Which API security tools?
Summary
Increasing number of openly available APIs and API products in todays app driven landscape is creating governance and security challenges in this space.
In this post I have summarized the common API security tools and frameworks which we are using to design and implement API security standards. It serves as a catalogue for our API design and delivery engagements.
You are welcome to suggest any tools or frameworks which we missed on this list.
API Security Frameworks and Tools
Frameworks:
Tools:
Frameworks
| Name | Description | References |
|---|---|---|
| OWASP API Security Project | This project and framework focuses on strategies and solutions to understand and mitigate the unique vulnerabilities and security risks of Application Programming Interfaces (APIs). Maintains API Security Top 10 list. The OWASP API Security Project materials are licensed under the Creative Commons Attribution license and can be adopted and used commercially by following license terms. | OWASP API Security Top 10 on GitHub. OWASP GraphQL API Security Cheat Sheet |
Tools
| Name | Description | Deployment | Code | References |
|---|---|---|---|---|
| 42crunch | Automated cloud tool for detection of API security vulnerabilities. Can be integrated into API design and delivery workflows. | Cloud based SaaS application | Closed source | Cloud platform provides API security testing and API protection products. 42crunch maintains API security community forum at Apisecurity.io and community tools. |
If we are missing API security frameworks or tools on this list - let us know.