Rest API scanning for security testing
US11792221B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Feb 28, 2022 |
| Grant date | Oct 17, 2023 |
| Priority date | — |
| Expiry date | Feb 28, 2042 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L67/133
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
Methods and systems for securing an application programming interface (API) are presented. The method comprises: receiving API workflow data associated with an API testing tool and generating a scan configuration file using the API workflow data; crawling the collection of API requests by identifying and retrieving a link associated with the collection of API requests; and crawling the link to generate a crawled link response. The method also includes executing one or more vulnerability tests on the crawled link response including applying at least one passive detection rule to the crawled link response and fuzzing the link. The fuzzed link may be transmitted in a request to an application server following which scan data indicative of at least one vulnerability associated with a response from the application server may be generated. The scan data may be used to generate a vulnerability report.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.