.svg)
Unlike other DAST tools, Escape doesn’t treat GraphQL as just another HTTP API. We developed a unique, in-house Dynamic Security Scanner that is native to GraphQL and fully embraces its recursive nature.
While other tools will miss the real risk, Escape helps your team find and fix your most critical issues in GraphQL applications, including access control flaws and IDORs in deeply nested resolvers.
• Ensure your applications are free from GraphQL-specific issues, including batching, aliasing and deeply nested access control flaws
• Test the security of your GraphQL applications, including those built on Apollo GraphQL, GraphQL Yoga, and more, natively
• Find and fix business logic flaws, BOLAs and IDORs, maximize coverage, and reduce noise with our business-logic approach to testing
• Avoid recurring complex issues by adding custom rules and tests that are tailor made to your business flows
• Setup authenticated testing instantly with our built-in authentication system. SSO, MFA and browser-based authentication included
• Fix and triage issues efficiently thanks to contextual risk scoring and automated removal of false positives
• Empower developers to fix issues quickly with auto-generated code remediations
• Test private and internal apps easily with Private Locations
• Get compliance reports and track compliance with industry benchmarks and other controls, such as OWASP Top 10, PCI DSS, and SOC 2
• Avoid alert fatigue with contextual risk prioritization and scoring
• Export reports for executives, customers or technical staff
• Incorporate GraphQL security tests into your CI pipelines for early issue detection, prevention, and remediation
• Leverage our integrations with popular CI providers (GitHub, GitLab, Jenkins, CircleCI, Azure DevOps) and collaboration tools (Slack, Jira) to merge workflows and avoid context-switching
• Connect to any tool and automate any workflow with our full-featured public API and CLI
%20(1).png){kind=logo}
