Getting Started with Escape¶
Escape helps Security Teams quickly find and protect every Web Application and API they expose, with no need for complex setup or network changes. By focusing on Security Teams in medium and large organizations, Escape addresses the unique challenges these experts face when managing large and growing technology stacks. The platform is provided as a SaaS solution and centers around three key capabilities:
- Agentless Inventory (APIs and Web Apps EASM): Automatically discovers, classifies, and tracks all application assets exposed by an organization (without the use of agents or network traffic analysis).
- Security Testing at Scale: Runs Security Testing on the application assets discovered by the Inventory.
- Modern DAST in CI/CD (Dynamic Application Security Testing): Runs business logic security tests on APIs and Web Applications (including SPAs) and provide remediations directly in the CI/CD pipeline, starting at the development phase.
By providing full visibility and continuous testing, Escape helps organizations stay ahead of potential risks, ensuring customers gain a more complete and proactive approach to Application Security.
Escape operates outside of your stack and is safe for production environments. This external operation means there is no downtime for your applications, safeguarding both your operations and your customers.
Glossary¶
Inventory¶
The Inventory is the result of Escape's Discovery feature. The Inventory includes all identified and classified application assets (e.g., APIs, SPAs) within a specified scope, typically defined by a Domain or set of domains.
DAST¶
DAST refers to Business Logic Security Testing, performed by Escape’s DAST Proprietary Engine against a Service. It simulates realistic attack scenarios—beyond mere signature-based checks—to uncover potential vulnerabilities in an application’s logic and workflows.
Domain¶
A Domain name used as input for the Inventory process. Escape initiates its discovery by enumerating and analyzing subdomains and assets associated with this domain.
Service¶
A Service in Escape represents an applicative asset, that can be either a Single Page Application (SPA) or an Application Programming Interface (API). For APIs, one Service can include multiple Endpoints. Escape fingerprinting categorizes and tracks these Services to provide enhanced visibility and DAST testing capabilities.
Endpoint¶
An Endpoint is an actionable entry point within an API Service. For REST APIs, an Endpoint is defined by a path (URL) and method (GET, POST, etc.). For GraphQL, an Endpoint corresponds to a specific query or mutation.
Schema¶
A Schema, sometimes referred to as Documentation or Specification, is a document that defines the interface and structure of an API Service’s endpoints. Common examples include OpenAPI Specifications (formally known as Swagger), GraphQL Introspection documents, Postman Collections, etc. Schemas help standardize how Services are described, ensuring that DAST can accurately target available endpoints.
Automated Schema Generation¶
The Automated Schema Generation is the feature that powers API Discovery from Code as part of the Code-to-Cloud approach of the Escape Inventory.
Application¶
An Application is a configuration for the DAST scanning feature that includes various parameters (such as authentication details), environment settings, a schema, and the entire scan history for that application. This ensures consistency in repeated scans and helps track changes or improvements over time.
Location¶
A Location is a proxy environment through which Escape sends requests for both Inventory and DAST:
- Public Location: Hosted by Escape with a static IP, suitable for most external testing scenarios.
- Private Location: Deployed by the user within their own infrastructure to securely test internal or firewall-protected assets.
Issue¶
An Issue is a group of alerts (Vulnerability, Sensitive Data) —either from Inventory or DAST—clustered together for easier triage and management. A single Issue can represent multiple similar alerts (for example, the same vulnerability found on different endpoints of the same Service). See Vulnerability Management for more details.
Alert¶
An Alert is an individual finding (Vulnerability or Sensitive Data) from either the Inventory or DAST processes. Alerts are grouped into Issues for easier triage and management.
Sensitive Data¶
Sensitive Data represent data leaks uncovered through either the Inventory or DAST processes. Examples include secrets, PII (personally identifiable information), API keys, or any other sensitive information potentially exposed to unauthorized parties. Sensitive Data are a subset of the Data Types (or Scalars).
Index¶
Inventory¶
- Quick Start
- API Discovery from Code
- Internal Networks
- Integrations 19
- Expert Usage 4
DAST Scanning¶
- Start a new Scan
- Understanding Results
- Analyze Logs
- Schedule Scans
- DAST in CI/CD 12
- Authentication 14
- Custom Rules 7
- Expert Usage 12
- Supported Security Tests 165
Governance¶
- Vulnerability Management
- Compliance
- Reporting
- Automation & Ticketing 7
Enterprise Features¶
- Support and SLA
- Registration Requirements
- SSO and Identity Federation
- Role-Based Access Control
- Audit Logs
- Private Locations
- Deployment Options
- Rotating Encryption
- Public API