SECURITYWEEK NETWORK:

ICS:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Rapid7’s AppSpider Adds API Security Testing

Boston-based security tools maker Rapid7 said on Thursday that the latest version of its AppSpider web application security testing solution can now automate the testing of APIs.

Boston-based security tools maker Rapid7 said on Thursday that the latest version of its AppSpider web application security testing solution can now automate the testing of APIs.

Part of Rapid7’s Threat Exposure Management platform, AppSpider is a Dynamic Application Security Testing (DAST) product that is now compatible with the Swagger framework and allows for fully automated API testing, the company said.

“The testing of APIs, which are increasingly a part of modern web applications and the Internet of Things (IoT), has been notoriously challenging for security professionals, as it previously required time consuming, manual testing efforts,” Rapid7 explained.

“Given the current and growing popularity of APIs in web applications, it’s critical to automate testing to enable security teams to test as much as possible to reduce the risk of breach,” said Lee Weiner, senior vice president of products and engineering at Rapid7.

“The ability for AppSpider, with its Universal Translator, to analyze Swagger files for security vulnerabilities gives our customers a more efficient alternative to manually testing their APIs and, ultimately, the ability to identify issues much more quickly, test more regularly, and save significant resources – up to hours per API,” Weiner added.  

Swagger helps document APIs in a way that makes them readable by both humans and machines, which AppSpider leverages to translate the API into a format it can test.

In addition to the new API testing feature, AppSpider scans traditional formats, including HTML, and its Universal Translator can interpret the new technologies being used in today’s web and mobile applications (AJAX, GWT, REST, JSON, etc.).

Earlier this week, researchers discovered that the Application Program Interface (API) for Target’s mobile app for Andrid was easily accessible from the Internet and exposed user data. In February, a vulnerability in Delmarva Powe’s API could have allowed a malicious attacker to hijack the online accounts of customers.

Advertisement. Scroll to continue reading.

Related: PayPal Mobile API Flaw Allows Security Feature Bypass

Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is founder and director of several leading cybersecurity industry conferences around the world.

More from

Latest News

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Virtual Event: Threat Detection and Incident Response Summit
May 21, 2025

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Webinar: Which Security Testing Approach is Right for You?
March 25, 2025

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

Linx Security has appointed Sarit Reiner Frumkes as Chief Technology Officer.

Tabitha Craig has been named the CISO of the Congressional Budget Office (CBO).

Life360 has appointed Vari Bindra, former Amazon cybersecurity lead, as Chief Information Security Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.