- Cyber Security Services
- Compliance Services
- IT Risk and Audit Services
- Contact Us
What Is It:
Representational State Transfer (REST) APIs are extremely common on the internet we use today. However, testing APIs introduce some unique behaviors that make traditional web application scanning tools difficult to use. Since billions, if not trillions, of API calls are used on a daily basis, security measures should be in place to ensure that your API architecture is correct and secure. That is where we come in.
How We Do It:
Through a deep partnership with one of the leading security scanning companies, along with highly educated certified ethical hackers; we leverage both a manual and automatic scanning technique to ensure there aren’t any holes in your API call. We start by obtaining a Swagger 2.0 (now known as OpenAPI) YAML file with all the API calls you want to be tested. Once the technical information is obtained, Compass imports this information into our scanner which checks for open holes in each one of your API calls. When a swagger file is not supported, Compass can also leverage a more granular approach by sending individual API calls via cURL and capturing the response in a proxy. Regardless of either approach, an analyst will review, and if needed, test necessary vulnerabilities to ensure you get accurate results.
What Is Required To Get Started:
All that is needed is a quick conversation with one of Compass’s experienced Account Managers. Once a Statement of Work (SOW) is signed, the following will make the process run smoothly and expedite your report:
What You Will Receive:
So what are you waiting for? Contact us today to put your team to the test and see how they hold up against leading industry API scanning!