APIs, similar to web applications, can consist of almost entirely the same exploits and vulnerabilities. With the use of single-page apps, and mobile applications, APIs are frequently the first element of your infrastructure a user will interact with. Whilst this is true, APIs are consistently considered backend services, and often not included in standard penetration testing scopes for solutions.
Whilst the complexity of the logic that APIs implement is frequently less than that of a full webpage, the implementation of access controls and input validation is still a significant concern. Furthermore, the use of the data must also be considered, with the possibility for output data to be used in a vulnerable context, resulting in a vulnerability.
The Salus approach to API testing is a collaborative one, where, if possible, the API is tested within the context of the data being used, such that all vulnerabilities and secondary systems affected by an exploit can be evaluated.
Whatever you're protecting, we apply defence grade cyber security skills whilst taking into consideration the realities of day-to-day business operations. We help our customers to address their known - and their unknown - cyber risks.
At our core, we believe in the power of personalised guidance. Whether you have questions or feedback, we're here to listen and support you every step of the way. Reach out via the form and we will be in touch as soon as possible.