Rest API scanning for security testing
US12267352B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Oct 16, 2023 |
| Grant date | Apr 1, 2025 |
| Priority date | — |
| Expiry date | Oct 16, 2043 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L67/133
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
Methods and systems for securing an application programming interface (API) are presented. The method comprises: receiving API workflow data associated with an API testing tool and generating a scan configuration file using the API workflow data; crawling the collection of API requests by identifying and retrieving a link associated with the collection of API requests; and crawling the link to generate a crawled link response. The method also includes executing one or more vulnerability tests on the crawled link response including applying at least one passive detection rule to the crawled link response and fuzzing the link. The fuzzed link may be transmitted in a request to an application server following which scan data indicative of at least one vulnerability associated with a response from the application server may be generated. The scan data may be used to generate a vulnerability report.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.