Gaining a Hacker's Perspective of API Vulnerabilities