Which API security tools?
Summary
Increasing number of openly available APIs and API products in todays app driven landscape is creating governance and security challenges in this space.
This post is a summary and catalogue for most used API security tools and frameworks. With references and overview how they match API security standards.
Leave a comment or suggestion if we have missed any on this list.
API Security Frameworks and Tools
Frameworks:
Tools:
Frameworks
| Name | Description | References |
|---|---|---|
| OWASP API Security Project | This project and framework focuses on strategies and solutions to understand and mitigate the unique vulnerabilities and security risks of Application Programming Interfaces (APIs). Maintains API Security Top 10 list. The OWASP API Security Project materials are licensed under the Creative Commons Attribution license and can be adopted and used commercially by following license terms. | OWASP API Security Top 10 on GitHub. OWASP GraphQL API Security Cheat Sheet |
Tools
| Name | Description | Deployment | Code | References |
|---|---|---|---|---|
| 42crunch | Automated cloud tool for detection of API security vulnerabilities. Can be integrated into API design and delivery workflows. | Cloud based SaaS application | Closed source | Cloud platform provides API security testing and API protection products. 42crunch maintains API security community forum at Apisecurity.io and community tools. |
If we are missing API security frameworks or tools on this list - let us know.