvalidated, following their redirects into your own network, and skipping TLS verification on outbound calls. How a compromised upstream becomes your compromise, and how to consume an API like the untrusted input it is.