Implementing real-world authentication scenarios in your scans is now made easy

We are excited to announce our new dynamic authentication token generation feature, which helps you implement real-world authentication scenarios in your scans with just a few easy steps.

Escape's new authentication feature

This feature is available for REST and GraphQL APIs.

Supported Authentication Methods:

  • AWS Cognito
  • Basic
  • cURL & cURL Sequence
  • Digest
  • GraphQL
  • Headers
  • HTTP
  • OAuth (Client Credentials, User Password)
  • Webdriver
  • Custom workflows involving multiple HTTP requests and Webdriver actions

Why?

Static credentials could lead to incomplete and unrealistic scans, overlooking potential vulnerabilities. By automatically generating fresh credentials at the start of every DAST scan, we ensure a more dynamic and thorough assessment of your API security. This feature allows your security team to simulate different user profiles, offering a comprehensive evaluation from various security perspectives, be it administrators or standard users.

With this feature, we aim to provide you with the following benefits:

  • Generate authentication credentials automatically: Start every DAST scan with fresh, automatically generated credentials. Whether it's tokens or other forms of authentication, we've got you covered.
  • Run scans with multiple user profiles: Simulate different user levels in your scans - from admins to standard users.

We take it a step further by seamlessly integrating token generation and application into your overall security workflow. Additionally, you can

  • Track every step of the authentication process with our comprehensive logs.
  • Manage and automatically refresh tokens based on their TTL, or configure manually if needed.

Getting started

Here's how you can quickly set it up:

  1. In the left-hand sidebar, click Security Scans.
  2. Select your scan.
  3. In the scan view, click on the Settings tab.
  4. Go to Authentification under Scan configuration:
Zoom on Authentication

And that's it! Set up the authentication method that corresponds to your organization.

💡
Check out our documentation to learn more.

With this new feature, we hope you find it simpler than ever to implement real-world authentication scenarios in your scans. Try it out for yourself, and let us know what you think in our Discord community!

💡 Check out more product updates below: