API security assessment: what automated tools miss and manual testing finds | Vulnox Blog