An Attacker-Centric Approach to API and Web Application Security Using ThreatX