Skip to content

API DAST Parameters

Scan Parameters

Example

Here is an example of a ScanParams object:

scan:
  blocklist:
    routes:
    - path: "/a/path/to/blocklist"
      method: GET
    - path: "/another/path/to/blocklist"
      method: POST
  hotstart:
  - |-
    POST /register HTTP/1.1
    Host: example.com
    Content-Type: application/json
    Content-Length: 194

    {"my": "data"}
  - |+
    GET /users HTTP/1.1
    Host: example.com
    Content-Type: application/json
    Content-Length: 194

  profile: surface | marketing | cicd | default | deep | unrestricted
  read_only: true | false
  scalars:
    SSET:
      description: The Super Secret Example Token is internal to our company and should
        never been exposed by any APIs.
      examples:
      - SSET-ABC12
      names:
      - SSET
      - super_secret_example_token
      - SuperSecretExampleToken
      parents:
      - String
      patterns:
      - SSET-[A-Z0-9]{5}
      sensitivity: HIGH
      strategy: key_or_value_strict
      entropy: 2

BlockListParams

Property Type Default Description
mutation List[string] null
objects List[string] null
query List[string] null
routes List[BlocklistRouteRule] null
subscription List[string] null

BlocklistRouteRule

Property Type Default Description
method string null HTTP method to block or GraphQL operation name (GET, POST, query, mutation, ...).
path string null The path to block (OpenAPI path or GraphQL operation name). It can be a regex to block multiple paths. Ex: /user/.*

CustomScalarParams

Property Type Default Description
description string The description of the scalar.
entropy number null The minimum shannon entropy of the matched value.
examples List[string] null Sample values for the scalar (used in the explore phase as default values).
ignored_names List[string] null Names to ignore for the scalar.
ignored_patterns List[string] null Regex to ignore for the scalar.
names List[string] null Possible names for the scalar.
parents* List[ScalarParent] Root type the scalar is compatible with.
patterns List[string] null Potential regex-friendly values for the scalar (utilized for the checks).
sensitivity* ScalarSensitivity Data sensitivity level. Allowed values are NONE, LOW, MEDIUM and HIGH.Values MEDIUM and HIGH will serve to raise Sensitive Data issues in Escape.
strategy* MatchingStrategy The detection strategy (key_or_value by default).

ScanParams

Property Type Default Description
api_type ApiType null
blocklist BlockListParams null The operations that will be skipped by security tests. See more in the dedicated documentation section..
force_full_scan boolean null Will perform a full scan, without listening your API health and timeout. It may degrade your results quality but will unsure that all your operations are checked.
frontend_crawling_only boolean If true, only frontend crawling will be performed, while still doing security checks on API traffic.
frontend_escape_user_header boolean false If true, the frontend scan will add the x-escape-user header to the requests.
frontend_in_scope_domains List[string] null The list of domains allowed for network analysis during frontend scans. Includes organization domains by default.
frontend_integrated_authentication boolean If true, frontend scans will directly authenticate via the engine.
frontend_parallel_workers integer 5 The number of parallel workers to use for frontend scans. Maximum and default is 5. Recommended to lower this if you encounter stability issues.
frontend_prefetch_sitemap boolean true If true, the frontend scan will prefetch any available sitemaps (robots.txt, sitemap.xml, etc) and use them as a seed for the crawler.
frontend_single_page_worker boolean If true, frontend scans will be performed in a single page worker.
frontend_use_persistence boolean true If true, the frontend scan will use persistence to load discovered URLs from previous scans, to enhance crawling stability.
frontend_user_agent string null The user agent to use for frontend scans.
hotstart List[string] null Depending on your scan type (Frontend or API): List of URLs to visit, or raw queries (GraphQL, cURL, or raw HTTP) to hotstart the API exploration.
hotstart_only boolean null If true, the scan will only perform the hotstart phase and stop after.
max_duration integer null The maximum time in minutes that the scan will run for before stopping. Defaults to 30 minutes for frontend scans.
null_is_unauthenticated boolean null In order to improve error inference, on some scans we want to be able to consider that a null aswerimplies that the request should have been authenticated
profile ScanProfile default The scan profile
read_only boolean null The choosen mode for the tested API. Default mode is read-write and suited to development environment. The read_only mode is safe for production environments, but will reduce the number of tests performed and the scan coverage..
scalars Dict[CustomScalarParams] null The user's defined scalars.

ApiType

Value
API_TYPE_GRAPHQL
API_TYPE_REST

MatchingStrategy

Value
key
key_strict
value
value_strict
key_or_value
key_or_value_strict
key_strict_or_value
key_and_value_strict

ScalarParent

Value
String
Int
Float
Boolean

ScalarSensitivity

Value
NONE
LOW
MEDIUM
HIGH

ScanProfile

Value
surface
marketing
cicd
default
deep
unrestricted

Client Parameters

Example

Here is an example of a ClientParams object:

client:
  proxy:
    type: escape | http | repeater
  request_timeout: 5
  requests_per_minute: 3000

ClientParams

Property Type Default Description
discret_mode boolean null
max_requests integer null
proxy_id string null
request_timeout integer null The maximum timeout duration for each request (in seconds). See more in the dedicated documentation section.
requests_per_minute integer null The maximum number of request per minute. Which will be used on a per second window.
user_agent string null
x_tracing_header string null