DEV Community

Intesar Mohammed
Intesar Mohammed

Posted on

3 1

Security Test REST APIs in Minutes for Free

EthicalCheck is a free and automated API security test service.

Since our launch a few months ago, we learned one-third of tested public-facing REST APIs have vulnerabilities that automated bots can easily exploit. EthicalCheck is a free web app that instantly detects vulnerabilities in REST APIs without coding.

How to get started

  1. Go to the https://EthicalCheck.dev

  2. API: Enter OpenAPI/Swagger URL and your email in the input fields provided and click the scan button.

  3. Processing: Once your request is submitted. The EthicalCheck engine creates a map of all your API endpoints. It then automatically writes security tests covering the OWASP API #2. Finally, it runs the tests against your API. All tests are non-intrusive, and they only look for broken authentication issues.

  4. Report: You'll receive an enterprise-grade App/API penetration test report. The test report meets SOC 2 and similar compliance mandates.

  5. Bugs: The test report includes all the tested endpoints, coverage lists, exceptions, and vulnerabilities/bugs. Vulnerabilities are automatically triaged for you, which means every vulnerability has a severity, CVSS score, endpoint information, OWASP tag, etc., saving you time and resources.

Result view

Try a Sample REST APIs:

Check our sample API on the https://ethicalcheck.dev home page.
This sample API is a banking API with features like accounts, transactions, and more. It's an excellent API to learn how to detect authentication and authorization security bugs.

Do your career a big favor. Join DEV. (The website you're on right now)

It takes one minute, it's free, and is worth it for your career.

Get started

Community matters

Top comments (0)

Billboard image

Try REST API Generation for MS SQL Server.

DevOps for Private APIs. With DreamFactory API Generation, you get:

  • Auto-generated live APIs mapped from database schema
  • Interactive Swagger API documentation
  • Scripting engine to customize your API
  • Built-in role-based access control

Learn more