Skip to main content

Introducing ArmourZero API Scan

0 comments

ArmourZero's API Scan is an AI-powered penetration assessment tool that helps developers and security professionals to detect and find weaknesses and vulnerabilities in Application Programming Interface or commonly known as API.

 

The API Scan feature allows users to scan APIs for potential security vulnerabilities using a specification-based approach. Users can provide API specifications via URL or upload a file, and the system will automatically parse and identify endpoints to scan. This feature is designed to work with both RESTful APIs and SOAP APIs, supporting authentication mechanisms commonly used in APIs.

 

ArmourZero's API Scan is designed for users who:

  • Build and control their own APIs

    • Ideal for companies with internal applications or services.

    • You have access to API specifications (OpenAPI, Swagger, WSDL) and credentials.

  • Use APIs in a controlled environment

    • Scanning should be done in a test or sandbox environment to avoid impacting production.

  • Want to proactively check for security issues

    • You want to find vulnerabilities in your APIs before they affect your users or systems.

 

The type of APIs supported:

  • REST APIs

    • The most common type of API in modern apps.

    • Works over the web using standard HTTP requests (like GET or POST).

    • Example: Your web or mobile app asking a server for user profiles, orders, or messages.

  • OpenAPI / Swagger

    • A standard format for describing REST APIs.

    • Makes it easy for our scanner to automatically understand your API and scan it.

  • SOAP APIs

    • An older style of API using structured XML messages.

    • Often found in enterprise or legacy systems.

    • Example: A bank’s internal system processing transactions between different servers.

  • Authentication Methods

    • Basic Auth

    • API Key

    • Bearer / JWT

    • None

 

The scanned results of all possible vulnerabilities detected will then be compared with industry Common Weakness Enumeration (CWE) and Common Vulnerability and Exposures (CVE) to determine the vulnerabilities' severity levels. Each of these possible vulnerability detected will then be mapped into OWASP Top 10 API Security Risks (2023) compliance which is the latest standard awareness document for developers and API security. It represents a broad consensus about the most critical security risks to API. 

 

There are 5 categories of CWE and CVE vulnerabilities' severity levels.

  1. Critical
  2. High
  3. Medium
  4. Low
  5. Information

Add API and configure its endpoints to start with ArmourZero's API Scan immediately, find all possible vulnerabilities faster than attackers.

 

Was this article helpful?

0 out of 0 found this helpful

Related articles