According to Gartner, by 2022, API abuse will be the most frequented attack vector in enterprises. Today, a popular API security community site launched a free online API contract security assessment tool that can help developers lock down their API definitions.

Let's have a quick look at how it works.

1. On the API Contract Security Assessment page, click the Browse & Upload button and browse to an OpenAPI (aka Swagger) file. For example, I used petstore-expanded.json from OpenAPI GitHub examples.

2. Once the file is processed, the tool displays the report including the overall score and information about the areas covered:

3. I can click the sections on the left-hand side to see the list of vulnerabilities that the tool located. Clicking an individual vulnerability gives an expanded view with information about the possible exploit scenario and recommendation on the way to fix it.

4. Once you are done editing your OpenAPI contract file, you can re-evaluate it by clicking the Audit another API button at the top right.

5. If you find any issues that you think have not been properly detected or reported, you can click the Contact Us menu item at the very top right and give your feedback.

Give it a try and let us know what you think!