apicheck
apicheck copied to clipboard
BBVA
The DevSecOps toolset for REST APIs
Code it's text. Text can checked to detect several framework's endpoints. With a litte intelligence we can guess what the endpoints are.
Some times (too frecuently in my oppinion) there is no OpenApi file. The proposed tool will create an OpenApi file from proxy captured traffic.
The most commands in ApiCheck return a json structure that represent the request. The proposed command will perform the request json and return the response json.
Star tool, the most asked for. We can compare the captured traffic with the openapi definition and alert when discrepancies are found.
Rigth now you can fuzz when generate data from open api. If we enable fuzz within the rules we be able to fuzz the proxy captured traffic also.
Related to: https://github.com/BBVA/apicheck/issues/5 The Rules file must have a mechanism to tell apicheck when you want to pic one random element for each dictionary or when you want to visit...
RIght now every time that you declare a dicctionary a random element is picked at data generation. So, you can't know if every item is visited or not. In order...
Study this projert to see if it has something that can be added to jwt_check tool
As of now, we assumed that both query params and headers could be informed only once (per request). @nilp0inter brought some light into this, and clarified that the HTTP RFC...
