Astra – Automated Security Testing For REST API’s

0
0

REST API penetration testing is complex due to continuous changes in existing APIs and newly added APIs. Astra is an automated tool created for security engineers or developers as an integral part of their process, so they can detect and patch vulnerabilities early during development cycle. REST API is an architectural style that allow to communicate with web services. This is becoming very common in modern services such as mobile web application to communicate two different apps.

There are several possible Attacks during the scan with this tool including:

  • SQL injection
  • Cross site scripting
  • Information Leakage
  • Broken Authentication and session management
  • CSRF (including Blind CSRF)
  • Rate limit
  • CORS misconfiguration (including CORS bypass techniques)
  • JWT attack
  • CRLF detection
  • Blind XXE injection
Detailed vulnerability report

Detailed vulnerability report

Astra can automatically detect and test login & logout (Authentication API), so it’s easy for anyone to integrate this into CICD pipeline. Also Astra allows to take API collection as an input so this can also be used for testing apis in standalone mode.

You can read more and download the latest version over here: https://github.com/flipkart-incubator/

Share