We are excited to announce the updates to our DAST scanner, helping you achieve improved performance and obtain better results when testing your APIs.

What's new

• OpenAPI specification merging: Escape now supports the merging of OpenAPI Specifications. This is especially handy for specs that utilize external component references or are divided into smaller segments, commonly found in micro-services architectures.
• Simplified advanced settings: We’ve revamped the advanced configuration settings in Escape. The new user interface makes it easier to configure scan environment networks and authentication methods, complete with detailed validation logs.
• New step-by-step coverage improvements: You can now understand how to improve the scan quality, step by step. Indeed, the health score of your scanned apps is only useful if the DAST is properly configured.

Why?

Here are the key benefits of Escape's new DAST features :

• Simplified API management: Security engineers often handle complex API architectures, especially in systems designed with microservices. Merging multiple OpenAPI specifications into a single, coherent spec reduces complexity and the risk of overlooking security loopholes.
• Improved security testing accuracy: By having a unified view of the APIs, security tests can be more comprehensive, covering interactions and dependencies that may be missed when specs are scattered.
• Optimized test configurations: Security engineers can now follow step-by-step guidance to configure Escape's DAST scanner more effectively, ensuring that the setup is optimal for detecting vulnerabilities.
• Enhanced control and visibility: The enhanced UI gives security engineers better control over the scanning process and clearer visibility into the configurations, which helps in maintaining high standards of security practices across the board.

Getting started

Specification merging

• Go to your security scan -> Settings -> Schema and upload multiple OpenAPI files to merge them into a single specification:

Advanced configuration

To set up advanced configuration settings for your scans, go to your security scan -> Settings and choose a relevant tab:

You can learn more about expert usage in our documentation.

With these new updates, you should obtain better results when testing your APIs. Try it out for yourself, and let us know what you think in our Slack community!

💡 Check out more product updates below:

• API inventory – new features
• Escape Rules – our new custom security tests
• Compliance matrix

*** This is a Security Bloggers Network syndicated blog from Escape - The API Security Blog authored by Alexandra Charikova. Read the original post at: https://escape.tech/blog/dast-product-updates/