Skip to content

Welcome to Astra

Overview

REST API penetration testing is complex due to continuous changes in existing APIs and addition of new APIs. Astra can be used by security engineers or developers as an integral part of their process, so they can detect and patch vulnerabilities in the initial phase of the development cycle. Astra can automatically detect and test login & logout (Authentication API), which makes it easy for anyone to integrate this into CICD pipeline. Astra can take API collection as an input so this can also be used for testing APIs in stand-alone mode.

Attacks Performed

  • SQL Injection
  • Cross-site Scripting
  • Information Leakage
  • Broken Authentication and Session Management
  • CSRF (including Blind CSRF)
  • Rate limit
  • CORS misconfiguration (including CORS bypass techniques)
  • JWT attack
  • Open redirection