#lazyWeb #appsec
Has anyone tested/found any good tools for automating REST API security testing?
That you would recommend of course
Pls RT for reach
cc @dcuthbert @DinisCruz @securestep9 @Kerberosmansour
-
The thing is: most scanners dont understand REST. When a POST to /docs/ redirects to /docs/572 and you then DELETE /docs/572, there is no point in throwing tons of attacks at /docs/572 (unless it fails to delete it, but that’s kind of beside the point)
Well , scanners don't understand the application's logic (which REST is part of it)
Amazing how event after all these years, APIs testing is not a solved problem
somebody should pick up the @O2Platform since key part of the solution is already there
