DEV Community

Tristan Kalos
Tristan Kalos

Posted on

Releasing OpenAPI.security, a free tool to quickly check the security of any Swagger / OpenAPI-based API

tl;dr we released openapi.security, an online tool that performs a dozen of security tests on any given openapi/swagger-based API, with no signup or email required

Our team at Escape is mainly focused on securing GraphQL APIs. For this, we developed a new approach called Feedback driven API Exploration, basically inferring the right security tests cases to run using the specification and a carefully crafted in house graph traversal algorithm. - We published a more in depth review of this algorithm in another post.

At Escape, we often organise internal hackathons. It's a way to learn new things, but also to experiment with our internal tools and discover new applications. This time, we wondered if our Feedback Driven Exploration could be applied to good old REST APIs as well and ended up creating OpenAPI.security.

The concept is simple: anybody can enter an OpenAPI / Swagger spec, and openapi.security will run a bunch of security tests on it and give back a report. It's designed to be fast and smart in the way it analyzes input specs.

Since it worked quite well we wanted to share it with the community as well. (NB It's a side project for now)

Top comments (0)