Zero configuration needed
With Escape, you can get started directly after registering. Our tool automatically detects vulnerabilities in your GraphQL APIs with no effort on your side.
- Minimal setup, meaning you can start your first scan in just 1 minute.
- No need for a dedicated team, making it easy for any company to implement API security without the need for extensive IT involvement.
- Suitable for non-tech companies and any organization that wants to ensure their APIs are secure.
- Automated detection and detailed remediation strategies of vulnerabilities, making it easy for your team to fix the security issues.
Continuous security with
scans in CI/CD
scans in CI/CD
Escape allows you to integrate security scans into your CI/CD pipeline with minimal setup, ensuring that security issues are identified and addressed before they reach production.
- Our platform can be easily integrated into your existing CI/CD pipeline (Github Actions, Gitlab CIs, etc.), enabling you to set it up easily.
- By identifying and addressing security issues during the development and staging stages, you can block deployments containing issues to ensure that they never reach production.
- Security alerts will be directly reported in your CI/CD platform, making it faster than ever to address them.
Quick fixes with tailored remediations
Escape provides tailored and actionable remediation guidance, to help you fix vulnerabilities in your GraphQL APIs. Our platform analyzes your API and provides detailed instructions on how to implement the fix.
- Personalized remediation guidance, tailored to your specific GraphQL engine, ensuring that the guidance is accurate and relevant.
- The guidance includes detailed instructions on how to implement the fix, including the specific path and parameters to replicate the vulnerability, making it easy for developers to understand and implement the fix.
- Our platform allows to export reproducible queries for developers to test the fix, ensuring that the vulnerability has been fully addressed.
Stay up-to-date with API discovery & inventory
Our platform's broad discovery capabilities automatically and continuously discover all of your GraphQL APIs, and zombie content.
- Discover all existing GraphQL APIs on your domain, including undocumented, shadow and zombie APIs that may present a risk to your organization.
- Detect zombie operations and objects in your schema that may no longer be in use but still present a vulnerability.
Secure your data with PII and sensitive data leaks detection
Escape helps you identify and secure PII and sensitive data exposure in your GraphQL APIs. Our platform's finds any suspicious data leak in a large spectrum of data types, providing you with a complete catalog of leaked sensitive information.
- Identify PII and sensitive data such as IBANs, Passwords, emails, and other sensitive information.
- Uncover common and proprietary sensitive data, such as tokens, ip adresses, API secrets, etc.
- Be alerted when new instances of sensitive data are found, ensuring that vulnerabilities are addressed as soon as they appear.
- Escape shows you where the sensitive data is coming from, making it easy for developers to fix and reduce exposure.
Test granular access control with custom authorization
Escape helps you prevent account takeovers and access control in your GraphQL APIs. Our platform allows you to create multiple instances of an application, each with its own authentication settings, so we can test for authenticated vulnerabilities and ensure that only authorized users have access to sensitive data.
- Create multiple instances of an application with different authentication settings, including custom authorization headers.
- Search for vulnerabilities within queries only with the read mode or for queries and mutations with the read & write mode.
- Identify potential account takeover vulnerabilities and take action to prevent them before they can be exploited by attackers.
Compliance and security reports
Escape helps you ensure compliance with industry standards such as OWASP API Security Top 10 and PCI DSS for your GraphQL APIs. Our platform analyzes your APIs and generates detailed reports, providing you with a clear understanding of your compliance status and areas for improvement.
- Calculate compliance with industry standards such as OWASP API Security Top 10 and PCI DSS.
- Generate PDF reports that clearly outline your compliance status and areas for improvement.
- Get a security score from F to A+ attributed to your application, providing a clear and easy-to-understand raking of your API's security compared to other GraphQL APIs.
- Stay up-to-date on the latest compliance requirements, with automatic updates as standards evolve.
- Meet regulatory requirements and protect sensitive data with our robust compliance capabilities.
- Easily share compliance reports with stakeholders and regulators to demonstrate your commitment to security.
Performance and load testing
Escape helps you identify performance issues and potential Denial of Service (DoS) vulnerabilities in your GraphQL APIs. Our platform's performance testing capabilities allow you to test your APIs and identify bottlenecks, so you can optimize performance and ensure that your APIs can handle the expected load.
- Identify performance issues on specific operations and endpoints, such as slow response times.
- Conduct Denial of Service (DoS) testing to simulate high traffic scenarios and identify vulnerabilities that could be exploited by attackers.
- Monitor performance in real-time and receive alerts for any issues that arise, so you can take action quickly to prevent outages or slowdowns.
- Generate visualizations to help you understand the performance of your APIs and identify areas for improvement.