Key Concepts in Aptori

Aptori is designed to be easy to use, rapidly assisting you in testing your code, containers, applications, and APIs, as well as fixing any identified vulnerabilities. Below is an overview of key concepts in the Aptori platform.

Asset Organization

Assets

Aptori maintains an inventory of all of your APIs.

Assets represent the applications, code repositories, and APIs that must be tested and secured. Aptori maintains an inventory of all assets, categorizing each by type.

Projects

Assets are organized into Projects

Projects serve as containers for multiple assets, allowing you to manage them efficiently. Each project can include assets of various types, and every asset must belong to a project.

To add an asset to the inventory, simply select a project and associate the asset with it.

Security Analysis

Runs

Every security analysis performed in Aptori is recorded as a run.

A run uncovers vulnerabilities and defects in your assets.
The run results document all findings and provide a vulnerability assessment for each asset and operation.
For applications and APIs the run results provide detailed insights into each API operation.

Findings

Every identified defect is classified as a finding.

Aptori autonomously detects security vulnerabilities. Findings include:

Configuration, Code or Sequence of operations as evidence.
Reproduction scenarios and mitigation guidance.
Automatic classification using the MITRE Common Weakness Enumeration (CWE) framework, with assigned severity levels.

Issues

Issues group related findings together, reducing complexity and improving manageability.

Aptori automatically collates findings across multiple runs into actionable Issues, ensuring that you track a few key issues rather than hundreds of individual findings.

In Aptori, Issues are fully actionable, allowing you to:

Triage and adjust risk profiles.
Assign Issues to team members.
Export Issues to JIRA.
Mark Issues as false positives if needed.

SDLC Integration

Aptori seamlessly integrates into the Software Development Life Cycle (SDLC) to ensure security is embedded throughout development, testing, and deployment. By integrating Aptori into the SDLC, teams can proactively detect and remediate vulnerabilities before they reach production, improving security posture without slowing down development.

Aptori in Continuous Integration (CI)

To maximize the benefits of Aptori, you can run detection agents as part of your continuous integration (CI) pipeline. This allows teams to receive immediate feedback on every code change, preventing vulnerabilities from being introduced into production.

By running Aptori on every merge request, Aptori helps:

Detect security vulnerabilities early in the development process.
Identify functional defects in API implementations.
Reduce remediation time by pinpointing the exact code change that introduced an issue.

CI Platform Compatibility

Aptori detection agents can be executed in any CI platform, making integrating with your existing DevOps workflows easy. Aptori provides detailed guides for:

GitHub Actions
GitLab CI/CD
Jenkins
Azure DevOps

Environments

Environments act as virtual spaces for isolating and managing issues.

To facilitate security analysis across different deployment categories, Aptori allows users to create Environments.

Views in Aptori can be filtered by Group, Project and Environment, enabling users to focus on specific security results.

Role-Based Access Control (RBAC) in Aptori

User Roles

Aptori supports the following user roles:

Owner: Full administrative rights, including user management and configuration settings.
Member: Limited management access within assigned projects and assets.
Developer: Can access and analyze assets but has restricted administrative permissions.
Guest: Read-only access to view reports and findings.

Groups

In Aptori, you can create groups and assign users to them.

Each user within a group has a designated role (Owner, Member, Developer, or Guest).
Owners can add members to the group.
Members can manage the assets within the group.