All Categories API Security Testing How to start API security testing on Beagle Security?

How to start API security testing on Beagle Security?

By Deepraj R
December 19, 2022

Getting started 

Beagle Security is an automated penetration testing solution that helps you proactively hunt-to-secure your web applications and APIs from all vulnerabilities.

Use this guide below to get started with the basics of configuring API security. 

Setup your first API configuration 

Create application: 

From home dashboard:

basic-api_create-application.png

  • Click on the ‘New application’ button. 

  • Select ‘API’ 

  • In the "Project name" field, enter a new name or select an existing project. 

  • In the "Application URL" field, enter the URL of your application. 

  • Click the "Validate" button to verify the input URL. 

If the URL is valid, click the "Continue" button to proceed. 

Domain verification:

From the Domain verification tab:

basic-api_domain-verification.png

  • Choose one of the following methods: API verification, file verification, or DNS verification. 

  • Once you have completed the verification, click the "Verify domain" button. 

  • Then, click on the "Next" button to proceed. 

API import:

From the API Import tab: 

basic-api_API-import.png

  • Choose to import your API configuration files from Beagle Security, Postman, Swagger, or configure a new custom API. 

  • If you choose the 'custom API', click on the "API configuration" button to access the dedicated configuration menu. 

    For more information on configuring a custom API, refer to the help documentation on custom API configuration.

Configuring assets and whitelisting IPs: 

Assets:basic-api_configuration_asset-discovery.png

Subdomains of your application will be listed in the assets tab. 

  • You can add new assets or remove the ones that are auto-listed.  

[Please keep in mind that you are only permitted to add subdomains owned by you.] 

  • Click the ‘Save’ button to confirm your changes. 

  • Click the ‘Next’ button to proceed to the next step. 

IP whitelisting:

💡To ensure that the test functions properly, you need to add the provided list of IPs to your firewall or IP blocking rules (if your application has one). This will allow the test to run without interference from any security measures you have in place. 

basic-api_configuration_ip-white-listing.png

Here's how to do it: 

  • Copy the IPs that are listed. 

  • Follow the instructions for your firewall to add the IPs to the rules. 

  • Save the changes to the firewall rules.

    Start the test

    basic-api_start-test.png

    • Click on the 'Start test' button 

    • Click on the 'Finish' button to start the test. 

Was this article helpful?