API Security Assessment (ASA) - Securing Pesky API's with Python
All API end points have a complex way of handling security principles such as Identity, Authorization and managing data. While there are some really good Web Application security products out there that do a great job of securing web applications in general. However Securing and auditing API's is more than a challenge for these products to handle. Developing an automated tool based on python that takes care of securing the API's is the need of the hour.
Automated API Security Assessment tool developed in Python takes the pain out of testing API's for security vulnerabilities. The tool covers the following:
- Security Misconfiguration Checks
- Cryptographic Issues
- Known Vulnerability Checks
- Identity and Authorization Checks
- Injection Attack Checks - JSON and SQLi
Detailed Description Of Functionality Of the Tool
The tools used several native and third party libraries and scripts to do an automated API security assessment. The Most influential libraries include:
- sys, os, markdown
and many more.
The interface of the tool is cli driven although a web application interface is being developed with Web2Py coming very soon.
Interest in Security and Python
Hilal Ahmad is a security Architect at Intuit. A veteran of more than 12 years in Security domain and Product Development.