Secure Pro, built on the Ready! API framework, provides a set of security scans that are based on the most commonly used attacks so you can test your REST and SOAP API's vulnerabilities and fix them before you deploy them to production.

For API developers and testers who want to ensure they are consuming and providing hacker-safe APIs, Secure Pro lets you create your own security scans or use any of our pre-built scans.

Pre-Built Scans to Easily Secure Your API

With the API Security Scan Wizard you can jumpstart your API security testing with pre-built scans.
Secure Pro helps you find and address vulnerabilities in your REST and SOAP APIs before you go to production by providing a number of built-in security scans that you can easily add to your API tests. Our unique Security Scan Wizard walks you through the steps of customizing the test run by selecting the scans you want to use and the test steps you want to run them against.
Our built-in API security tests include:

  • Boundary Scan: Sending in data at the boundary of allowed values or in direct opposition of the allowed values may cause your system to display unwanted information. This scan sends those requests through to see if your API can be breached.
  • Cross-Site Scripting: This test checks to make sure your API doesn't expose the parameters it uses by displaying the in messages and URLs.
  • Fuzzing Scan: This scan injects random text as API requests in an effort to provoke unknown errors, buffer overflows, stack traces, or string vulnerabilities.
  • Invalid Types: This scan sends an unexpected data format in the request so you can validate that the API can gracefully handle input of the wrong data type.
  • Malformed XML: This scan will insert malformed XML snippets into the API request in an effort to expose sensitive information or potentially crash a vulnerable server.
  • Malicious Attachment: Malicious attachments can take several forms and have multiple purposes - for our scan, we add and/or replace attachments to the request with invalid or large attachments to seek out vulnerabilities in the server or the code.
  • SQL Injection: Our SQL injection test can send malicious SQL statements to your API in an effort to access and weaken your databases.
  • XML Bomb: The XML Bomb sends an extremely large XML file to your API in an effort to create a stack overflow.
  • XML Injection: This scan injects unexpected XML content and/or structures into the API request in an attempt to disrupt its behavior.

Custom API Security Scans

For those who want more control over the design and execution of their API security tests for REST and SOAP APIs, Secure Pro, provides the ability to start from a clean slate and build your own scans. In Secure Pro, a security test is basically a layer on top of an existing test case, adding any number of security scans to each of the Request TestSteps beneath.

If none of the pre-populated API Security scans meet your needs, you can also choose Custom Script to write your own security scan in Javascript or Groovy. Your script will be invoked with parameters, log, context, securityScan, and testStep variables.

API Security Test Generator - Simulate Full-Blown Attacks Against Your API

The types and amount of API security testing you need depends greatly on who will be using your API and the level of exposure you might have as a result. With Secure Pro, in addition to pre-built security scans, you can drive your security testing with our Security Test Generator.
The Security Test Generator gives you all the power of Secure Pro's security scans without all the heavy lifting.

  • Auto-generate standard security scans for every test step in your test case.
  • Let us add assertions based on the generated scans and the test steps they are associated with.
  • View the results in Ready! API Secure Pro’s reporting interface within minutes.