- Knowledge Base
- Getting Started
- API Scanning
-
Security Announcements
-
Product News
-
Next-Gen Vulnerability Management
-
Getting Started
-
General
-
Operating Status
-
System & Network Scanning
-
Web Application Scanning
-
Cloud Scanning (CSPM)
-
API Scanning
-
Phishing & Awareness Training
-
Scanner Appliance
-
Device Agent
-
On-premise platform deployment
-
Asset Management
-
Vulnerability Manager
-
Reports
-
Digest Reports
-
Organizer
-
Continuous Monitoring
-
Integrations
-
Platform API
-
Remediation
-
Users
-
PCI DSS
-
Terms & Conditions
-
Dashboard
How do I get started with API Scanning?
The API scanning is a function within the web application scanner. It allows you to provide an API specification to the scan engine. The information is parsed while scanning, and every endpoint within the specification is tested for vulnerabilities. The API scanner finds vulnerabilities like OWASP API Top 10.
1. Install a Scanner Appliance
A Scanner Appliance is used for scanning within your environment, behind your firewall. You typically use our external/cloud scanners to scan publicly available web apps. You can skip this step if you are scanning publicly available web apps.
Install a Scanner Appliance for local scanning:
https://support.holmsecurity.com/knowledge/how-do-i-install-a-scanner-appliance-1
2. Configure your web app asset
If you are scanning a REST API, follow the steps here:
https://support.holmsecurity.com/knowledge/how-do-i-set-up-a-rest-api-scan
If you are scanning a SOAP API, follow the steps here:
https://support.holmsecurity.com/knowledge/how-do-i-set-up-soap-api-scanning
3. Schedule or run only once
Schedule a scan based on the asset configuration or run a scan once. You must do this for each API specification you want to scan.
https://support.holmsecurity.com/knowledge/how-do-i-schedule-a-scan-for-an-web-app
Open API specification
Notice that the Open API specification needs to be published and reachable from the internet or by the Scanner Appliance to be able to scan the API.