Overview of scanning APIs
Acunetix can scan Application Programming Interfaces (APIs). When most people think of web security, they think of testing websites and web applications. However, over 80% of web traffic is actually sent through web APIs. Acunetix is a web vulnerability solution for securing your APIs, web applications, websites, and more.
Scanning APIs with Acunetix
APIs and web applications use the same language and technologies, which means they are also prone to the same types of security risks and attacks, such as SQL injection attacks. Since APIs are discrete endpoints, scanners need to know how to find them to test their security. Acunetix offers API scanning through the import or linking of API specification files.
Specifically, you can use Acunetix to identify vulnerabilities in your SOAP, REST, and GraphQL APIs. The scan results will offer remedies to fix the identified vulnerabilities in the same way that you view scan results for your web applications and websites. For instructions on how to scan these API types with Acunetix, refer to the following documentation:
- Scanning REST APIs for vulnerabilities
- Scanning SOAP APIs for vulnerabilities
- Scanning GraphQL APIs for vulnerabilities
IMPORTANT: Scanning APIs in production Scanning production APIs should be conducted with care. Some scanning methods may result in data deletion. We recommend you:
|
Scanning authenticated APIs
Acunetix also supports scanning APIs that require authentication. The available authentication methods are all configured via the target settings page. These include authentication via API Key, Bearer Token, JWT Token, Basic Authentication, and Oauth 2.0. For instructions on how to scan authenticated APIs, refer to the following documentation: