Score API security posture across 10 OWASP-aligned controls including auth, HTTPS, rate limiting, and logging.