API Discovery
Overview
Section titled “Overview”The Problem
Section titled “The Problem”80% of REST APIs are undocumented or poorly documented. This also means that 80% of REST APIs are not undergoing security testing since all quality API Security testing tools require a robust OpenAPI Spec (aka Swagger doc) to gain awareness of how to interact with the API and perform tests. However, creating Swagger docs from code requires knowledge of how the code works. Typical strategies include modifying the code to insert code comments, annotations, and decorators and leveraging 3rd party dependencies. If you didn’t write the code, this is time-consuming and difficult.
The Solution
Section titled “The Solution”To remove this friction and enable thorough API Security testing against more APIs, NightVision built a static analysis engine focused on API Discovery from the ground up. It requires zero code modifications and does not require a running application or code compilation—no solution on the market today does this. Our tool performs static analysis of source code and leverages framework-specific knowledge to create the OpenAPI specification.
Why does this matter?
Section titled “Why does this matter?”Testing undocumented REST APIs with API Discovery
Section titled “Testing undocumented REST APIs with API Discovery”This helps NightVision perform testing on undocumented REST APIs. Even for a REST API with existing documentation, NightVision often finds endpoints not declared in the existing Swagger docs, allowing NightVision to achieve higher coverage.