Dashboard
When you log in to APIFORT, the dashboard opens by default. It contains the submenus: Traffic Summary, API Discovery, Sensitive Data, and OWASP API 2023.
Traffic Summary¶
Traffic Summary includes data and charts for API Traffic, API Types, Sensitive Data Types, Methods, Severities, and Attack Types. Charts can be customized with date-based filtering.
API Traffics¶
It displays data and charts summarizing all Attacks and Requests within the application.
Attack Sources¶
It displays the geographic distribution of attack sources on a world map. Each marked point represents a source location from which an attack attempt originated. Below the map, a table provides detailed information, including the location and the corresponding number of hits detected from each source.
Attack Types¶
It displays the attack types and their counts within the application.
Sensitive Data Types¶
It displays the Sensitive Data Types and related counts within the application.
API Types¶
It displays the API Types and related count within the application.
- Shadow: APIs that are undocumented or not known to the system.
- Orphan: APIs that are no longer in use but still exist within the system.
- Used: APIs that are currently active and in use.
- Zombie: APIs that are outdated or deprecated but still accessible.
HTTP Types¶
It provides a list of HTTP types along with the count for each type.
Methods¶
It displays the method and related count within the application.
Severities¶
It displays the severity levels and count of attacks within the application.
API Discovery¶
API Discovery includes data and charts for the Top 10 Risky APIs, Sensitive Data, API Inventory, Risk Score, and API Types.
Top 10 Risky APIs¶
It lists the top 10 APIs with the highest risk levels.
API Discovery Summary¶
It contains a bar chart that displays the risk scores of APIs by level and pie charts about the API Types.
Sensitive Data¶
It displays a pie chart with the types of sensitive data in the application and their counts.
API Inventory¶
It displays the catalog names and endpoint counts of APIs. By selecting the application from the top right corner, users can access the catalogs and endpoints associated with that application.
Sensitive Data¶
It displays the defined sensitive data with details. It provides counts of Sensitive data types and API Endpoints with Sensitive Data Types.
Top 10 Observed Data Types¶
It displays the top 10 sensitive data types with the highest count.
Observed Sensitivity¶
It displays sensitivity levels of sensitive data.
Data Catalog¶
It displays the sensitive data catalog.
When any catalog is clicked, the corresponding endpoints tab is opened.
When any endpoint is clicked, its details are displayed.
OWASP API 2023¶
It displays the compliance of application traffic with OWASP 2023 standards along with relevant details. The filter area allows selecting applications from the system. The content is updated based on the selected application.
Summary¶
It provides a general summary of OWASP categories. It presents an overview of critical and non-critical items.
Vulnerabilities¶
Categories vulnerabilities as high, medium, and low based on their numbers.
Click on a vulnerability to examine its analysis in detail.