Vulnerability Detection in AppSentinels’ Platform

AppSentinels’ platform offers comprehensive detection of vulnerabilities, covering both the OWASP Top 10 and the OWASP API Top 10. The platform includes four core detection engines, each tailored to specific aspects of API security:

1. PassiveScan

The PassiveScan engine analyzes API traffic without sending any active requests. It detects vulnerabilities related to security misconfigurations that may expose users to browser-based risks such as:

• Cookie-related attacks (e.g., insecure flags, missing attributes)
• Cross-Origin Resource Sharing (CORS) misconfigurations

Configuration: Settings → Vulnerability Configuration → Passive Scan

2. Governance

This engine focuses on API governance and ensures adherence to organizational and security standards. It detects:

• Unauthenticated or open APIs
• Exposure of sensitive data

Configuration: Settings → Vulnerability Configuration → Governance

3. RuntimeScan

RuntimeScan identifies vulnerabilities based on real-time attack patterns observed in production environments. It detects critical issues that may require immediate developer attention, including:

• BOLA (Broken Object Level Authorization)
• SQL Injection and other input validation flaws

Developers can create actionable vulnerabilities directly from RuntimeScan findings.

Configuration: Settings → Vulnerability Configuration → Runtime Scan

4. ActiveScan

ActiveScan simulates the behavior of a security tester. It:

• Automatically generates test cases
• Injects crafted payloads into APIs
• Actively probes for vulnerabilities through controlled testing

Configuration: DAST → Configurations

These engines work together to provide layered, continuous security coverage across the full API lifecycle—from design and deployment to runtime protection.