Usage
Dashboard¶
Upon logging into APIStrike, you are greeted by the Dashboard screen, which provides a summary of key information and visualizations. This screen allows you to filter data by date and gain a quick overview of your API security posture.
The Dashboard includes the following components:
- General Statistics: Total number of Projects, APIs, and Rules.
- Attack Attempts: Shows daily attack attempts over the last 3 days.
- Vulnerability Counts: Displays the counts of detected vulnerabilities by severity level: Critical, High, Medium, and Low.
- Test Status: Indicates the current status of defined tests: Scheduled or Running.
- Authentication: Classification of test cases based on authentication status: Authenticated or Non-authenticated.
- HTTP Methods: Indicates the distribution of requests by commonly used HTTP methods such as: GET, POST, PUT, DELETE, etc.
- Most Frequent Vulnerabilities: Lists the most frequently detected vulnerability types along with their occurrence counts.
Projects¶
Projects menu is used to list and manage all existing projects. This list can be filtered by date or project name.
Adding a New Project¶
To add a new project, click the + Add button. Enter the project name and click the OK button.
To make the project functional, you need to add a Swagger URL or upload a Swagger file. Click the Swagger URL/File Actions (
) button. Enter the required information or upload the Swagger file. Click Save to complete the setup.
Running a Test¶
Once the Swagger definition is added, you can start testing by clicking the Run Test (
) button. In the opened window, you will see a list of test categories and available tests. Select the tests you want to run and choose when they should be executed. You have three scheduling options:
- Now – Run immediately
- Recurring – Run at regular intervals using cron syntax
- Scheduled – Run at a specific date and time using a calendar
Then, click the Run Test button to execute the test at the scheduled time.
Adding Authentication Parameters¶
To add a authetication parameter, click Auth Config (
) button. In the opened window, select the authentication type, and enter the necessary request, response, and auth details. Then, click Save to apply the settings.
Adding Parameters¶
To add custom parameters, click the Add Parameter (
) button. Fill in the following fields:URL, Location (e.g., header, query), Method (GET, POST, etc.), Rule, Name, Value Then, click Save. The added parameter will appear in the list below.
Deleting a project¶
To delete a project, click trash bin button from the Actions and confirm the deletion.
Tests¶
The Tests page displays a list of all created tests. You can filter the list by date, status, or project name. For each test, key details such as status and duration are shown.
To view more information about a specific test, click the Details button. The test details page includes three main tabs: Vulnerabilities, Attack Attempts, and Endpoints.
The test details page includes three main tabs:
Vulnerabilities Tab¶
This tab lists all detected vulnerabilities with detailed information.
To reach the details of a detected vulnerability, click Detail button from Actions. It includes Request URL, Traffic Data, Vulnerability Definitions, Reference Information and AI Recommendation details.
Generating the AI recommendation may take a few moments depending on the complexity of the test data.
Attack Attempts Tab¶
This tab displays attack attempts along with their timestamps and status.
To reach the details of an attack attempt, click Detail button from Actions. It includes Project Name, Vulnerability Rule Name, and Traffic Data.
Endpoints Tab¶
This tab lists the scanned endpoints, labeled as either Secure or Not Secure.
To reach the details of an endpoint, click Detail button from Actions. It includes Request URL, Query Parameters, Security Status (Secure / Not Secure), Request Headers, and Request Body details.
Rules¶
The Rules page displays a list of all created rules.
To add a new rule, click + Add button, select the activity status and enter the code. Then, click OK to save.
To edit an existing rule, click Edit button from the Actions.
To delete an existing rule, click trash bin from the Actions.