Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

How to Locate Security Issues in Your API

DZone's Guide to

How to Locate Security Issues in Your API

Check out a free online API contract security assessment tool that can help developers lock down their API definitions.

· Integration Zone ·
Free Resource

Discover how you can get APIs and microservices to work at true enterprise scale.

According to Gartner, by 2022, API abuse will be the most frequented attack vector in enterprises. Today, a popular API security community site launched a free online API contract security assessment tool that can help developers lock down their API definitions.

Let's have a quick look at how it works.

1. On the API Contract Security Assessment page, click the Browse & Upload button and browse to an OpenAPI (aka Swagger) file. For example, I used petstore-expanded.json from OpenAPI GitHub examples.

Image title

2. Once the file is processed, the tool displays the report including the overall score and information about the areas covered:

Image title

3. I can click the sections on the left-hand side to see the list of vulnerabilities that the tool located. Clicking an individual vulnerability gives an expanded view with information about the possible exploit scenario and recommendation on the way to fix it.

Image title

4. Once you are done editing your OpenAPI contract file, you can re-evaluate it by clicking the Audit another API button at the top right.

5. If you find any issues that you think have not been properly detected or reported, you can click the Contact Us menu item at the very top right and give your feedback.

Give it a try and let us know what you think!

APIs and microservices are maturing, quickly. Learn what it takes to manage modern APIs and microservices at enterprise scale.

Topics:
api ,security ,api security ,openapi ,openapi spec ,swagger ,integration ,tutorial

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}