Escape rules adapt to the evolution of your existing APIs and to your new APIs without the need to maintain them. Including adapting to database fixtures in development environment.
Easy to write
Escape rules are based on the YAML syntax. They are designed to be easy to write by security engineers, developers and site reliability engineers.
Capitalize on your pentests
Escape rules are powerful. Most of what an API pentest or a bug bounty program can find can be quickly implemented as an Escape rule for easy detection at scale, including the detection of business logic flaws.
Fast
Scanning an API with Escape rules takes minutes using the Escape platform.
Collaborative
At Escape we value open-source collaboration. If you're like us, consider sharing your templates with others to help them in running custom API security tests.
Usable in all environments
Escape rules can be run in production, preproduction, development environments as well as directly in the CI/CD to shift security left.
New to custom security tests?
Join our upcoming workshop. We'll show some concrete examples of Escape rules and guide you on how to get started.
All you have to do is log into your Escape account, go to "Custom test" tab and create a new check in yaml or json format. Don't hesitate to check our documentation how to set it up.
Can I contribute to the test database?
Yes, you can contribute to database available on the dedicated GitHub repository and view others' templates. Escape rules database will be entirely open-source. We also have a dedicated Slack community where you can ask any Escape rules' related questions!
How is it different from Nuclei?
One of the core pain points in custom test implementation with Nuclei is the maintenance of each test, to follow along the attack surface changes, whether they are pure API specification changes, or new APIs that extend your organization’s attack surface. With Escape rules, you build generic API security tests and Escape adapts them to each newly discovered API and each new version of your existing APIs.
How is it different from bChecks?
While bChecks and Escape custom tests are pretty similar on the surface, bChecks uses a more verbose language, less structured like the YAML operators (detectors/transformations) that Escape uses. The biggest difference is also in the feedback-driven exploration engine and the scalar inference system that is built into Escape, helping you cover all the routes with confidence and abstractions of data manipulated, and easily available through Custom Tests.
%20(1).png){kind=logo}
