Modern attack surfaces are evolving and morphing as API use is increasing. From car hire to medical records, APIs power applications that impact lives. Technical challenges and human error make it possible for vulnerable APIs to make their way into production environments where they often have a negative impact downstream. Once deployed or integrated into larger applications, these APIs are hard to mitigate and even harder to remediate.

Scanning and testing APIs in a runtime environment helps security teams uncover vulnerabilities in APIs before they’re in production, where remediation is more costly and frustrating. Understanding how to secure APIs is a struggle for most security teams. Conflicting guidance on runtime testing best practices creates confusion and delay.
 

• The challenges of generating RESTful traffic from API specifications in OpenAPI 2.0 and 3.0, that gets past the HTTP 400 Bad Input Response

• How to perform attacks on various injection points in API requests

• How API scanning performance advantages allow for more thorough attack coverage

• How responses are inspected for evidence of vulnerability