Having worked on building this tool, software engineer Mihai Pasca highlights its precision in parsing spec files, making tailored testing match API behaviors, and getting results that give you new clues about where to dig deeper:
- Comprehensive vulnerability detection: the scanner identifies vulnerabilities like SQL Injection, Broken Authentication, XML External Entity injection, and many more, using a strong stack of custom-made detectors.
- Spec file parsing: support for both OpenAPI specifications and Postman Collections. Provide the tool with an API spec, either through a URL or an uploaded file, and it efficiently extracts all endpoints and parameters.
- Convenient reporting: easily export your findings in various formats, such as PDF, HTML, CSV, XLSX, or DOCX. Each report offers a risk-coded summary, detailed evidence of vulnerabilities, remediation advice, and a full list of performed tests.
- Regular updates and additions: our 9-engineer team feeds constant improvements into this tool. For instance, we’ve recently included GraphQL API support.
From uncovering Broken Authentication and NoSQL Injection, this tool provides a thorough examination of your API’s security and performance.