{"id":1229,"date":"2022-04-29T19:57:58","date_gmt":"2022-04-29T18:57:58","guid":{"rendered":"https:\/\/42crdev.prexihost.com\/?page_id=1229"},"modified":"2024-06-25T10:06:52","modified_gmt":"2024-06-25T09:06:52","slug":"api-conformance-scan","status":"publish","type":"page","link":"https:\/\/staging2022.42crunch.com\/api-conformance-scan\/","title":{"rendered":"API Scan"},"content":{"rendered":"\n\n\t\t<h1>\n\t\t\tAPI Scan\n\t\t\t\t\t\tRuntime identification of API vulnerabilities \n\t\t<\/h1>\n\t\t\t<a href=\"https:\/\/staging2022.42crunch.com\/wp-content\/uploads\/2023\/06\/42C-API-Platform-Datasheet-2023-4p-FIN.pdf\" target=\"_blank\" rel=\"noopener\">\n\t\t\t\t\t\t\tAPI Security Platform Datasheet\n\t\t\t\t\t<\/a>\n\t\t\t\t<a href=\"https:\/\/staging2022.42crunch.com\/wp-content\/uploads\/2022\/04\/42C-Hero-API-Scan-Product.png\" target=\"_self\" itemprop=\"url\" rel=\"noopener\">\n\t\t\t\t<img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/staging2022.42crunch.com\/wp-content\/uploads\/2022\/04\/42C-Hero-API-Scan-Product-1024x535.png\" alt=\"42C Hero API Scan Product\" itemprop=\"image\" height=\"535\" width=\"1024\" title=\"42C Hero API Scan Product\" onerror=\"this.style.display='none'\"  \/>\n\t\t\t\t<\/a>\n\t<p>API Scan continually scans the API to ensure conformance to the OpenAPI contract and detect vulnerabilities at both testing time and runtime. It detects <a href=\"https:\/\/staging2022.42crunch.com\/owasp-api-security-top-10\/\">OWASP API Security Top 10 issues<\/a> early in the API lifecycle and validates that your APIs can handle\u00a0 unexpected requests. The API Conformance Scan is one of the core shift-left elements of our <a href=\"https:\/\/staging2022.42crunch.com\/api-security-platform\/\">API Security Platform<\/a>.<\/p>\n\t<iframe src=\"https:\/\/player.vimeo.com\/video\/884864394?h=b167153ec4&amp;badge=0&amp;autopause=0&amp;player_id=0&amp;app_id=58479\" frameborder=\"0\" allowfullscreen=\"allowfullscreen\"><\/iframe>\n<h2>\n\t\tRuntime Testing of OpenAPI Definition Compliance\n\t<\/h2>\n\t<p>API Scan provides dynamic runtime\u00a0<a href=\"https:\/\/staging2022.42crunch.com\/api-security-testing\/\">API security testing<\/a> of your API to ensure your API implementation matches the contract set out in the OpenAPI definition of the API.<\/p>\n\t\t\t\t<a href=\"https:\/\/staging2022.42crunch.com\/wp-content\/uploads\/2022\/07\/42C_UI_8_22-11.png\" target=\"_self\" itemprop=\"url\" rel=\"noopener\">\n\t\t\t\t<img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/staging2022.42crunch.com\/wp-content\/uploads\/2022\/07\/42C_UI_8_22-11-1024x560.png\" alt=\"42C_UI_8_22-11\" itemprop=\"image\" height=\"560\" width=\"1024\" title=\"42C_UI_8_22-11\" onerror=\"this.style.display='none'\"  \/>\n\t\t\t\t<\/a>\n\t\t\t\t<img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/staging2022.42crunch.com\/wp-content\/uploads\/2022\/04\/Icons-42Crunch-ScanDocument-1024x576.png\" alt=\"Icons 42Crunch ScanDocument\" itemprop=\"image\" height=\"576\" width=\"1024\" title=\"Icons 42Crunch ScanDocument\" onerror=\"this.style.display='none'\"  \/>\n<h2>\n\t\tBulletproof your APIs with Continuous Runtime Behavior Scanning\u00a0\n\t<\/h2>\n\t<p>API Scan simulates real API traffic to test your API&#8217;s behavior under load and validates if your APIs can handle or reject requests according to the OpenAPI \/ Swagger definition. It also flags responses which are:<\/p>\n<ul>\n<li>unknown (for example a HTTP 500 error occurring),<\/li>\n<li>of the wrong type (HTML instead of JSON)<\/li>\n<li>or not matching the JSON schemas described in the OpenAPI Specification.<\/li>\n<\/ul>\n<h2>\n\t\tEarly Detection of OWASP API <br \/>Security Top 10 Vulnerabilities\n\t<\/h2>\n\t<p>With API Scan you can detect any <a href=\"https:\/\/staging2022.42crunch.com\/owasp-api-security-top-10\/\">OWASP API Security Top 10<\/a> issues early in the API lifecycle. Identify and remediate issues such as data leakage, overflows, mass assignment, broken authentication or security misconfigurations. It detects vulnerabilities triggered by the usage of:<\/p>\n<ul>\n<li>Wrong verbs<\/li>\n<li>Wrong paths<\/li>\n<li>Wrong content-type<\/li>\n<li>Wrong data format<\/li>\n<li>Outside of API constraints<\/li>\n<li>Data Injection<\/li>\n<\/ul>\n\t\t\t\t<img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/staging2022.42crunch.com\/wp-content\/uploads\/2022\/09\/Logo-OWASP-for-Product-2.png\" alt=\"Logo-OWASP-for-Product 2\" itemprop=\"image\" height=\"512\" width=\"1228\" title=\"Logo-OWASP-for-Product 2\" onerror=\"this.style.display='none'\"  \/>\n\t\t\t\t<a href=\"https:\/\/staging2022.42crunch.com\/wp-content\/uploads\/2022\/07\/42C_UI_8_22-14.png\" target=\"_self\" itemprop=\"url\" rel=\"noopener\">\n\t\t\t\t<img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/staging2022.42crunch.com\/wp-content\/uploads\/2022\/07\/42C_UI_8_22-14-1024x560.png\" alt=\"42C_UI_8_22-14\" itemprop=\"image\" height=\"560\" width=\"1024\" title=\"42C_UI_8_22-14\" onerror=\"this.style.display='none'\"  \/>\n\t\t\t\t<\/a>\n<h2>\n\t\tActionable Information <br \/>for Immediate Remediation\n\t<\/h2>\n\t<p>API Scan generates an immediate report that provides actionable information of how well your API conforms to its OpenAPI definition. The report summarizes all of the key issues and provides deep-dive analysis with info on the cURL requests the scan used to detect each issue.<\/p>\n<h2>\n\t\tRelated content\n\t<\/h2>\n\t<p>Tutorial: <a href=\"https:\/\/staging2022.42crunch.com\/tutorial-security-conformance-scan-openapi-swagger-extension-vs-code\/\">API Security &amp; Conformance Scan using OpenAPI Swagger Editor Extension in VS Code<\/a><\/p>\n<p>Tutorial: <a href=\"https:\/\/staging2022.42crunch.com\/tutorial-api-conformance-scan\/\">API Security Testing with API Scan<\/a><\/p>\n<p>Tutorial: <a href=\"https:\/\/staging2022.42crunch.com\/tutorial-api-security-testing-github-actions\/\">API Security Testing in GitHub Actions<\/a><\/p>\n\t\t\t\t<img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/staging2022.42crunch.com\/wp-content\/uploads\/2022\/09\/Scan-UI-for-Solution-2.png\" alt=\"Scan-UI-for-Solution 2\" itemprop=\"image\" height=\"1080\" width=\"1562\" title=\"Scan-UI-for-Solution 2\" onerror=\"this.style.display='none'\"  \/>\n<h2>\n\t\tTry API Scan for Free\n\t<\/h2>\n\t<ul>\n<li>Dynamic runtime testing that simulates real traffic to your API.<\/li>\n<li>Tests conformance to the audited OpenAPI Contract.<\/li>\n<li>The instant report provides automated and guided fixes in-line with code.<\/li>\n<\/ul>\n\t\t\t<a href=\"https:\/\/staging2022.42crunch.com\/freemium\/\" target=\"_blank\" rel=\"noopener\">\n\t\t\t\t\t\t\tRegister Now\n\t\t\t\t\t<\/a>\n<h2>\n\t\tReady to Learn More?\n\t<\/h2>\n\t<p>Developer-first solution for delivering API security as code.<\/p>\n\t\t\t<a href=\"https:\/\/staging2022.42crunch.com\/get-started\/\" target=\"_self\" rel=\"noopener\">\n\t\t\t\t\t\t\tGet Started\n\t\t\t\t\t<\/a>\n\n","protected":false},"excerpt":{"rendered":"<p>API Scan Runtime identification of API vulnerabilities API Security Platform Datasheet API Scan continually scans the API to ensure conformance to the OpenAPI contract and detect vulnerabilities at both testing time and runtime. It detects OWASP API Security Top 10 issues early in the API lifecycle and validates that your APIs can handle\u00a0 unexpected requests. [&hellip;]<\/p>\n","protected":false},"author":3,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_seopress_robots_primary_cat":"","_seopress_titles_title":"API Scan | Dynamic Conformance Scan Test of APIs ","_seopress_titles_desc":"API Scan is a dynamic runtime testing of your API to ensure that the implementation of your API conforms to your OpenAPI contract \/ definition file.","_seopress_robots_index":"","site-sidebar-layout":"no-sidebar","site-content-layout":"page-builder","ast-site-content-layout":"","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"disabled","ast-hfb-above-header-display":"disabled","ast-hfb-below-header-display":"disabled","ast-hfb-mobile-header-display":"disabled","site-post-title":"disabled","ast-breadcrumbs-content":"disabled","ast-featured-img":"disabled","footer-sml-layout":"disabled","theme-transparent-header-meta":"default","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"class_list":["post-1229","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/pages\/1229"}],"collection":[{"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/comments?post=1229"}],"version-history":[{"count":2,"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/pages\/1229\/revisions"}],"predecessor-version":[{"id":18923,"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/pages\/1229\/revisions\/18923"}],"wp:attachment":[{"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/media?parent=1229"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}