APIwiz
APIwiz
APIwiz API Audit Overview
Summary:
This report provides an overview of the API Audit assessment conducted by APIwiz, identifying all APIs discovered and evaluating compliance against existing OpenAPI specifications. It highlights runtime security threats found in traffic across gateways and standalone microservices, including deviations from specs, security attack patterns, deprecated APIs, and undocumented traffic. The report emphasizes the importance of addressing these issues to prevent compatibility problems, integration failures, data breaches, and security compromises.
(Source: Page 1)
Design Compliance
After analyzing over 1.2 million API requests, it was found that a significant number deviated from OpenAPI specifications. The report breaks down non-compliant requests based on different parameters such as request body, response body, query, and more. This analysis helps in understanding where the deviations occur, allowing for targeted remediation efforts to enhance design compliance and interoperability.
(Source: Page 1)
Security Compliance
The assessment also focused on security compliance, identifying over 1.1 million secured requests and highlighting vulnerable requests that matched known OWASP Top 10 security patterns. The breakdown includes threats such as SQL injection, XPath attacks, malicious JavaScript injection, and server-side vulnerabilities. Understanding and addressing these security risks is crucial to safeguarding sensitive data and preventing unauthorized access.
(Source: Page 2)
