Introducing Cloudflare’s Web and API Vulnerability Scanner (Open Beta)
Cloudflare is launching the Open Beta of the Web and API Vulnerability Scanner for all API Shield customers. This new, stateful Dynamic Application Security Testing (DAST) platform helps teams proactively find logic flaws in their APIs.
The initial release focuses on detecting Broken Object Level Authorization (BOLA) vulnerabilities by building API call graphs to simulate attacker and owner contexts, then testing these contexts by sending real HTTP requests to your APIs.
The scanner is now available via the Cloudflare API. To scan, set up your target environment, owner and attacker credentials, and upload your OpenAPI file with response schemas. The scanner will be available in the Cloudflare dashboard in a future release.
Access: This feature is only available to API Shield subscribers via the Cloudflare API. We hope you will use the API for programmatic integration into your CI/CD pipelines and security dashboards.
Documentation: Refer to the developer documentation to start scanning your endpoints today.
Source: Cloudflare
Latest Posts
- Power Platform admin center – Environments page updates [MC1226444]
- Amazon CloudWatch now supports ingesting Security Hub CSPM findings with organization-wide enablement
- Amazon Location Service now supports GrabMaps with enhanced APIs for Southeast Asia
- Amazon S3 Express One Zone now supports request metrics in Amazon CloudWatch
![(Updated) Microsoft Viva: Viva Glint – Survey Designer Role [MC1218413]](https://mwpro.co.uk/wp-content/uploads/2024/08/pexels-googledeepmind-25626433-150x150.webp "(Updated) Microsoft Viva: Viva Glint - Survey Designer Role [MC1218413] 6")
