Qualys Enhances REST API Security with Swagger and OpenAPI Support
Qualys Web Application Scanning (WAS) has enhanced its REST API testing capabilities, now supporting Swagger and OpenAPI specifications. This update, released in April 2020, enables automatic security testing of API endpoints using Swagger or OpenAPI files.
The new feature allows for the detection of common application security flaws in REST APIs, such as SQL injection, command injection, and remote code execution. This is made possible by the addition of new informational QIDs: QID 150195 and QID 150197.
Qualys WAS also supports Postman Collections for functional testing of REST APIs. Additionally, it offers plugins for CI/CD tools like Jenkins, Bamboo, and TeamCity, enabling automated security testing in continuous integration and deployment environments for both web applications and REST APIs.
By supporting Swagger and OpenAPI, Qualys WAS aligns with OWASP's Proactive Controls v2, recommending early and frequent security verification in the software development life cycle. This update underscores the importance of REST API security, given the shared application-layer vulnerabilities with web applications.
Read also:
- Trump announces Chinese leader's confirmation of TikTok agreement
- Enhancing the framework or setup for efficient operation and growth
- Hydroelectric Power Generation Industry Forecasted to Expand to USD 413.3 Billion by 2034, Projected Growth Rate of 5.8% Compound Annual Growth Rate (CAGR)
- SpaceX & T-Mobile Activate Starlink for Hurricane Helene Connectivity
