Security
By poking around your OpenAPI description, some tools can look out for attack vectors you might not have noticed.
13 Security
| Name | OpenAPI Versions | Links |
|---|---|---|
| 42crunch A unique set of integrated API security tools that allow discovery, remediation of OpenAPI vulnerabilities and runtime protection against API attacks. | v3, v2 | |
| API Insights RestCase executes hundrends of security and quality checks against the API definition, the API insights report provides detailed security scoring for prioritization, and remediation advice to help developers define the best API definition possible. | v3, v2 | |
| cats CATS is a REST API Fuzzer and negative testing tool for OpenAPI endpoints. CATS automatically generates, runs and reports tests with minimum configuration and no coding effort. Tests are self-healing and do not require maintenance. | v3.1, v3, v2 | |
| FireTail FireTail provides discovery, logging, posture management and in-line enforcement of APIs using OpenAPI. API governance is backed by cloud provider integrations and a suite of open-source application libraries. | v3, v2 | |
| Mayhem for API Probe your REST API with an infinite stream of test cases generated automatically from your OpenAPI specification. | v3.1, v3, v2 | |
| oas-tools NodeJS module to manage RESTful APIs defined with OpenAPI 3.0 Description over Express servers, including security validations | v3 | |
| openapi-fuzzer Based on OpenAPI specification, openapi-fuzzer provides random data as inputs to the API endpoints in order to find bugs. | v3 | |
| OpenAPI3 Fuzzer Simple fuzzer for OpenAPI 3 specification based APIs. Verifies responses and sends various attack patterns. | v3 | |
| OWASP ZAP OWASP ZAP is a free and open source web security tool that can be used manually or completely automated. It supports importing OpenAPI v2 and v3 definitions to allow an API to be thoroughly security tested. | v3, v2 | |
| ratemyopenapi Free and open source OpenAPI automated review and validation tool. | v3.1, v3 | |
| RESTler RESTler is the first stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security and reliability bugs in these services. RESTler analyzes the OpenAPI description of a cloud service, and then generates and executes tests that exercise the service through its REST API. During testing, it checks for specific classes of bugs and dynamically learns how the service behaves from prior service responses. | v3, v2 | |
| StackHawk HawkScan StackHawk is an application vulnerability scanner purpose built for developers to use in the DevOps pipeline. It leverages a provided OpenAPI v2 or v3 spec file for route discovery and enhanced scanning. | v3, v2 | |
| Treblle Treblle is a lightweight SDK that helps Engineering and Product teams build, ship, and maintain REST based APIs faster. | v3.1, v3 |
***