Rest api scanning for security testing
US11265342B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Jul 2, 2020 |
| Grant date | Mar 1, 2022 |
| Priority date | — |
| Expiry date | Aug 12, 2040 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L67/133
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
Methods and systems for securing an application programming interface (API) are presented. The method comprises: receiving API workflow data associated with an API testing tool and generating a scan configuration file using the API workflow data; crawling the collection of API requests by identifying and retrieving a link associated with the collection of API requests; and crawling the link to generate a crawled link response. The method also includes executing one or more vulnerability tests on the crawled link response including applying at least one passive detection rule to the crawled link response and fuzzing the link. The fuzzed link may be transmitted in a request to an application server following which scan data indicative of at least one vulnerability associated with a response from the application server may be generated. The scan data may be used to generate a vulnerability report.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.