How to perform API scan in Yaazhini

How to perform API scan in Yaazhini

API Scanner

In some ways, the most valuable asset your company owns is your data. Threats to that data have to be identified and it should be eliminated so you don’t put that data at risk. This is why security testing is so important.

Application Programming Interfaces (APIs) provide the easiest key way access point for a hacker who needs your data. So, we need to identify those loop holes and eliminate those risks.

If there was an error in an API, it affects every application that relies on that API. In short, a single error can cause problems across your entire company, as well as any external organizations using your API. So always keep updating your security and avoid those risks.

How to use Yaazhini - API Scanner

There we have several modules in the Yaazhini - android app security scanner; we will explain how to use each one of them separately. Follow these steps:

Steps to perform scan

        Start the Yaazhini application.

        Select the device type.

        Provide the PORT number for incoming proxy.

        Click on Next button.

        Now set the proxy of device to the Yaazhini and traverse through the app

        Right-click on node appearing on Yaazhini tool and click on the scan.

Steps to generate report

        As the scan gets completed it will show all the vulnerabilities and its details with recommendation.

        Right-click on the node on the of the project you want to generate report.

        Click on Generate Report.

        Save the report at preferred location.

Advantages of Yaazhini - API Scanner

        Scan API with ease.

        It finds the various vulnerabilities available in the API.

        Provide the details and recommendation of the vulnerabilities.

        Generate and save the report at preferred location.

Yaazhini – Android Application REST API Scanner can help you to find the following attacks

        SQL Injection

        Command Injection

        Header Injection

        Cross-site scripting – reflected.

        Cross-site scripting – stored.

        Cross-site scripting – DOM based.

        Missing security headers

        Sensitive Information disclosure in response headers

        Sensitive Information disclosure in error messages

        Missing Server Side input Validation

        Unwanted use of HTTP methods

        Improper HTTP Response and 50+ more

Download FREE Yaazhini - android vulnerability scanner


    • Related Articles

    • How to use Yaazhini Android Application REST API Scanner ?

      Hey guys,       This is another post for the Yaazhini tool, today we will the another module of the Yaazhini. In this Android Application REST API Scanner we will capture the API request from the android device or the emulator and scan it for the ...

    • What is Yaazhini ?

      Yaazhini is the vulnerability scanner for android application APK and REST api service. This tool is widely used in many corporate companies to find vulnerabilities. Why Yaazhini? Easy to use Scans android APK and Rest API Scan Android APK by just ...

    • Yaazhini Vulnerability Report Generation

      Vulnerability generating report is very important for any developers for better development of their site security. Generating a clear vulnerability report helps us to find the statistics, loopholes stuffs of the vulnerabilities in an organization ...

    • How to use Yaazhini Android Application APK Scanner ?

      Hello friends,       In the Yaazhini application we have two separate modules from which today we will discuss about the Yaazhini Android Application APK Scanner. Yaazhini tool for APK scanner will help you to scan all vulnerabilities in APK file in ...

    • Mobile app security testing tutorial (Android Application APK Tutorial)

      Yaazhini, one of the best mobile app free vulnerability finding tool. Here is the security testing tutorial video for APK. Steps to perform scan·        Start the Yaazhini application. Provide the project name. Select the android APK file. Click on ...