How do you secure a REST API against common vulnerabilities such as those listed in the OWASP Top 10 for Ing Deutschland?