The Tinfoil Security API Scanner is able to detect vulnerabilities in any API, including web-connected devices such as mobile backend servers, IoT devices, as well as any RESTful APIs. The few tools that are currently available lack coverage depth in API security, or are focused on acting as a firewall or unintelligent fuzzer. Vulnerabilities focused on authorization and access control concerns, or even web-like vulnerabilities, like XSS, manifest in different ways and with different exploitation vectors than they do for web applications. The security concerns for an API are fundamentally different from those for web applications. Our API scanner has been built, from the ground up, to focus on APIs specifically, rather than jury-rigging a web application scanner to be able to handle APIs half-well. Your DevOps team can find and fix vulnerabilities in APIs they’re building as a seamless part of their current development process, with no additional burden. Development and DevOps teams become the critical first line of defense, increasing bandwidth for security teams to focus on strategic security initiatives, as discussed earlier.
Press and media coverage