API Security Testing

Rapid analysis.
Immediate risk triage.

Data Shows that API Risk is Increasing… Not Going Away

Actual deployment data from Edgescan customers reveals a 320% rise in API vulnerability in 2022 – that is a shocking number.

And to top it off, Gartner research indicates that API abuse will become the most frequent attack vector. Don’t let your company make a news headline. Time to get your security under control.

Know Your APIs. Scan Your APIs.

Don’t confuse API security configuration assessment with traditional vulnerability scanning – it is different. Using multi-layer probing technology the Edgescan API discovery engine utilizes asynchronous port scanning to identify and then monitor network changes. It automatically discovers active API endpoints across your entire attack surface and profiles from given endpoints.

API Data Sheet

In-depth Approach to Securing APIs

Complete cloud coverage

Discover hidden and rogue APIs across your cloud providers including AWS, Microsoft Azure, GCP, VMware NSX, and Cisco ACI.

Our multi-layered approach to discovering APIs results in a confidence interval describing if an API is actually present.

API discovery works by applying specialised probing traffic across each endpoint and evaluating the results. This multi-layered approach results in detection of APIs based on responses to the probes sent.

Securing APIs is as easy as
one, two, three.

1. API Discovery

Identify known and rogue APIs on each host across your IP/CIDR ranges using patented, multi-layer, production safe API probing technology.

2. API Vulnerability Scanning

Detects security vulnerabilities with accuracy to keep pace with your ever-changing IT landscape.

3. API Penetration Testing

A manual penetration test is conducted on every business critical APIs.

Key Benefits of API Security Testing

API discovery across your global ecosystem

Identify known and rogue APIs on each host across your IP/CIDR ranges using patented, multi-layer, production safe API probing technology.

Accurately monitor & track changes

Map out entire APIs to ensure a rigorous assessment and detect changes by consuming OpenAPI/Swagger/ GraphQL files.

Proactive & continuous API protection

Establish unfettered monitoring and defense against botnets, advanced threats, and DDoS with on demand and real time alerts.

Complete cloud coverage

Discover hidden and rogue APIs across your cloud providers including AWS, Microsoft Azure, GCP, VMware NSX, and Cisco ACI.

High Risk API Vulnerabilities Discovered by Edgescan

Broken Object-Level Authorization

APIs often expose endpoints handling object identifiers. Any function that accepts users input and uses it to access a data source can create a Level Access Control issue, widening the attack surface. Object-level authorization checks should be carried out on all such functions.

Broken User Authentication

Attackers often take advantage of incorrectly applied authentication mechanisms. They may compromise an authentication token or exploit flaws in implementation to pose as another user, either on a one-time basis or permanently. If the system’s ability to identify the client/user is compromised, so is the overall API’s security.

Excessive Data Exposure

Developers often rely on the client side to filter the data before displaying it to the user. This can create serious security issues—data must always be filtered at the server side, and only the relevant information should be delivered to the client side.

Lack of Resources and Rate Limiting

APIs often don’t restrict the number or size of resources that the client/user can request. This can impact the performance of the API server, resulting in Denial of Service (DoS), and exposing authentication vulnerabilities, enabling brute force attack.

Broken Function-Level Authorization

Authorization flaws often result from overly complex access control policies, or if there is no clear separation between regular and administrative functions. Attackers can exploit these vulnerabilities to gain access to a user’s resources or perform administrative functions.

Mass Assignment:

Mass assignment typically results from the binding of client-provided data (i.e. JSON) to a data model based on an allowlist, without proper filtering of properties. Attackers can modify object properties in a number of ways—they can explore API endpoints, read the documentation, guess object properties, or provide additional properties through request payloads.

Security Misconfiguration

Security misconfiguration often results from inadequate default configurations, ad-hoc or incomplete configurations, misconfigured HTTP headers or inappropriate HTTP methods, insufficiently restrictive Cross-Origin Resource Sharing (CORS), open cloud storage, or error messages that contain sensitive information.

Injection

Injection flaws (including SQL injection, NoSQL injection, and command injection) involve data that is sent to an interpreter from an untrusted source via a command or query. Attackers can send malicious data to trick the interpreter into executing dangerous commands, or allow the attacker to access data without the necessary authorization.

Latest Blog Posts

Never Compromise Threat Protection:

Request Demo

THE PLATFORM

FEATURES

VIDEOS

DOCUMENTATION

ABOUT EDGESCAN

COLLABORATE

THE PLATFORM

FEATURES

VIDEOS

DOCUMENTATION

ABOUT EDGESCAN

COLLABORATE

API Security Testing

Rapid analysis.Immediate risk triage.

Data Shows that API Risk is Increasing… Not Going Away

Know Your APIs. Scan Your APIs.

API Data Sheet

In-depth Approach to Securing APIs

Complete cloud coverage

Securing APIs is as easy asone, two, three.

1. API Discovery

Identify known and rogue APIs on each host across your IP/CIDR ranges using patented, multi-layer, production safe API probing technology.

2. API Vulnerability Scanning

Detects security vulnerabilities with accuracy to keep pace with your ever-changing IT landscape.

3. API Penetration Testing

A manual penetration test is conducted on every business critical APIs.

Key Benefits of API Security Testing

API discovery across your global ecosystem

Accurately monitor & track changes

Proactive & continuous API protection

Complete cloud coverage

High Risk API Vulnerabilities Discovered by Edgescan

Broken Object-Level Authorization

Broken User Authentication

Excessive Data Exposure

Lack of Resources and Rate Limiting

Broken Function-Level Authorization

Mass Assignment:

Security Misconfiguration

Injection

Latest Blog Posts

How to Achieve Continuous Visibility and Faster Remediation with a Modern Vulnerability Management System

On-Demand Webinar: How Risk-Based Vulnerability Management Is Redefining Protection

Forbes Article Summary: Overhyped Tech – What to Keep an Eye On

Never Compromise Threat Protection:

THE PLATFORM

RESOURCES

COMPANY

BLOG

CONTACT US

Sales

Marketing

General

Ireland

United States

Rapid analysis.
Immediate risk triage.

Securing APIs is as easy as
one, two, three.