Entersoft: API security testing
API security assessment

API Security

Be assured. Work with peace of mind.

Your API facilitates your every customer interaction. It is critical to secure your back-end infrastructure and authentication with the strongest defence.

Case Study

Securing a cryptocurrency exchange's API.

Cryptocurrency exchanges had been the most targeted companies in 2018. Our customer is Australia's biggest cryptocurrency exchange with over 2000 API end points. Understand how Entersoft's manual API security assessment helped the customer grow to 3500 API end points securely.

How does it work?

Offensive
Assessments
PRE-ENGAGEMENT INTERACTIONS
arrow image
1. Pre-engagement interactions

Through a pre-engagement process, we identify your core-competencies and analyze your documentation.

THREAT MODELING
arrow image
2. MAP the API & Threat Modelling

Modelling security assessments based on real-time threats, we map your API accurately using ASMX/Helpdocs etc.

STATIC ANALYSIS
arrow image
3. Static Analysis

Our whitehat hackers analyze your source code and locate exceptions, based on CERT secure standards. This process will expose any vulnerabilities or sensitive information that might be exploited by malicious attacks.

DYNAMIC ANALYSIS
arrow image
4. Dynamic Analysis

We then perform a vulnerability test based on REST OWASP API Security project, and evaluate the extent to which the identified bugs could cause losses, and recommend steps to reproduce the bugs.

BUSINESS LOGIC FLAW TESTING
arrow image
5. Business Logic Flaw testing

Every business is different and so are its vulnerabilities. We run comprehensive tests to locate logic flaws in your IT processes that could potentially affect your security.

REPORTING
arrow image
6. Reporting

We complete the cycle with the delivery of a comprehensive API security assessment report and work with your development team to fix vulnerabilities.