- Silicon Design & Verification
- Products
- Solutions
- Resources
- Services
- Community
- Training
- Silicon IP
- Products
- Markets
- Newsletter
- Customer Success
- News
- Resources
- Software Integrity
- Tools & Services
- Solutions
- Training
- Customers
- Resources
- Partners
- Blog
- Company
- About Us
- Investor Relations
- Community
- Newsroom
- Resources
- Careers & Culture
< Silicon Design & Verification
Silicon Design & Verification
< Products
< Products
< Products
< Products
< Products
< Products
< Products
< Products
< Silicon Design & Verification
< Solutions
< Solutions
Cloud
Synopsys in the Cloud
< Solutions
< Solutions
< Solutions
< Solutions
Photonic Solutions
RSoft Photonic Device Tools
Photonic System Tools
PIC Design Software
OptoCompiler
< Silicon Design & Verification
< Resources
< Resources
Verification
Articles
Blogs
Datasheets
Events
News
Newsletters
Success Stories
Videos
Webinars
White Papers
< Resources
< Silicon Design & Verification
< Services
< Services
< Services
< Silicon Design & Verification
< Community
Community
Community Overview
< Community
< Community
< Community
< Community
< Silicon Design & Verification
< Training
< Silicon Design & Verification
Training
Training and Education
< main menu
< Silicon IP
Silicon IP
< Products
< Products
Processor Solutions
ARC Processor IP
Embedded Vision Processor IP
Development Tools
Operating Systems
Ecosystem
ASIP Tools
< Products
Memories & Libraries
Logic Libraries
Memory Compilers
Duet Packages
HPC Design Kit
PVT Sensors
Non-Volatile Memory
< Products
< Products
Analog IP
Data Converters
< Products
< Products
< Products
< Silicon IP
< Markets
< Silicon IP
Newsletter
< Silicon IP
Customer Success
< Silicon IP
News
< Resources
< Resources
< main menu
< Software Integrity
Software Integrity
< Tools & Services
< Tools & Services
< Tools & Services
< Solutions
< Solutions
< Software Integrity
< Training
< Training
Product Education
< Training
Community
< Software Integrity
< Software Integrity
Customers
< Resources
< Resources
< Software Integrity
< Software Integrity
Partners
< Software Integrity
Blog
< main menu
< About Us
Company
< About Us
< About Us
About Us
About Us
< Investor Relations
< About Us
Investor Relations
Investor Relations
< Community
< About Us
Community
Community
< Newsroom
< About Us
Newsroom
Newsroom
< Resources
< About Us
Resources
Resources
< Careers & Culture
< About Us
Careers & Culture
Careers
< main menu
Tinfoil API Security Testing
Detect API security risks in your web, mobile, and IoT apps and services
Modern application architectures are built on distributed apps and services that communicate through APIs. Tinfoil API Scanner™ makes it easy for developers to identify security defects in the APIs they implement.
AppSec testing optimized for the needs of API developers
APIs provide open, flexible interfaces that enable applications and services to talk to each other. But these characteristics can also make it difficult to build secure software—and even more difficult for traditional AppSec tools to test it.
Tinfoil API Scanner’s deep analysis and contextually aware fuzzing helps development teams proactively protect their REST and GraphQL APIs and ensure that they are secure, correct, and behave to specification.
Context-aware analysis of RESTful and GraphQL APIs
RESTful APIs
Using OpenAPI/Swagger or an HTTP Archive (HAR) export, Tinfoil API Scanner builds a map of the entire API, including endpoints, parameters, type signatures, and specifications, as well as authentication and other required information to develop a deep understanding of the API and how to interact with it.
GraphQL APIs
When pointed to a GraphQL endpoint, Tinfoil API Scanner uses introspection (a GraphQL feature) and patent-pending graph reduction algorithms to build a traversable representation of the entire GraphQL API and a full representative set of queries used for auditing. Tinfoil API Scanner is the only tool that can fully audit GraphQL APIs for vulnerabilities and correctness.
Intelligent API security testing
Tinfoil API Scanner comprehensively tests your APIs for:
Vulnerabilities and correctness
Automatically test every identified endpoint, fuzzing parameters with values generated through constraint and validation analysis to ensure the implementation doesn’t deviate from the specification.
Business logic flaws
Bypass server-side input validation to test the functionality of your APIs with payloads that are intelligently generated to test the boundaries of your validation.
Authorization and authentication bypasses
Combine and test authentication methods, including OAuth2, JWT, and authorization headers, all within an easily defined workflow.
Testing at the speed of development
Fast scans
Tinfoil API Scanner runs in minutes, so your DevOps/CI pipeline isn’t slowed down.
Single-click replay attacks
Reduce fix/test cycle time. Replay attacks easily using built-in cURL commands, which contain the precise request and payload that exploited the vulnerability.
Automated testing integrated with the tools you use today
CI/CD integration
Tinfoil API Scanner integrates directly with Jenkins and other CI/CD pipeline tools, so you can build API security into your DevOps pipelines.
Automation API
Tailor and automate any aspect of API scanning and issue reporting using the Tinfoil API. If you can do it in the UI, you can do it with the API.
Issue tracker integration
Test results are integrated directly into Jira or your issue-tracking tool of choice using simple API calls. And they’re automatically closed when the vulnerabilities are fixed, or reopened as regressions if they reoccur. Never again be inundated with the same vulnerabilities day after day.
Related content
