Your Web News in One Place

Help Webnuz

Referal links:

Sign up for GreenGeeks web hosting
April 26, 2022 07:26 pm GMT

How to security scan your web API for vulnerabilities

About me: I write, review, and build API security tools and best practices.

The purpose of this article is to show Appsec/developers how to get started with API security scanning with an open source API. In the process you will learn what vulnerabilities will look like. And at the end of the write-up Ill share a couple of tool recommendations for you to play with.

API is the new internet protocol kind of. Its the gateway to all kinds of applications youre building or integrating with example mobile, web, AI, serverless, microservices, blockchain, web3.0, etc.

APIs now dominate the internet traffic. This is evident from the recent Akamai report, that over 90% of the internet web traffic are API calls. Without your realization you and yourre organization are using APIs predominately.

APIs are also the most attacked surface. They have overtaken traditional attacked surfaces like networks, computers, etc. Which means your chances of getting a security incident/breach this quarter is more likely at the APIs layer.

Since APIs are a new paradigm. Most organizations are under prepared when it comes to API security. API security validation are hard to achieve, its still in its early stage, mostly human powered, under staff, and done not as frequent as new code is deployed. Traditional security/penetration testing staff focuses on mobile and web front ends making the matters even worst for the APIs.

Here are a few tools you can use to get started with API security.

Use this opensource API for scanning and review the vulnerability report: http://52.250.110.188:8080/v2/api-docs

Tool #1
EthicalCheck
Pros: free, point and scan solution
Cons: Only covers OWASP #2

Tool #2
Burp
Pros: free community edition, write your own tests
Cons: Learning curve

I avoided adding commercial tools since most of the tools are closed and offer a custom pricing.

If you have any questions. Feel free to reach out to me at my email and twitter
[email protected]
https://twitter.com/shannan_


Original Link: https://dev.to/intesar/how-to-security-scan-your-web-api-for-vulnerabilities-2jof

Share this article:    Share on Facebook
View Full Article

Dev To

An online community for sharing and discovering great ideas, having debates, and making friends

More About this Source Visit Dev To