Original Post: Unlock enhanced API scanning with Burp Suite | Blog
The article, written by Rob Samuels and published on 31 July 2024, highlights the importance of API scanning in modern web applications. It discusses the increasing reliance on APIs, with an average of 26 APIs per application, according to ESG research. Burp Suite has enhanced its API scanning capabilities to make the process easier, more thorough, and scalable, addressing previous challenges where API scanning was part of a wider web application crawl.
The improvements in Burp Suite include:
1. Allowing vulnerability testing without needing to host definition files.
2. Identifying accessible hosted APIs that may be vulnerable to attacks.
3. Testing a wider range of OpenAPI Specification (OAS) endpoints.
4. Scanning APIs requiring authentication.
The article also outlines future updates such as endpoint configuration, bulk uploading of API definition files, and support for SOAP API scanning. The author invites feedback through a product research survey or via email, aiming to continuously enhance the API scanning features in Burp Suite.
Go here to read the Original Post