API Security Assessment (ASA) - Securing Pesky API's with Python





All API end points have a complex way of handling security principles such as Identity, Authorization and managing data. While there are some really good Web Application security products out there that do a great job of securing web applications in general. However Securing and auditing API's is more than a challenge for these products to handle. Developing an automated tool based on python that takes care of securing the API's is the need of the hour.

Automated API Security Assessment tool developed in Python takes the pain out of testing API's for security vulnerabilities. The tool covers the following:

  • Security Misconfiguration Checks
  • Cryptographic Issues
  • Known Vulnerability Checks
  • Identity and Authorization Checks
  • Injection Attack Checks - JSON and SQLi

Detailed Description Of Functionality Of the Tool

The tools used several native and third party libraries and scripts to do an automated API security assessment. The Most influential libraries include:

  • requests
  • sqlite3
  • python-nmap
  • sys, os, markdown
  • commonregex
  • urllib3
  • xlsxwriter
  • csv

and many more.

The interface of the tool is cli driven although a web application interface is being developed with Web2Py coming very soon.


Interest in Security and Python

Content URLs:


Speaker Info:

Hilal Ahmad is a security Architect at Intuit. A veteran of more than 12 years in Security domain and Product Development.

Section: Security
Type: Talks
Target Audience: Intermediate
Last Updated:

Can you provide more details / examples / sample code for "Automated API Security Assessment tool" ?

konark modi (~konark)

Thanks for responding. Of course I can submit more details. Where do you want me to share it ?



You can update the description with the same, that would be great.

konark modi (~konark)

I will upload the presentation asap. I am currently incapable of doing so due to lack of communication facilities in Kashmir valley owing to limits put on Internet in the valley.


Login to add a new comment.