API Scan
Runtime identification of API vulnerabilities

42C Hero API Scan Product

API Scan
Runtime identification of API vulnerabilities

42C Hero API Scan Product

API Scan continually scans the API to ensure conformance to the OpenAPI contract and detect vulnerabilities at both testing time and runtime. It detects OWASP API Security Top 10 issues early in the API lifecycle and validates that your APIs can handle  unexpected requests.

Runtime Testing of OpenAPI Definition Compliance

API Scan provides dynamic runtime testing of your API to ensure your API implementation matches the contract set out in the OpenAPI definition of the API.

42C_UI_8_22-11
Icons 42Crunch ScanDocument

Bulletproof your APIs with Continuous Runtime Behavior Scanning 

API Scan simulates real API traffic to test your API's behavior under load and validates if your APIs can handle or reject requests according to the OpenAPI / Swagger definition. It also flags responses which are:

  • unknown (for example a HTTP 500 error occurring),
  • of the wrong type (HTML instead of JSON)
  • or not matching the JSON schemas described in the OpenAPI Specification.

Early Detection of OWASP API
Security Top 10 Vulnerabilities

With API Scan you can detect any OWASP API Security Top 10 issues early in the API lifecycle. Identify and remediate issues such as data leakage, overflows, mass assignment, broken authentication or security misconfigurations. It detects vulnerabilities triggered by the usage of:

  • Wrong verbs
  • Wrong paths
  • Wrong content-type
  • Wrong data format
  • Outside of API constraints
  • Data Injection
Logo-OWASP-for-Product 2
42C_UI_8_22-14

Actionable Information
for Immediate Remediation

API Scan generates an immediate report that provides actionable information of how well your API conforms to its OpenAPI definition. The report summarizes all of the key issues and provides deep-dive analysis with info on the cURL requests the scan used to detect each issue.

Ready to Learn More?

Developer-first solution for delivering API security as code.