Securing calls and interfaces — Real-world applications use multiple APIs with user permissions and (possibly conflicting) security and privacy goals. When tools and service facilities are taken out of context, it fumbles, fails, and breaks (slip, careen and wreck). It behooves to conduct regularly perform security testing, including penetration testing and code reviews, to identify…