An attacker manipulates the processing of Application Programming
						Interface (API) resulting in the API's function having an adverse impact
						upon the security of the system or application implementing the API. This
						can allow the attacker to execute functionality not intended by the API
						implementation, possibly compromising the system or application which
						integrates the API. API Abuse can take on a number of forms. For example,
						the API may trust that the calling function properly validates its data and
						thus it may be manipulated by supplying metacharacters or alternate
						encodings as input, resulting in any number of injection flaws, including
						SQL injection, cross-site scripting, or command execution. Another example
						could be API methods that should be disabled in a production application but
						were not, thus exposing dangerous functionality within a production
						environment.