I added a specific project for aggregating and tracking on vulnerabilities in our online infrastructure, in addition to my existing security and cyber security research. Not all of the vulnerabilities I curate are API specific, but I find it helps increase my overall awareness of security related issues and I find it useful to thinking through the possibilities when it comes web vulnerabilities being applied to APIs.
Across these three areas of my security research, the one common pattern I see across the security landscape is that the humans are always the weakest link. Almost all of the breaches I read about occur because of some human, being well human, and allows for some often well-known exploit to be penetrated. Hacking systems is less about knowing the tech exploits, then it is about knowing and maximizing the human exploits--as we are always the weakest link.
I use this awareness when I'm evaluating the promise of any security-focused solution I come across. If the solution prescribes more technology, to help us secure the technology we have--I'm guessing it is most likely smoke & mirrors about 95% of the time. If the solution offers something that helps address the human variable in the equation, and augments this reality, making us all more security minded, and ulitmatmely security literate--the chances it will make a difference increases in my opinion.
