EthicalCheck is a free and automated API security test service.

Since our launch a few months ago, we learned one-third of tested public-facing REST APIs have vulnerabilities that automated bots can easily exploit. EthicalCheck is a free web app that instantly detects vulnerabilities in REST APIs without coding.

How to get started

1. Go to the https://EthicalCheck.dev

2. API: Enter OpenAPI/Swagger URL and your email in the input fields provided and click the scan button.

3. Processing: Once your request is submitted. The EthicalCheck engine creates a map of all your API endpoints. It then automatically writes security tests covering the OWASP API #2. Finally, it runs the tests against your API. All tests are non-intrusive, and they only look for broken authentication issues.

4. Report: You'll receive an enterprise-grade App/API penetration test report. The test report meets SOC 2 and similar compliance mandates.

5. Bugs: The test report includes all the tested endpoints, coverage lists, exceptions, and vulnerabilities/bugs. Vulnerabilities are automatically triaged for you, which means every vulnerability has a severity, CVSS score, endpoint information, OWASP tag, etc., saving you time and resources.

Try a Sample REST APIs:

Check our sample API on the https://ethicalcheck.dev home page.
This sample API is a banking API with features like accounts, transactions, and more. It's an excellent API to learn how to detect authentication and authorization security bugs.