This post is regarding VOOKI – RESTAPI Vulnerability Scanner.
Before you learn about RESTAPI Vulnerability Scanner. You need to learn few things please read below.
First, we learn about what is Web Service?
WEB SERVICE:
A web service is a collection of standards and protocols that applications and systems used for exchanging data over the internet.
It is a standardized way or medium to propagate communication between the client and server applications on the World Wide Web.
A web service could be written in any programming language and is OS-independent.
Web services provide a common platform that allows multiple applications built on various programming languages to have the ability to communicate with each other.
For instance, an application built in PHP running on a Linux server can communicate with an Android application built using Java and running on an Android operating system.
Types of Web Services :
A Major Web Services as defined below,
SOAP
REST
Next, we learn about API
API:
An API is an application programming interface. It is a set of rules that allow programs to talk to each other.
The developer creates the API on the server and allows the client to talk to it.
It specifications that software programs can follow to communicate with each other.
It serves as an interface between different software programs and facilitates their interaction, similar to the way the user interface facilitates interaction between humans and computers.
Next, we learn about What is RESTful API :
RESTful API :
REST determines how the API looks like. It stands for “Representational State Transfer”.
It is used to make applications distributed and independent over the internet with the aim of enhancing the performance, scalability, simplicity, modifiability, visibility, portability, and reliability of the application.
It is a set of rules that developers follow when they create their API. One of these rules states that you should be able to get a piece of data (called a resource) when you link to a specific URL.
It is a stateless software architecture that provides many underlying characteristics and protocols that govern the behavior of clients and servers.
The collection of the resources is then represented in a standardized form (usually XML) that can be any valid Internet media type, provided that it is a valid hypertext standard.
Next, we learn about API Application Vulnerability Scanner :
APPLICATION VULNERABILITY SCANNER :
An app vulnerability scanner can help to ensure that applications are free from the flaws and weaknesses that hackers use to gain access to sensitive information.
From backdoors, malicious code and other threats, these flaws may be present both in a commercial.
Finally, we enter into the Vooki – RESTAPI Vulnerability ScannerVOOKI – RESTAPI
VULNERABILITY SCANNER :
Vooki is a free RESTAPI Vulnerability Scanner.
Its a User-friendly tool that you can easily scan the REST using GUI .
It has Deep Search algorithm which does advance check for the vulnerabilities.
It has save feature that you can repeat the scan to check whether reported vulnerability has been fixed or not.
Vooki follows OWASP TOP 10 standards.
RESTAPI Vulnerability Scanner can help you to find the following attacks,
SQL Injection.
Command Injection.
Header Injection.
Cross site scripting (possibilities).
Missing security headers.
Sensitive Information disclosure in response headers.
Sensitive Information disclosure in error messages.
Missing Server Side input Validation.
Unwanted use of HTTP methods.
Improper HTTP Response.
How to use Vooki REST API Vulnerability Scanner :
Start Application.
Create new Project.
Add the new request in created project.
Provide proper headers, url, and data.
Save and run the scan from the menu bar.
After scan gets completed click on generate report from the menu bar.
There is video tutorial about using the Vooki tool, you can see it for more details.
Hello Ladies & Gentleman, Here we came with the new topic `Web Application Vulnerabilities` and how do we scan it using the tool. So without any delay lets get to the topic What is Web Application Vulnerability ? The vulnerability is a weakness which ...
Vulnerability scanning is an inspection of the potential points of exploit on a computer or network to identify security holes. A vulnerability scan detects and classifies system weaknesses in computers, networks and communications equipment and ...
A vulnerability assessment is a process that identifies and assigns severity levels to security vulnerabilities in Web applications that a malicious actor can potentially exploit. The assessment is conducted manually and augmented by commercial or ...
Last year, according to security vendor Secunia, statistics says the no of vulnerabilities detected in commercial software’s found over 15500 in total 3870 Products. Unfortunately, many vulnerabilities remain open for many weeks, or even years as ...
Web application security is one major element in web app development that that often gets overlooked. It’s understandable. Business websites and applications need to be as accessible yet robust as possible, but this presents a huge range of security ...