An attacker exploits a sample, demonstration, or test API that is insecure
						by default and should not be resident on production systems. Some
						applications include APIs that are intended to allow an administrator to
						test and refine their domain. These APIs should usually be disabled once a
						system enters a production environment. Testing APIs may expose a great deal
						of diagnostic information intended to aid an administrator, but which can
						also be used by an attacker to further refine their attack. Moreover,
						testing APIs may not have adequate security controls or may not have
						undergone rigorous testing since they were not intended for use in
						production environments. As such, they may have many flaws and
						vulnerabilities that would allow an attacker to severely disrupt a
						target.