EthicalCheck is a free and automated API security test service.
Since our launch a few months ago, we learned one-third of tested public-facing REST APIs have vulnerabilities that automated bots can easily exploit. EthicalCheck is a free web app that instantly detects vulnerabilities in REST APIs without coding.
How to get started
Go to the https://EthicalCheck.dev
API: Enter OpenAPI/Swagger URL and your email in the input fields provided and click the scan button.
Processing: Once your request is submitted. The EthicalCheck engine creates a map of all your API endpoints. It then automatically writes security tests covering the OWASP API #2. Finally, it runs the tests against your API. All tests are non-intrusive, and they only look for broken authentication issues.
Report: You'll receive an enterprise-grade App/API penetration test report. The test report meets SOC 2 and similar compliance mandates.
Bugs: The test report includes all the tested endpoints, coverage lists, exceptions, and vulnerabilities/bugs. Vulnerabilities are automatically triaged for you, which means every vulnerability has a severity, CVSS score, endpoint information, OWASP tag, etc., saving you time and resources.
Try a Sample REST APIs:
Check our sample API on the https://ethicalcheck.dev home page.
This sample API is a banking API with features like accounts, transactions, and more. It's an excellent API to learn how to detect authentication and authorization security bugs.