DEV Community

Tristan Kalos
Tristan Kalos

Posted on

5

Releasing OpenAPI.security, a free tool to quickly check the security of any Swagger / OpenAPI-based API

tl;dr we released openapi.security, an online tool that performs a dozen of security tests on any given openapi/swagger-based API, with no signup or email required

Our team at Escape is mainly focused on securing GraphQL APIs. For this, we developed a new approach called Feedback driven API Exploration, basically inferring the right security tests cases to run using the specification and a carefully crafted in house graph traversal algorithm. - We published a more in depth review of this algorithm in another post.

At Escape, we often organise internal hackathons. It's a way to learn new things, but also to experiment with our internal tools and discover new applications. This time, we wondered if our Feedback Driven Exploration could be applied to good old REST APIs as well and ended up creating OpenAPI.security.

The concept is simple: anybody can enter an OpenAPI / Swagger spec, and openapi.security will run a bunch of security tests on it and give back a report. It's designed to be fast and smart in the way it analyzes input specs.

Since it worked quite well we wanted to share it with the community as well. (NB It's a side project for now)

API Trace View

How I Cut 22.3 Seconds Off an API Call with Sentry πŸ‘€

Struggling with slow API calls? Dan Mindru walks through how he used Sentry's new Trace View feature to shave off 22.3 seconds from an API call.

Get a practical walkthrough of how to identify bottlenecks, split tasks into multiple parallel tasks, identify slow AI model calls, and more.

Read more β†’

Top comments (0)

Sentry image

See why 4M developers consider Sentry, β€œnot bad.”

Fixing code doesn’t have to be the worst part of your day. Learn how Sentry can help.

Learn more

πŸ‘‹ Kindness is contagious

Please leave a ❀️ or a friendly comment on this post if you found it helpful!

Okay