cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
bjonah
Newcomer I

API Vulnerability Scanner

Can anyone recommend an API vulnerability scanner I can use?

 

Thanks.

3 Replies
Caute_cautim
Community Champion

@bjonahDo you have any specific criteria?   Open source, licensed subscription? 

 

Thanks

 

Regards

 

Caute_cautim

wimremes
Contributor III

I don't think there is a stock answer to this.

 

My usual methodology is usually to write a harness in python based on provided documentation and run that through Burp Pro so I can capture the interactions. I also have a self-developed API security framework that I use as a checklist of things that are expected in a "secure" API.

 

Burp Pro (or Enterprise) and OWASP ZAP Proxy (it's integration for Jenkins is pretty nifty) are good for manual testing. Other than that, you're looking at commercial "enterprise" solutions.

 

Lastly, I don't think it is valuable testing an API without access to source code. The code should lead your testing.



Sic semper tyrannis.
bjonah
Newcomer I

Both please. Thank you. Appreciate one you have used or still using.