Spherical Defence API Security Testing is an educational resource that provides guidance on testing RESTful APIs for security vulnerabilities. The content covers fundamental principles of API security testing, including input validation, authorization checks, and proper handling of user-supplied data. The resource outlines three main types of security auditing processes: security testing to validate basic security requirements like authentication and encryption; penetration testing to identify and exploit vulnerabilities in a controlled environment; and fuzz testing to stress-test APIs with high request volumes and varied data inputs. The guide provides a structured approach to performing security tests on APIs, including determining security requirements, setting up testing environments, defining input domains, and developing test cases. It addresses common API security concerns such as TLS/SSL implementation, authentication flows, permission groups, and attack surface analysis. The content discusses testing for various vulnerability types including SQL injection, cross-site scripting, directory traversal, file upload vulnerabilities, and unauthorized resource access. It references tools like Postman and Insomnia for manual testing, and mentions automated scanning tools such as Netspark and Acunetix for penetration testing activities. The resource is presented as a blog post dated June 2020, authored by Jack Hopkins, CEO of Spherical Defence, and serves as an educational guide for developers and security professionals implementing security testing practices for RESTful APIs.