Skip to main content

Show HN: Openapi.security, a fast security checker for REST-based API https://ift.tt/rlQEGhk

Show HN: Openapi.security, a fast security checker for REST-based API tl;dr we released openapi.security, an online tool that performs a dozen of security tests on any given openapi/swagger-based API, with no signup or email required. You can try it here: https://ift.tt/vI5SjFg My team at Escape (YC W23) is mainly focused on securing GraphQL APIs. For this, we developed a new approach called Feedback driven API Exploration. Basically, we infer the right security tests cases to run using the specification and a carefully crafted in house graph traversal algorithm. (It's a bit long to describe here but we published a more in depth explanation of how this algorithm works in our blog!) We recently wondered if this Feedback Driven Exploration approach could be efficiently applied to good old REST APIs as well. From our experience, well designed GraphQL and REST APIs are quite equivalent: both have an organized data structure and explicit relationships between objects. So why wouldn't it work? We often organise internal hackathons. So this time, we focused on this experiment, adapting our algorithm to REST and ending up creating our last side project: OpenAPI.security. It is a very simple tool: anybody can enter an OpenAPI / Swagger spec, and openapi.security will run a bunch of security tests on it and give back a report. It's designed to be fast and smart in the way it analyzes input specs. https://ift.tt/vI5SjFg February 15, 2023 at 12:58AM
Labels:

Comments

Post a Comment

Popular posts from this blog

Show HN: StreetComplete, an OpenStreetMap Editor for Humans https://ift.tt/2J8IL02

Show HN: StreetComplete, an OpenStreetMap Editor for Humans StreetComplete is an OpenStreetMap[0] editor directed at people who want to contribute and want to do this using their smartphone, without learning how to edit things[1]. It is available as an Android application. It is intended to be used as one walks, with quests appearing as markers on the map. Selecting a marker allows one to answer a simple question. The answer will be added to the OpenStreetMap database, with app handling selecting objects for editing, transforming answer into OSM tags and making edits. OpenStreetMap account is needed to apply edits, but it is possible to start without it, make some edits and login/register later. Note: I am not the main author, but I am one of the active contributors. Github page is at https://ift.tt/2g8lasH and https://ift.tt/3nR9PzS shows what was recently released. [0]OpenStreetMap is a Wikipedia of maps, available on the open licence. This dataset is already used for many interestin...
Post a Comment
Read more https//reachsingh.blogspot.com»

Women Pioneers at Muni: Adeline Svendsen and Muni’s First Newsletter

Women Pioneers at Muni: Adeline Svendsen and Muni’s First Newsletter By Jeremy Menzies To close out Women’s History Month, here’s a look back at one woman whose work to bring Muni staff together in the late 1940s created a legacy that lives on to this day. Adeline “Addy” Svendsen was founding editor of Muni’s first internal newsletter, “ Trolley Topics .” Adeline Svendsen sits at her desk in the Geneva Carhouse office building in this 1949 shot. Trolley Topics was a new venture when it started in February 1946. As Svendsen wrote in the first issue it was created, “to bring a little fun, a little news, and a lot of good will to all our fellow employees in the Railway.” Just two years prior in 1944, Muni merged with the Market Street Railway Company, expanding the small municipal operation into the largest transit provider in the city with hundreds of employees, vehicles of every shape and size, and dozens of facilities scattered across town. The newsletter was meant to help unite ...
Post a Comment
Read more https//reachsingh.blogspot.com»