OWASP A10 and A9: API and Component Attacks