Why Escape?

The developer-first GraphQL API security testing solution powered by state-of-the-art research and technology.
Why Escape, product page illustration

Why Dynamic API Testing should be the core of your Application Security Program?

Developers update their apps every day

Behind every API resolver, there is code that is updated everyday. According to the data collected through our platform, 98% of GraphQL APIs are vulnerable. Exposing a web application to the internet comes at a risk. Deploying a flawed version of an application can have hazardous consequences on deliverability and brand image. A dynamic security testing tool that can secure an application before it reaches production will prevent these issues.


Escape is the state-of-the-art of the GraphQL security ecosystem

The GraphQL security landscape evolves fast. Escape actively participates in this landscape and keeps pace: as soon as a new GraphQL vulnerability is discovered, Escape is updated with a new security check. With Escape at the core of your application security strategy, you can ship GraphQL API at the speed of modern development, confident that it is secure.

After deploying in prod it’s too late… but before, static analysis is not enough:
73% of the security flaws cannot be found by dependency scanning and static code analysis solutions:
  • Escape sees how the API behaves in its environment and simulate attack scenarios without resorting to costly pen testing, directly into the CI/CD process as early as the build.
  • Escape shows alerts that represent real risks rather than simply showing issues that may pose a potential risk. Thus it is very unlikely to report false positives.
  • Escape provides proof of exploit for every alert uncovered. This gives developers context, validating that the vulnerabilities really exist and making it easy to remediate.
  • Escape enforces compliance of the deployed application concerning the level of security expected by the company. Prevent deployments of the application unless security risks are measured and leveraged by the developer beforehand.
Escape start securing your app in the development process before it's too late

Escape is the only shift-left GraphQL API security solution built with developers in mind

Escape is built by seasoned developers, for passionate developers.
Developers love Escape because it takes no time to get started, finds vulnerabilities early in CI/CD pipeline, and saves their teams months of recurring effort in securing their GraphQL APIs.
  • Plug & Play: 60 seconds to get started and get the first results with no configuration
  • Fast: Scans can be performed in a few minutes
  • CI/CD: Secure at every build so that no vulnerabilities remain in production
  • Integration with favourite developers’ tools: streamline incident response and investigations.
  • Actionable remediations with proof of exploit
  • More than 50+ advanced security checks and 150+ sensitive data types
  • Compatible with all GraphQL engines
  • Fine tuning: Escape is usable out-of the box but provides dozens of fine tuning options developers love!

Read more on our Documentaton

Escape discovers business logic vulnerabilities at ludicrous speed

Escape relies on state-of-the-art Research & Development

Escape relies on a powerful feedback-driven exploration algorithm that can explore and understand the business logic of your API. After only a few seconds, Escape can generate legitimate sequences of requests with payloads that make sense and respect the business logic of your API in a fully automated manner.

This is Escape’s key differentiator that gives it the ability to perform fast, in-depth security scanning with outstanding coverage. Escape does not require any manual configuration, input traffic data, or an agent.

This technology enables Escape’s platform to be the most dev-friendly API testing solution on the market, with significantly broader and more relevant results than the competition, faster, all while removing the hassle of manually updating tests as the API evolves.


Read more on our blog

Regular API Testing (bruteforce) without Escape Feedback Driven API Exploration with Escape

State-of-the-art GraphQL security research & open source community

Escape is part of the GraphQL Foundation and collaborates with the industry leaders.

Escape is a proud member of the GraphQL foundation. Read our article

Escape participates actively in the open source community.

Escape open source projects on Github

Escape discovered its own CVEs in the GraphQL ecosystem

How to pentest GraphQL? Read our article

Github advisories:
Async GraphQL - Nested Fragment Vulnerability
Juniper - CVE-2022-31173

Get started for free

No credit card required. Secure your GraphQL application in 1 minute.