API types and specification formats
Acunetix 360 offers API discovery and vulnerability testing on a single platform. API discovery is part of Invicti's API Security product that helps companies proactively address API-related risks by utilizing the Acunetix 360 DAST scanner to scan known and discovered API specs for vulnerabilities.
This document provides information about the API types and specification formats that Acunetix 360 can discover and scan.
NOTE: API Discovery is available with Invicti API Security Standalone or Bundle. |
API Discovery
Acunetix 360 can discover the following API types and specification formats:
- REST APIs: OpenAPI3 and Swagger2
After discovering your OpenAPI3 and Swagger2 specification files, you can easily link them to existing or new targets in Acunetix 360 so they will be scanned for vulnerabilities the next time the linked target is scanned. For more information about API discovery and how it works in Acunetix 360, refer to API Discovery Overview.
API Scanning
Acunetix 360 can scan the following API types and specification formats:
- REST APIs: OpenAPI3, Swagger2, RAML, WADL, Postman collection, and WordPress REST API
- SOAP: WSDL
- GraphQL: .graphql
- gRPC: protobuf
To scan any of these API files for vulnerabilities, you need to upload the file in the scan settings or link the URL if the file is hosted. For more information about API scanning, refer to Overview of Scanning APIs.
NOTE: Development work on Invicti API Security is ongoing to increase the API discovery and scanning capabilities with more API types and specification formats. |