Beagle Security is an automated penetration testing solution that helps you proactively hunt-to-secure your web applications and APIs from all vulnerabilities.
Use this guide below to get started with the basics of configuring API security.
Setup your first API configuration
From home dashboard:
Click on the ‘New application’ button.
In the "Project name" field, enter a new name or select an existing project.
In the "Application URL" field, enter the URL of your application.
Click the "Validate" button to verify the input URL.
If the URL is valid, click the "Continue" button to proceed.
From the Domain verification tab:
Choose one of the following methods: API verification, file verification, or DNS verification.
Once you have completed the verification, click the "Verify domain" button.
Then, click on the "Next" button to proceed.
From the API Import tab:
Choose to import your API configuration files from Beagle Security, Postman, Swagger, or configure a new custom API.
If you choose the 'custom API', click on the "API configuration" button to access the dedicated configuration menu.
For more information on configuring a custom API, refer to the help documentation on custom API configuration.
Configuring assets and whitelisting IPs:
Subdomains of your application will be listed in the assets tab.
You can add new assets or remove the ones that are auto-listed.
[Please keep in mind that you are only permitted to add subdomains owned by you.]
Click the ‘Save’ button to confirm your changes.
Click the ‘Next’ button to proceed to the next step.
💡To ensure that the test functions properly, you need to add the provided list of IPs to your firewall or IP blocking rules (if your application has one). This will allow the test to run without interference from any security measures you have in place.
Here's how to do it:
Copy the IPs that are listed.
Follow the instructions for your firewall to add the IPs to the rules.
Save the changes to the firewall rules.
Start the test
Click on the 'Start test' button
Click on the 'Finish' button to start the test.