Skip to main content

Viewing the API Security Scanner Dashboard

The API Security Scanner screen provides an overview on the last completed API security scan, using API Security widgets.

APISEC_Scanner_Dashboard.png

API Security Widgets

Detected APIs

The number of detected APIs in the code. This scan detected 10 APIs in the code.

APISEC_Scanner_Dashboard__Detected_APIs.png

Sensitive Data APIs

The number of APIs with at least one sensitive data attribute. This scan detected sensitive data attributes in 9 out of the 10 detected APIs. Sensitive Data categories and parameters are listed in the table below.

APISEC_Scanner_Dashboard__Sensitive_Data_APIs.png

Category

Parameters

Name

firstname, surname, familyname, fullname, name

Personal Data

birthday, dob, dateofbirth, phone, mobile, email, socialsecurity, ssn, driverslicense

Address

address, zipcode

Bank

credit, cardnumber, account

Secrets

credentials, secret, auth, apikey, pass, pwd, password

Results by Vulnerabilities

A list of sensitive data attributes with an indicator on how often each of these sensitive data attribute was detected.

In the illustrated example, API Security detected Parameter Tampering twice and three more once each.

6485115003.png

Results by Risk

The number of sensitive data attributes according to their risk.

In the illustrated example, API Security detected 5 vulnerabilities of which 2 were of high risk and 3 of medium risk.

APISEC_Scanner_Dashboard__Results_by_Risk.png

Viewing Results

To view results, click View Results. The Risks table appears. It lists the risks and provides additional information as outlined below.

For additional information on viewing scan results in depth, refer to Viewing API Results.

APISEC_Scanner_Dashboard__Risks_Table.png

Parameter

Description

Severity Severity.png

Indicates the risk severity as follows:

High_Severity.png High

Medium_Severity.png Medium

Low_Severity.png Low

Risk Name

The name of the risk.

Status

Indicates the status of the risk a follows:

New.png - A newly detected vulnerability.

Recurrent_List.png - The vulnerability has been detected at least once before.

Endpoint Path

The path of the endpoint where the API is located in which the risk was detected.

Method

The method of the API as follows:

GET

HEAD

POST

PUT

DELETE

CONNECT

OPTIONS

TRACE

Data Origin

Indicates where the risk was detected, for example inside the code.

Risk Discovered

The date when the risk was detected.

In this section: