- Knowledge Base
- API Scanning
- General
-
Security Announcements
-
Product News
-
Next-Gen Vulnerability Management
-
Getting Started
-
General
-
Operating Status
-
System & Network Scanning
-
Web Application Scanning
-
Cloud Scanning (CSPM)
-
API Scanning
-
Phishing & Awareness Training
-
Scanner Appliance
-
Device Agent
-
On-premise platform deployment
-
Asset Management
-
Vulnerability Manager
-
Reports
-
Digest Reports
-
Organizer
-
Continuous Monitoring
-
Integrations
-
Platform API
-
Remediation
-
Users
-
PCI DSS
-
Terms & Conditions
-
Dashboard
How does the REST API scanning work?
The REST API scanning in the web application service capabilities allows the scanner to inject vulnerability detection patterns into JSON REST APIs.
You're able to provide a Open API specification document, which is parsed by the scanner and used as the starting point for identifying any vulnerability class (such as SQL injections, XXE and deserialization issues) in REST APIs.
Note that the open API specification needs to be published in order for Holm Security to scan the API.
The specification can be converted from other file formats such as WADL.