Skip to content
NightVision Docs

Public REST APIs

Description

Section titled “Description”

Historically, skilled engineers have needed hours or days to prepare and run task scans. However, with NightVision, any developer can easily start a scan from scratch in under 30 seconds and obtain results in under 15 minutes.

Interactive Guide

Section titled “Interactive Guide”

iframe

Step-by-Step Guide

Section titled “Step-by-Step Guide”

To run a security scan against a REST API:

  1. Navigate to https://app.nightvision.net.
  2. Click on New Scan in the top left.
  3. Click on Scan APIs

The NightVision interface displays options for scanning web applications and APIs.

  1. Supply a Target Name and a Base URL with the URL of the API you want to scan. For example:
    1. Target Name: nv-firing-range
    2. Base URL: https://javaspringvulny.nvtest.io:9000/
  2. If your OpenAPI spec is saved on your computer, you can upload it by clicking on:

Select Click to Upload to upload an OpenAPI file that is stored on your machine. Select Click to Upload to upload an OpenAPI file that is stored on your machine.

  1. Alternatively, if your OpenAPI file is accessible from a public web page like this one, you can specify the Swagger file URL.
    1. For this example, you can supply this URL: https://javaspringvulnyopenapispec.fra1.cdn.digitaloceanspaces.com/openapi-spec.json

Specifying a new target under the New Scan wizard. Specifying a new target under the New Scan wizard.

  1. Click Start Scan. This will initiate a scan on the REST API.
  2. You can see the results on the Scans page, just like we covered in Public Web Apps.

Results will be displayed on the scan page. Results will be displayed on the scan page.

Note: Here are the references for the URL and OpenAPI Spec files used in this tutorial.