Scanning an API

There are two main architectural styles used in modern APIs:

  • SOAP: a highly structured message protocol that supports multiple low-level protocols.

  • REST: a simpler approach to APIs using HTTP/S as the transport protocol, and typically using JSON format for data transfer.

Both types of APIs support HTTP requests and responses and Secure Sockets Layer (SSL), but the similarity ends there.

The increase of API-related security threats in recent years has prompted the Open Web Application Security Project (OWASP) to release the API Security Top 10, which helps raise awareness of the most serious API security issues affecting organizations.

Use either the ZAP-API Scan or Burp API scan.

Resources