Have a Question About the BreachLock Cloud Platform? Enter it below.
11 July, 2020
Scanning your API Endpoints using BreachLock SaaS platform
The BreachLock API Scanning Dashboard:
Once you log into the BreachLock SaaS platform, click on the Dashboard section under API Scanning Module. ( https://app.breachlock.com)
The Dashboard page gives you a complete overview of the API Scanning module.
It gives you insightful information such as the vulnerabilities with the highest severity discovered during the scans, the total number of vulnerabilities, and patching status.
Information regarding the top unpatched vulnerabilities in your assets and the assets impacted with those vulnerabilities can all be viewed right from the Dashboard.
It also provides you a graphical representation of the monthly trend of discovered vulnerabilities to help with deducing a meaningful pattern.
Adding an asset and running scans on your API Endpoints:
You can navigate to the “Asset Management” section in the BreachLock SaaS platform to add your asset. (https://app.breachlock.com/assets/asset_management)
Once you log into the portal, you need to click on your name in the top right-hand corner and then click on “My Profile”
Once you get redirected to a new page, you can see the “Asset Management” section in the left-hand side menu.
When you navigate to the Asset Management section, you will be redirected to a new page where you will have an option to “Add New Asset.” Once you click on the “Add New Asset” option you will be taken to a new page. Fill in the required details and click on “Submit” to add your asset.
NOTE: While adding the asset, please select the “Asset Type” according to the asset and select the document type as well for the “Restful API” type asset.
Once you have selected the type of asset, documentation type and provided the “. json” file for the API, you can click on “Validate” to validate your inputs.
Once you have carefully examined the uploaded data, you can now click on “Submit” to add your asset.
Once the asset has been added, you need to head over to the “Scans” section under API Scanning Module. (https://app.breachlock.com/ApiScanning/assets/)
You can add a new scan by clicking on the “Add New Scan.”
You can schedule the automated scan to run on a monthly, weekly, or daily frequency. You can select the date and time as well as the time zone accordingly. You can also choose to run an authenticated scan
To run an authenticated scan, you can choose any of the mentioned authentication types from the drop-down under “Select Authentication Type” and provide the associated value.
Once you have added the scan, you can also use the “Run Live Scan” button if you want to run a scan immediately.
Viewing vulnerabilities discovered from the API Scans:
Once you have executed the scan and the scan is completed. You can head over to the “Vulnerability” section under API Scanning Module to view all the discovered vulnerabilities. (https://app.breachlock.com/ApiScanning/finding/)
Here you will be able to view all the vulnerabilities discovered by the scanner by severity, when the vulnerabilities were discovered, and the impacted endpoints.
You can view the complete details of vulnerability by clicking on “View vulnerability” under “Actions” or simply by clicking on the “VID number” under the “VID” column.
Downloading the API Assessment Report from the BreachLock SaaS platform:
You can download the API assessment report by clicking on the “Reports” under the API Scanning Module.
Once you click on the “Reports”, a pop-up will open where you can select to download the report in PDF or CSV format. Choose the desired option and click on “Download” to download the report.
Alerts and Notification:
You can set up an automated alert from the BreachLock SaaS platform to get notified whenever a High. Medium or a New vulnerability is discovered in any one of your assets.
To set this up head over to the “Alert” section under API Scanning Module. (https://app.breachlock.com/ApiScanning/alert/)
Here you can choose the type of vulnerability for which you would like to receive the alert via email.
Additionally, you can also set up an automated frequency in which you can receive the API Assessment Report in your registered email id. Just click on “Add report” and fill in the required details to activate this.