The purpose of this article is to show AppSec/developers how to get started with API security scanning tool EthicalCheck and detect your leaking APIs.

Why API leaks are a common problem. Most web and mobile are security tested at some point but APIs hardly get any attention. This means you may have leaking APIs that are live and in production.

Detecting your leaking API endpoints is very simple if you’re using the free tool. All you need is your API OpenAPI Specification/Swagger URL and get instant report.

EthicalCheck - Visit the GitHub page to run your free scan:
https://apisec-inc.github.io/pentest/

About me: I write, review, and build API security tools and best practices.