Why Escape?

The developer-first GraphQL API security testing solution powered by state-of-the-art research and technology.
Why Escape? Because is the developer-first GraphQL API security testing solution

Why Dynamic API Testing should be the core of your Application Security Program?

Developers update their apps every day

Behind every API resolver, there is code that is updated everyday. According to the data collected through our platform, 98% of GraphQL APIs are vulnerable. Exposing a web application to the internet comes at a risk. Deploying a flawed version of an application can have hazardous consequences on deliverability and brand image. A dynamic security testing tool that can secure an application before it reaches production will prevent these issues.


Escape keeps up-to-date with the GraphQL security ecosystem

The GraphQL security landscape evolves fast. Escape actively participates in this landscape and keeps pace: as soon as a new GraphQL vulnerability is discovered, Escape is updated with a new security check. With Escape at the core of your application security strategy, you can ship GraphQL API at the speed of modern development, confident that it is secure.

After deploying in prod it’s too late… but before, static analysis is not enough:
73% of the security flaws cannot be found by dependency scanning and static code analysis solutions:
  • Escape sees how the API behaves in its environment and simulate attack scenarios without resorting to costly pen testing, directly into the CI/CD process as early as the build.
  • Escape shows alerts that represent real risks rather than simply showing issues that may pose a potential risk. Thus it is very unlikely to report false positives.
  • Escape provides proof of exploit for every alert uncovered. This gives developers context, validating that the vulnerabilities really exist and making it easy to remediate.
  • Escape enforces compliance of the deployed application concerning the level of security expected by the company. Prevent deployments of the application unless security risks are measured and leveraged by the developer beforehand.
Escape start securing your API in the development process before it's too late

Escape is the only shift-left GraphQL API security solution built with developers in mind

Escape is built by seasoned developers, for passionate developers.
Developers love Escape because it takes no time to get started, finds vulnerabilities early in CI/CD pipeline, and saves their teams months of recurring effort in securing their GraphQL APIs.
  • Plug & Play: 60 seconds to start your first scan
  • Fast: Scans can be performed in minutes and do not impact your workflows
  • CI/CD: Secure at every build so that no vulnerabilities remain in production
  • Integration with favourite developer tools
  • Actionable remediations with proof of exploit
  • 50+ deep security tests and 150+ sensitive data types
  • Support all GraphQL engines
  • Fine tuning: Escape is usable out-of the box but provides dozens of fine tuning options developers love!

Read more on our Documentaton

Escape helps developers test and secure their API at every build in the secure API development

Escape discovers business logic vulnerabilities at ludicrous speed

Escape relies on state-of-the-art Research & Development

Escape relies on a powerful feedback-driven exploration algorithm that can explore and understand the business logic of your API. After only a few seconds, Escape can generate legitimate sequences of requests with payloads that make sense and respect the business logic of your API in a fully automated manner.

This is Escape’s key differentiator that gives it the ability to perform fast, in-depth security scanning with outstanding coverage. Escape does not require any manual configuration, input traffic data, or an agent.

At Escape, we strive to deliver the most dev-friendly API security solution on the market, with significantly broader coverage and more relevant results than the competition, all while removing the hassle of manually updating tests as the API evolves.


Read more on our blog

Escape discovers business logic vulnerabilities with a robust feedback-driven exploration algorithm
Regular API Testing (bruteforce) without Escape Escape feedback Driven API Exploration with better security results and respects business logic

Escape values research & open source community

Escape is part of the GraphQL Foundation and collaborates with the industry leaders.

Escape is a proud member of the GraphQL foundation. Read our article

Escape participates actively in the open source community.

Escape open source projects on Github

Escape discovered its own CVEs in the GraphQL ecosystem

How to pentest GraphQL? Read our article

Github advisories:
Async GraphQL - Nested Fragment Vulnerability
Juniper - CVE-2022-31173

Escape is part of the GraphQL Foundation and collaborates with the industry leaders.

98% OF GRAPHQL APIs ARE VULNERABLE.
ARE YOURS ?

No credit card required. Secure your GraphQL application in 1 minute.