Discovery & Schema
- OpenAPI/Swagger and Postman collection import
- REST, GraphQL and SOAP endpoint coverage
- Shadow and undocumented endpoint detection
- Versioned and deprecated API checks
Authentication & Access
- Token, JWT and OAuth 2.0 handling checks
- Authentication and session weaknesses
- Access-control and exposure patterns
- Rate-limiting and resource-consumption checks
Data & Injection
- Injection across API parameters
- Excessive data exposure and mass assignment
- Sensitive data leakage in responses
- Input-validation weaknesses
Delivery & Standards
- 100% CI/CD automation, cloud or on-premise
- Multiuser dashboard with RBAC
- OWASP API Top 10 and SANS Top 25 mapping
- Zero false positives and free rescanning