API types and specification formats

Acunetix 360 offers API discovery and vulnerability testing on a single platform. API discovery is part of Invicti's API Security product that helps companies proactively address API-related risks by utilizing the Acunetix 360 DAST scanner to scan known and discovered API specs for vulnerabilities.

This document provides information about the API types and specification formats that Acunetix 360 can discover and scan.  

NOTE: API Discovery is available with Invicti API Security Standalone or Bundle.

API Discovery

Acunetix 360 can discover the following API types and specification formats:

  • REST APIs: OpenAPI3 and Swagger2 (the Mulesoft Anypoint Exchange integration can also discover RAML files)

After discovering your OpenAPI3 and Swagger2 specification files, you can easily link them to existing or new targets in Acunetix 360 so they will be scanned for vulnerabilities the next time the linked target is scanned. For more information about API discovery and how it works in Acunetix 360, refer to API Discovery Overview.

API Scanning

Acunetix 360 can scan the following API types and specification formats:

  • REST APIs: OpenAPI3, Swagger2, RAML, WADL, Postman collection, and WordPress REST API
  • SOAP: WSDL
  • GraphQL: .graphql
  • gRPC: protobuf

To scan any of these API files for vulnerabilities, you need to upload the file in the scan settings or link the URL if the file is hosted. For more information about API scanning, refer to Overview of Scanning APIs.

NOTE: Development work on Invicti API Security is ongoing to increase the API discovery and scanning capabilities with more API types and specification formats.


« Back to the Acunetix Support Page