Skip to main content

Application & API Security Testing

With Security Testing (AAST), your applications and APIs are continously monitored and tested to reveal issues (vulnerabilities), misconfigurations, and threats before they impact your users. By analyzing API traffic, scanning for risks, such as broken authentication and data exposure, it ensures that your application is secure and reliable. This proactive approach helps you detect and resolve issues early, protect sensitive data, and prevent disruptions while maintaining trust across your application and APIs.

Get Started

AAST Overview

Learn what Application & API Security Testing is.

Get Started with AAST

Understand the components and how they work together to secure your application.

Understand Scans and Traffic Types

Learn about scans, the user interface, and the traffic types for testing your APIs.

Basic Usage and Workflows

Runners

Understand the role of runners and steps to set them up for executing scans and generating results.

Creating a Scan

Learn how to create scans and test your APIs.

Scan Creation Recommendations

The best practices to configure efficient and reliable scans.

View Results and Fix Issues

Scan Details

Explore scan results (issues, coverage, and test runs) and learn how to use them.

Issues

View detected issues and their occurrence patterns, and manage, triage, and resolve them.

Reports

Download detailed issue reports for audits and collaboration.

Advanced Usage

Policies

Define what vulnerabilities to test, coverage levels, and other settings.

Vulnerability Types

Use predefined or create custom vulnerability types with CVSS scores, severities, and tags.

Plugins

Extend the AAST functionality by creating custom plugins in YAML or Python, configuring them, and testing them on endpoints.

Mutation and Assertion Overrides

Customize plugin behavior and reduce false positives on specific endpoints.

Authentication

Configure supported authentication methods, such as API Key, JWT, OAuth, and more.

Environment Config

Enable or disable scans and replays for environments.

Support

Frequently Asked Questions

Quick answers to common queries and usage scenarios.

Troubleshooting Guide

Step-by-step guide to resolve common setup, configuration, and runtime issues.