DISCOVER
Scan Your Corporate Perimeter and Identify Unknown or Rogue APIs
SECURE
Identify API Vulnerabilities to Strengthen Your Security Posture
PROTECT
Reduce Risk, Secure Client Data and Maintain Compliance
A COMPREHENSIVE SUITE OF API SECURITY TOOLS AND SERVICES
API VULNERABILITY SCANNING
Perform passive and active scanning of your API endpoints to identify a wide variety of API specific vulnerabilities.
API DISCOVERY
Search your network for Rogue APIs automatically, helping to identify blind spots that exist outside of corporate management.
API SCHEMA VISUALISATION
Import multiple API schema definitions to visualise and interrogate endpoints, parameters, requests, and responses.
REPORTING AND REMEDIATION
Produce detailed severity based vulnerability reports with both non-technical and technical content, allowing issues to be easily understood and prioritised.
VULNERABILITY RESEARCH
Our team of dedicated security researchers continuously improve current scanning techniques to ensure that emerging threats are identified.
ALERTING INTEGRATIONS
Integrate into systems such as Slack to receive notifications of discovered issues, or tools such as Github to automatically run as scan when new code is added to an API.
Rogue API Discover Service
With the increasing use of API technology, it is becoming an increasing problem for IT security managers to keep track of Rogue API endpoints. These endpoints are often built by an individual for a specific purpose and often site outside of corporate management. This represents a significant threat to the business and if undiscovered could create a serious threat.
ShadowAPI helps you to maintain an up to date inventory of your API real estate by continuously scanning your public network, searching for new or unknown APIs. If any are found, an alert is sent to help reduce the threat exposure window.
Mitigate API Vulnerabilities
ShadowAPI identifies configuration based security issues in Web Services such as injection flaws and disclosure of sensitive information vulnerabilities.
Turn-Key Suite of Pre-Built Tests
A wide range of tests (including those detailed in the OWASP API Testing Methodology) can be performed. Identify common vulnerabilities such as injection flaws and disclosure of sensitive information.
Visualise Your API
ShadowAPI is not just a security scanner, at its core is the ability to build and visualise complex API structures. These structures are known as ‘Shadows’ and are a representation of an APIs endpoints, calls, parameters, and expected responses. This security scanner then uses the ‘Shadow’ and a set of propriety test rules to identify vulnerabilities in the live API.