Most APIs use Okta, OAuth 2.0, JWT, Spring Security, and similar security frameworks to implement security. These frameworks are hard to implement, and as other developers add new functionality, it gets harder to ensure security is implemented correctly.
I built a free web tool for developers to test their public/mobile/web APIs for authentication flaws. The tool doesn't require access to live traffic. Neither does it need you to write and configure anything. It automatically creates and runs tests against your production/dev APIs and sends a PDF security test report instantly.
The tool I'm going to use:
https://apisec-inc.github.io/pentest/
I need an OpenAPI Specification (Swagger) URL. Leave it in the comments section. I'll get back to you with a PDF report.
Top comments (1)
Just leave your API URL.