Automated Testing for APIs

The same thing exists in APIs we don't call it iDOR anymore we call it BOLA or broken object level authorization but it's really the same thing right. I have an article that's going out at the end of this week on immutable GUIDs that aren't really immutable and talking about how it's actually possible if you're using like V1 GUIDs which are predictable. So these tools can do all of that for you once you understand the pattern and what you're looking at, so there is an art to being able to test RESTful API systems.