Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
bjonah
Newcomer I
‎09-02-2019 11:30 AM
‎09-02-2019 11:30 AM

API Vulnerability Scanner

Can anyone recommend an API vulnerability scanner I can use?

 

Thanks.

Reply
0 Kudos
3 Replies
Caute_cautim
Community Champion
‎09-02-2019 03:57 PM
‎09-02-2019 03:57 PM

@bjonahDo you have any specific criteria?   Open source, licensed subscription? 

 

Thanks

 

Regards

 

Caute_cautim

Reply
0 Kudos
wimremes
Contributor III
‎09-03-2019 02:48 AM
‎09-03-2019 02:48 AM

I don't think there is a stock answer to this.

 

My usual methodology is usually to write a harness in python based on provided documentation and run that through Burp Pro so I can capture the interactions. I also have a self-developed API security framework that I use as a checklist of things that are expected in a "secure" API.

 

Burp Pro (or Enterprise) and OWASP ZAP Proxy (it's integration for Jenkins is pretty nifty) are good for manual testing. Other than that, you're looking at commercial "enterprise" solutions.

 

Lastly, I don't think it is valuable testing an API without access to source code. The code should lead your testing.


Sic semper tyrannis.
Reply
bjonah
Newcomer I
‎09-04-2019 09:19 AM
‎09-04-2019 09:19 AM

Both please. Thank you. Appreciate one you have used or still using.

Reply
0 Kudos