Hi,

This post is regarding VOOKI – RESTAPI Vulnerability Scanner.

Before you learn about RESTAPI Vulnerability Scanner. You need to learn few things please read below.

First, we learn about what is Web Service?

WEB SERVICE:

• A web service is a collection of standards and protocols that applications and systems used for exchanging data over the internet.

• 
  
  It is a standardized way or medium to propagate communication between the client and server applications on the World Wide Web.
  
  
• A web service could be written in any programming language and is OS-independent.

• Web services provide a common platform that allows multiple applications built on various programming languages to have the ability to communicate with each other.

• For instance, an application built in PHP running on a Linux server can communicate with an Android application built using Java and running on an Android operating system.
  

Types of Web Services :

A Major Web Services as defined below,

• SOAP

• REST
  

Next, we learn about API

API:

• An API is an application programming interface. It is a set of rules that allow programs to talk to each other.
  

• The developer creates the API on the server and allows the client to talk to it.

• It specifications that software programs can follow to communicate with each other.

• It serves as an interface between different software programs and facilitates their interaction, similar to the way the user interface facilitates interaction between humans and computers.
  

Next, we learn about What is RESTful API :

RESTful API :

• REST determines how the API looks like. It stands for “Representational State Transfer”.
  

• 
  
  It is used to make applications distributed and independent over the internet with the aim of enhancing the performance, scalability, simplicity, modifiability, visibility, portability, and reliability of the application.
  
  
• It is a set of rules that developers follow when they create their API. One of these rules states that you should be able to get a piece of data (called a resource) when you link to a specific URL.
  

• It is a stateless software architecture that provides many underlying characteristics and protocols that govern the behavior of clients and servers.
  

• The collection of the resources is then represented in a standardized form (usually XML) that can be any valid Internet media type, provided that it is a valid hypertext standard.
  

Next, we learn about API Application Vulnerability Scanner :

APPLICATION VULNERABILITY SCANNER :

• 
  
  An app vulnerability scanner can help to ensure that applications are free from the flaws and weaknesses that hackers use to gain access to sensitive information.
  

• From backdoors, malicious code and other threats, these flaws may be present both in a commercial.
  

Finally, we enter into the Vooki – RESTAPI Vulnerability ScannerVOOKI – RESTAPI

• Vooki is a free RESTAPI Vulnerability Scanner.

• Its a User-friendly tool that you can easily scan the REST using GUI .

• 
  It has Deep Search algorithm which does advance check for the vulnerabilities.
  
  
• It has save feature that you can repeat the scan to check whether reported vulnerability has been fixed or not.

• Vooki follows OWASP TOP 10 standards.
  

RESTAPI Vulnerability Scanner can help you to find the following attacks,

• SQL Injection.

• Command Injection.

• Header Injection.

• Cross site scripting (possibilities).

• Missing security headers.

• Sensitive Information disclosure in response headers.

• Sensitive Information disclosure in error messages.

• Missing Server Side input Validation.

• Unwanted use of HTTP methods.

• Improper HTTP Response.
  

How to use Vooki REST API Vulnerability Scanner :

• Start Application.

• Create new Project.

• Add the new request in created project.

• Provide proper headers, url, and data.

• Save and run the scan from the menu bar.

• After scan gets completed click on generate report from the menu bar.
  

There is video tutorial about using the Vooki tool, you can see it for more details.

Advantages in Vooki tool:

• Free Dynamic Security Scanner.

• Scans Web Application and REST API.

• Provides Vulnerability Details.

• Generates Vulnerability Report.

• Available in Windows.

• Easy to use.

• CVSS score based on attack.