Skip to main content

Show HN: Openapi.security, a fast security checker for REST-based API https://ift.tt/rlQEGhk

Show HN: Openapi.security, a fast security checker for REST-based API tl;dr we released openapi.security, an online tool that performs a dozen of security tests on any given openapi/swagger-based API, with no signup or email required. You can try it here: https://ift.tt/vI5SjFg My team at Escape (YC W23) is mainly focused on securing GraphQL APIs. For this, we developed a new approach called Feedback driven API Exploration. Basically, we infer the right security tests cases to run using the specification and a carefully crafted in house graph traversal algorithm. (It's a bit long to describe here but we published a more in depth explanation of how this algorithm works in our blog!) We recently wondered if this Feedback Driven Exploration approach could be efficiently applied to good old REST APIs as well. From our experience, well designed GraphQL and REST APIs are quite equivalent: both have an organized data structure and explicit relationships between objects. So why wouldn't it work? We often organise internal hackathons. So this time, we focused on this experiment, adapting our algorithm to REST and ending up creating our last side project: OpenAPI.security. It is a very simple tool: anybody can enter an OpenAPI / Swagger spec, and openapi.security will run a bunch of security tests on it and give back a report. It's designed to be fast and smart in the way it analyzes input specs. https://ift.tt/vI5SjFg February 15, 2023 at 12:58AM

Labels

Labels:

Comments

Post a Comment

Popular posts from this blog

Show HN: Launch VM workloads securely and instantaneously, without VMs https://ift.tt/2QwJ1Kd

Show HN: Launch VM workloads securely and instantaneously, without VMs Hello HN! We've been working on a new hypervisor https://kwarantine.xyz that can run strongly isolated containers. This is still a WIP, but we wanted to give the community an idea about our approach, its benefits, and various use cases it unlocks. Today, VMs are used to host containers, and make up for the lack of strong security as well as kernel isolation in containers. This work adds this missing security piece in containers. We plan on launching a free private beta soon. Meanwhile, we'd deeply appreciate any feedback, and happy to answer any questions here or on our slack channel. Thanks! April 29, 2021 at 07:50AM
Post a Comment
Read more https//reachsingh.blogspot.com»

Show HN: Comment on live websites just like you comment on Google Docs/Figma https://ift.tt/GRhrjX0

Show HN: Comment on live websites just like you comment on Google Docs/Figma I'd love your feedback on this new JS plugin we launched. With this, you can comment on live websites just like you comment on Google Docs or Figma. You can use is to get Copy or UI feedback right on the website you are building. Feedback can be provided in rich formats like audio and video. You can get started by installing a JS tag in the footer of the website. You can then turn the review mode on or off on demand by adding “?review=true” to the URL. Demo video (43s): https://www.youtube.com/watch?v=cdnfBEw8TfI Demo video: https://www.youtube.com/watch?v=h6vxzXJuh8o https://ift.tt/ocLpdEu October 26, 2022 at 02:18AM
Post a Comment
Read more https//reachsingh.blogspot.com»