Skip to content

Autonomous API testing with Aptori

Aptori can explore the deep-states of your Application

Aptori is easy to use and can rapidly test your APIs. Here is an overview of some key concepts in the Aptori Platform.

Projects & APIs

Aptori maintains an inventory of all of your APIs.

To add an API to the inventory, pick the Project and add the API. Each Project can have as many APIs as you would like.

Each API is of a particular type; Aptori currently supports APIs specifications of type OpenAPI and GraphQL.

The Aptori Overview Dashboard provides a quick snapshot of the security posture of each API.

Runs

Every analysis is a unique run.

With each analysis, Aptori will uncover the defects and vulnerabilites in your APIs and produce the result as a run.

The run lists all of the defects that have been found, which we call findings. In addition, we let you know what actually happened in the analysis, the vulnerability assessment done for each API operation, and how well Aptori performed in autonomously exploring your API.

Finding

Every defect is a finding.

A finding is a defect found in an API operation. Aptori autonomously identifies functional flaws and security vulnerabilities. Aptori provides the sequence of operations as evidence and a scenario to reproduce the finding and how to mitigate the defect.

All security vulnerabilities found by Aptori are automatically classified using the MITRE Common Weakness Enumeration (CWE) database and assigned a severity.

Issue

Issues bring findings together.

Aptori automatically and intelligently collates findings across all runs into Issues. Doing this ensures that you need to track a few issues rather than hundreds of individual findings.

Furthermore, all Issues in Aptori are actionable. You can triage them, change the risk profile, assign them to team members, export them to JIRA or let the system know if a finding is a false positive.

SDLC Integration

Dev, DevOps, DevSecOps, we do it all!

Aptori can be used collaboratively by all members of your organization, whether they work as a DevOps team or as developers, Security Professionals, or QA Engineers.

To ensure that each user can run their analysis, Aptori provides you with the ability to create Environments. All views in Aptori can be filtered by Project and Environment to enable users to focus on results from a particular category of deployments.

Sift

The magic to making Aptori work is in our analysis tool called Sift.

Sift is a cross-platform CLI tool for API analysis that can be used in your CI pipeline or executed in the development environment of your choice (Mac, Linux, Windows).

Given an API definition and URL, Sift autonomously generates and executes requests to an API to discover security and functional faults.

Sift can be configured to precisely run the tests that are most important to you.

Your First Analysis

Follow the Getting Started guide to run your first analysis.