| CPC H04L 63/1433 (2013.01) [G06F 9/44505 (2013.01); G06F 9/541 (2013.01); G06F 9/547 (2013.01); G06F 16/951 (2019.01); H04L 63/1466 (2013.01); H04L 67/133 (2022.05)] | 22 Claims |
|
1. A method for securing an application programing interface (API) against a vulnerability, the method comprising:
accessing, using one or more computing device processors, an API testing tool;
generating or receiving, using the one or more computing device processors and the API testing tool, API workflow data;
generating or accessing, using the one or more computing device processors, and based on the API workflow data, a scan configuration file, the scan configuration file being executable;
determining, using the one or more computing device processors, at least one endpoint;
determining, using the one or more computing device processors, that the at least one endpoint accesses a resource of an application server via a first API;
executing, using the one or more computing device processors, one or more commands associated with API requests, the one or more commands comprising at least one of a POST command, a GET command, a PUT command, and a DELETE command;
crawling, using the one or more computing device processors, content associated with a link comprised in or associated with the API requests to generate crawled data;
executing, using the one or more computing device processors, and based on the crawled data, one or more vulnerability tests;
determining, using the one or more computing device processors, and based on the one or more vulnerability tests, API data associated with the one or more vulnerability tests;
generating, using the one or more computing device processors, and based on the API data, scan data indicative of at least one vulnerability associated with the first API; and
generating, using the one or more computing device processors, a vulnerability report based on the scan data.
|