Vulnerability Detection in AppSentinels’ Platform

AppSentinels’ platform offers comprehensive detection of vulnerabilities, covering both the OWASP Top 10 and the OWASP API Top 10. The platform includes four core detection engines, each tailored to specific aspects of API security:

1. PassiveScan

The PassiveScan engine analyzes API traffic without sending any active requests. It detects vulnerabilities related to security misconfigurations that may expose users to browser-based risks such as:

Configuration: Settings → Vulnerability Configuration → Passive Scan

2. Governance

This engine focuses on API governance and ensures adherence to organizational and security standards. It detects:

Configuration: Settings → Vulnerability Configuration → Governance

3. RuntimeScan

RuntimeScan identifies vulnerabilities based on real-time attack patterns observed in production environments. It detects critical issues that may require immediate developer attention, including:

Developers can create actionable vulnerabilities directly from RuntimeScan findings.

Configuration: Settings → Vulnerability Configuration → Runtime Scan

4. ActiveScan

ActiveScan simulates the behavior of a security tester. It:

Configuration: DAST → Configurations

These engines work together to provide layered, continuous security coverage across the full API lifecycle—from design and deployment to runtime protection.