The developer-first GraphQL API security testing solution powered by state-of-the-art research and technology.
Why Dynamic API Testing should be the core of your Application Security Program?
Developers update their apps every day
Behind every API resolver, there is code that is updated everyday. According to the data collected through our platform, 98% of GraphQL APIs are vulnerable. Exposing a web application to the internet comes at a risk. Deploying a flawed version of an application can have hazardous consequences on deliverability and brand image. A dynamic security testing tool that can secure an application before it reaches production will prevent these issues.
Escape keeps up-to-date with the GraphQL security ecosystem
The GraphQL security landscape evolves fast. Escape actively participates in this landscape and keeps pace: as soon as a new GraphQL vulnerability is discovered, Escape is updated with a new security check. With Escape at the core of your application security strategy, you can ship GraphQL API at the speed of modern development, confident that it is secure.
After deploying in prod it’s too late… but before, static analysis is not enough:
- Escape sees how the API behaves in its environment and simulate attack scenarios without resorting to costly pen testing, directly into the CI/CD process as early as the build.
- Escape shows alerts that represent real risks rather than simply showing issues that may pose a potential risk. Thus it is very unlikely to report false positives.
- Escape provides proof of exploit for every alert uncovered. This gives developers context, validating that the vulnerabilities really exist and making it easy to remediate.
- Escape enforces compliance of the deployed application concerning the level of security expected by the company. Prevent deployments of the application unless security risks are measured and leveraged by the developer beforehand.
Escape is the only shift-left GraphQL API security solution built with developers in mind
Escape is built by seasoned developers, for passionate developers.
- Plug & Play: 60 seconds to start your first scan
- Fast: Scans can be performed in minutes and do not impact your workflows
- CI/CD: Secure at every build so that no vulnerabilities remain in production
- Integration with favourite developer tools
- Actionable remediations with proof of exploit
- 50+ deep security tests and 150+ sensitive data types
- Support all GraphQL engines
- Fine tuning: Escape is usable out-of the box but provides dozens of fine tuning options developers love!
Escape discovers business logic vulnerabilities at ludicrous speed
Escape relies on state-of-the-art Research & Development
Escape relies on a powerful feedback-driven exploration algorithm that
can explore and understand the business logic of your API. After only a few seconds,
Escape can generate legitimate sequences of requests with payloads that
make sense and
respect the business logic
of your API in a fully automated manner.
This is Escape’s key differentiator that gives it the ability to perform
security scanning with
outstanding coverage. Escape does not require any manual configuration,
input traffic data, or an agent.
At Escape, we strive to deliver the most dev-friendly API security solution on the market, with significantly broader coverage and more relevant results than the competition, all while removing the hassle of manually updating tests as the API evolves.
Escape values research & open source community
Escape is part of the GraphQL Foundation and collaborates with the industry leaders.
Escape is a proud member of the GraphQL foundation. Read our article
Escape participates actively in the open source community.
Escape open source projects on Github
Escape discovered its own CVEs in the GraphQL ecosystem
How to pentest GraphQL? Read our article
Async GraphQL - Nested Fragment Vulnerability
Juniper - CVE-2022-31173
98% OF GRAPHQL APIs ARE
ARE YOURS ?
No credit card required. Secure your GraphQL application in 1 minute.