API Security Assessment (ASA) - Securing Pesky API's with Python





All API end points have a complex way of handling security principles such as Identity, Authorization and managing data. While there are some really good Web Application security products out there that do a great job of securing web applications in general. However Securing and auditing API's is more than a challenge for these products to handle. Developing an automated tool based on python that takes care of securing the API's is the need of the hour.

Automated API Security Assessment tool developed in Python takes the pain out of testing API's for security vulnerabilities. The tool covers the following:

  • Security Misconfiguration Checks
  • Cryptographic Issues
  • Known Vulnerability Checks
  • Identity and Authorization Checks
  • Injection Attack Checks - JSON and SQLi

Detailed Description Of Functionality Of the Tool

The tools used several native and third party libraries and scripts to do an automated API security assessment. The Most influential libraries include:

  • requests
  • sqlite3
  • python-nmap
  • sys, os, markdown
  • commonregex
  • urllib3
  • xlsxwriter
  • csv

and many more.

The interface of the tool is cli driven although a web application interface is being developed with Web2Py coming very soon.


Interest in Security and Python

Content URLs:


Speaker Info:

Hilal Ahmad is a security Architect at Intuit. A veteran of more than 12 years in Security domain and Product Development.

Section: Security
Type: Talks
Target Audience: Intermediate
Last Updated: