API Security Testing
API Security Testing can be difficult due to many tools simply not being built to test API security. Edgescan provides continuous security testing for the ever-growing world of APIs. APIs are becoming ever more popular given the explosive growth in mobile apps and the fintech sector. Edgescan is accustomed to providing rigorous testing to APIs in all their shapes and forms. This can include but is not limited to SOAP/XML, RESTful and other Web Services.
Built for API testing: Traditional web scanning tools simply don’t scan APIs with any rigour. Edgescan’s custom API technology can map an APIs method calls via ingestion of descriptor files and also provide rigorous assessment coupled with intelligent expert validation for particular classes of vulnerability.
Fast API Dynamic Analysis
- Assess APIs for security issues, providing false-positive free vulnerability intelligence.
- Edgescan’s API Scanner is able to detect vulnerabilities in any API, such as mobile back-end servers, IoT devices, and any RESTful APIs.
- Consume API descriptor files (Swagger, JSON, WSDL, YAML) and automatically test documented methods
- Deliver API discovery profiling to help you maintain an asset register of APIs live on your estate.
- Discover APIs across your IP/CIDR ranges using our multi-layer API discovery technology – Find rogue or unknown APIs across your estate and alert you to new discoveries
Scan on demand as much as you need. Scans can be invoked via API for DevOps environments and via the Edgescan portal.
“Edgescan API Security Testing combines technical and logical security testing, all of which is validated & supported by experts.”
Edgescan – how it works and API Security Testing
- Coverage and Depth: Edgescan technology uses bespoke scanning engines in order to provide optimal coverage of the API. API vulnerabilities can be different from typical web application issues.
- Intelligent Assessment: Edgescan API assessments also assess logical controls associated with the API; items such as authorization, request flooding, parameter manipulation and attribute injection are assessed to help ensure you have a strong security posture.
- Support: In combination with expert support, we tend to get more coverage and depth on our API assessments, rather than just firing web scanners at the target.
Edgescan – Continuous API Security Testing
Edgescan’s API assessment technology can be delivered on a continuous basis in order to detect the latest vulnerabilities and on an on-demand basis both via our Edgescan API or client portal.
All discovered issues as a result of the API Security testing can be discussed with our security team in order to help you understand the issues discovered and how to mitigate them and improve security posture.
API Discovery: Using multi-layer probing techniques
Multi-layer probing across IP/CIDR ranges designed to detect rogue or unknown deployed API endpoints. API Discovery from Edgescan is part of the Edgescan continuous asset profiling service that allows you to understand the API topology within an estate. With cataloguing and categorizing correlation technology, it is possible to find a true inventory of APIs and exposures facing the public Internet. Our proprietary discovery process runs continuously across your entire estate non-stop, 24 hours a day, all year around.
Try Edgescan Today
Try Edgescan today by booking a meeting with one of our sale reps.