Does the API use an interpreter? Anyone know?
I'm trying to respond to this OWASP item:
Normal 0 false false false EN-US X-NONE X-NONE Injection flaws occur when an application sends untrusted data to an interpreter. The best way to find out if an application is vulnerable to injection is to verify that all use of interpreters clearly separates untrusted data from the command or query. For SQL calls, this means using bind variables in all prepared statements and stored procedures and avoiding dynamic queries. Checking the code is a fast and accurate way to see if the application uses interpreters safely.