Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?



Rapid7’s AppSpider Adds API Security Testing

Boston-based security tools maker Rapid7 said on Thursday that the latest version of its AppSpider web application security testing solution can now automate the testing of APIs.

Boston-based security tools maker Rapid7 said on Thursday that the latest version of its AppSpider web application security testing solution can now automate the testing of APIs.

Part of Rapid7’s Threat Exposure Management platform, AppSpider is a Dynamic Application Security Testing (DAST) product that is now compatible with the Swagger framework and allows for fully automated API testing, the company said.

“The testing of APIs, which are increasingly a part of modern web applications and the Internet of Things (IoT), has been notoriously challenging for security professionals, as it previously required time consuming, manual testing efforts,” Rapid7 explained.

“Given the current and growing popularity of APIs in web applications, it’s critical to automate testing to enable security teams to test as much as possible to reduce the risk of breach,” said Lee Weiner, senior vice president of products and engineering at Rapid7.

“The ability for AppSpider, with its Universal Translator, to analyze Swagger files for security vulnerabilities gives our customers a more efficient alternative to manually testing their APIs and, ultimately, the ability to identify issues much more quickly, test more regularly, and save significant resources – up to hours per API,” Weiner added.  

Swagger helps document APIs in a way that makes them readable by both humans and machines, which AppSpider leverages to translate the API into a format it can test.

In addition to the new API testing feature, AppSpider scans traditional formats, including HTML, and its Universal Translator can interpret the new technologies being used in today’s web and mobile applications (AJAX, GWT, REST, JSON, etc.).

Advertisement. Scroll to continue reading.

Earlier this week, researchers discovered that the Application Program Interface (API) for Target’s mobile app for Andrid was easily accessible from the Internet and exposed user data. In February, a vulnerability in Delmarva Powe’s API could have allowed a malicious attacker to hijack the online accounts of customers.

Related: PayPal Mobile API Flaw Allows Security Feature Bypass

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.