An ever-increasing number of applications have released public and private APIs, enabling awesome programmatic features to be released internally and to the world. Unfortunately, the ubiquity of APIs is a double-edged sword – and security risks are often ignored. This talk introduces the OWASP API Security Project, including the Top Ten API Security Risks, and explains how contributors of many skill levels can get involved.