Skip to content

Getting Started with Escape

Escape helps Security Teams quickly find and protect every Web Application and API they expose, with no need for complex setup or network changes. By focusing on Security Teams in medium and large organizations, Escape addresses the unique challenges these experts face when managing large and growing technology stacks. The platform is provided as a SaaS solution and centers around three key capabilities:

  • Attack Surface Management: Automatically discovers, classifies, and tracks all internal and external Assets exposed by an organization (without the use of agents or network traffic analysis).
  • Surface Scanning at Scale: Runs production-safe Surface Scanning on the Assets discovered by the ASM.
  • Modern DAST in CI/CD (Dynamic Application Security Testing): Runs business logic security tests on APIs and Web Applications (including SPAs) and provide remediations directly in the CI/CD pipeline, starting at the development phase.

By providing full visibility and continuous testing, Escape helps organizations stay ahead of potential risks, ensuring customers gain a more complete and proactive approach to Application Security.

Escape operates outside of your stack and is safe for production environments. This external operation means there is no downtime for your applications, safeguarding both your operations and your customers.

Glossary

Attack Surface Management

The ASM is the result of Escape's Discovery feature. The ASM includes all identified and classified Assets (e.g., Hosts, APIs, SPAs) within a specified scope, typically defined by a DNS or set of domains.

DAST

DAST refers to Business Logic Security Testing, performed by Escape’s DAST Proprietary Engine against a Service. It simulates realistic attack scenarios—beyond mere signature-based checks—to uncover potential vulnerabilities in an application’s logic and workflows.

Domain

A Domain name used as input for the ASM process. Escape initiates its discovery by enumerating and analyzing subdomains and Assets associated with this domain.

Asset

An Asset in Escape represents a Host, API Service, Web Applicatiom Repository, etc., The list of supported Assets is defined in the ASM documentation.

Endpoint

An Endpoint is an actionable entry point within an API Service. For REST APIs, an Endpoint is defined by a path (URL) and method (GET, POST, etc.). For GraphQL, an Endpoint corresponds to a specific query or mutation.

Schema

A Schema, sometimes referred to as Documentation or Specification, is a document that defines the interface and structure of an API Service’s endpoints. Common examples include OpenAPI Specifications (formally known as Swagger), GraphQL Introspection documents, Postman Collections, etc. Schemas help standardize how Services are described, ensuring that DAST can accurately target available endpoints.

Profile

A Profile is a configuration for the DAST scanning feature that includes various parameters (such as authentication details), environment settings, a schema, and the entire scan history for that Profile. This ensures consistency in repeated scans and helps track changes or improvements over time.

Location

A Location is a proxy environment through which Escape sends requests for both ASM and DAST:

  • Public Location: Hosted by Escape with a static IP, suitable for most external testing scenarios.
  • Private Location: Deployed by the user within their own infrastructure to securely test internal or firewall-protected assets.

Issue

An Issue is can be a Vulnerability, Sensitive Data Leak, etc, —either from ASM or DAST—clustered together for easier triage and management. A single Issue can represent multiple similar alerts (for example, the same vulnerability found on different endpoints of the same Service). See Vulnerability Management for more details.

Sensitive Data

Sensitive Data represent data leaks uncovered through either the ASM or DAST processes. Examples include secrets, PII (personally identifiable information), API keys, or any other sensitive information potentially exposed to unauthorized parties. Sensitive Data are a subset of the Data Types (or Scalars).

Index

  ASM

  •    Quick Start

  •    Asset Management

  •    Configuration Reference

  •    Integrations 19

  DAST Scanning

  •    Start a new Scan

  •    Understanding Results

  •    Schedule Scans

  •    DAST in CI/CD 10

  •    Authentication 16

  •    Frontend DAST 13

  •    API DAST 21

  •    Supported Security Tests 240

  Governance

  •    Vulnerability Management

  •    Compliance

  •    Reporting

  •    Automation & Ticketing 7

  Tooling

  •    Escape MCP Copilot

  •    Public API

  •    Escape CLI

  •    Public Locations

  •    Private Locations 13

  Enterprise Features

  •    Support & SLA

  •    SSO & Identity Federation

  •    Role-Based Access Control

  •    Audit Logs

  •    Rotating Encryption

  •    Private Tenant