Scanning APIs with an Infrastructure license
π If you were to specify the API as a target (e.g . api.example.com).
We'll perform the usual infrastructure checks, including checks against the web server hosting the API, these could cover:
Unintentionally exposed systems
Information Leakage
Encryption weaknesses
Misconfigurations & common mistakes
Remote vulnerable Software and missing patches
Scanning APIs with an Application License
π If you were to upload your schema file
We'll perform the usual infrastructure checks, including checks against the web server hosting the API (same as above):
Unintentionally exposed systems
Information Leakage
Encryption weaknesses
Misconfigurations & common mistakes
Remote vulnerable Software and missing patches
In addition to that, all API endpoints defined in the schema will be checked for common vulnerability categories, as well as weaknesses in custom software, this could cover:
OS command injection
Enhanced Cross-site scripting (XSS); persistent/stored, reflected and DOM-based XSS
Enhanced SQL injection; against multiple types of databases
NoSQL injection; specifically against MongoDB
LDAP injection
XPath injection
Server-side includes
Server-side code injection
Java serialisation weaknesses
Buffer and integer overflows
π If you were to add authentication to the target or assign an authentication to the API, we'll also check the authenticated pages / endpoints for the above.
π° You can add as many APIs to a single target as you wish and it will only consume one Application license, but the Base URL must correlate with the target you're adding the API schema to (if it doesn't, you'll get an error message). For example:
Accepted? | Target | Base URL |
β | api.intruder.io | |
β | api.intruder.io | |
β | api.intruder.io | |
β | api.intruder.io |