So tell me more about API Discovery™...

API Discovery™ is a platform which allows you to:

  • Find, assess and monitor thousands of external APIs publicly available on the Web.
  • Test, fuzz and benchmark your internal APIs using OWASP and PCI standards.
  • Scan source codes (including Open Source Software and proprietary) to discover embedded APIs.
  • Monitor network traffic to discover hidden APIs.
  • Intelligently execute a series of benchmark tests (fuzzing and passive) against your APIs to discover security and legal compliance issues.
  • Collaborate across multiple teams to track the testing, fuzzing, and integration of APIs.
  • Generate security and compliance reports related to your private and publicly APIs.

API security is paramount. Our platform tests APIs against OWASP top-10 and CIS top-20 API-specific vulnerabilities to ensure their security. Some of the API-specific problems identified by OWASP and CIS framework are:

  • Broken Authentication: APIs with ineffective multi-factor authentication or APIs that expose tokens/access codes.
  • Excessive Data Exposure: APIs that leak sensitive information such as passwords, credit card numbers, credentials, and other personal identifiable information.
  • SQL Injection: APIs are prone to attacks by sending invalid data (malicious code or regular expressions).
  • XML External Entities: APIs that accept XML format as request or APIs that produce XML format as response.
  • Buffer Overflow: APIs can cause Buffer Overflow attack if the API input parameters are not handled properly.

What's in it for me?

Integrated User Experience
Consolidate internal and external APIs into a single API Gateway.

Improved Governance
Improve operational efficiency through better security and compliance management of your APIs.

Accelerated Innovation
Easily discover and use Open APIs for faster development.

How does it work?

External APIs: Explore thousands of publicly available APIs; find their sample responses, terms of use and other documentations; test them in real-time without writing a single piece of code or vendor registration.

Internal APIs: Perform a series of fuzzing and passive tests to discover: Sensitive Data Exposure, SQL Injections, Security Misconfiguration, Broken Authentication, Missing Function Level Access Control, Unvalidated Redirects and other issues.

Software Composition Analysis: Automatically scan your source codes (including proprietary and Open Source) to discover embedded APIs. This analysis helps you with tracking and auditing an accurate inventory of your internal and external APIs.

Track changes in Terms of Use and other agreements related to external APIs. Assess legal risks using an AI-driven agreement analyzer. Detect PII and other sensitive data in APIs for GDPR, HIPPA or other data privacy regulations.

Reporting and Analytic Dashboards: Generate security and compliance reports for internal and external APIs. Share analyses and track progress of projects across various in a collaborative way.

Integrate with Jira, Jenkins and bug tracing systems for seamless DevOps experiences. Graphical User Interface (GUI) and Command Line Integration (CLI) tools for automatically scanning your source codes that fit with your continuous development environment.

Plans & Pricing