API types and specification formats
Acunetix Premium and Premium+ offer API discovery and vulnerability testing on a single platform. API discovery is part of Invicti's API Security product that helps companies proactively address API-related risks by utilizing the Acunetix DAST scanner to scan known and discovered API specs for vulnerabilities.
This document provides information about the API types and specification formats that Acunetix can discover and scan.
NOTE: API Discovery is available with Invicti API Security Standalone or Bundle. |
API Discovery
Acunetix can discover the following API types and specification formats:
- REST APIs: OpenAPI3 and Swagger2 (the Mulesoft Anypoint Exchange integration can also discover RAML files)
After discovering your OpenAPI3 and Swagger2 specification files, you can easily link them to existing or new targets in Acunetix so they will be scanned for vulnerabilities the next time the linked target is scanned. For more information about API discovery and how it works in Acunetix, refer to API Discovery Overview.
API Scanning
Acunetix can scan the following API types and specification formats:
- REST APIs: OpenAPI3, Swagger2, RAML, WADL, and Postman collection
- SOAP: WSDL
- GraphQL: .graphql
To scan any of these API files for vulnerabilities, you need to upload the file to the associated target or if the file is hosted, link the URL to the target in Acunetix. For information on how to do this, refer to Adding paths via import files/API definitions.
NOTE: Development work on Invicti API Security is ongoing to increase the API discovery and scanning capabilities with more API types and specification formats. |