Cortex CLI for API Security ↗
API Security testing is implemented in Cortex XSIAM through the Cortex CLI.
This testing evaluates APIs for vulnerabilities and misconfigurations using fuzzing techniques to ensure secure data transmission, prevent unauthorized access, and to ensure that the API behaves as expected under unexpected or malformed input.
Prerequisite
Ensure you have the required user permissions. Refer to Cortex CLI for more information
Onboard and install the Cortex CLI. Refer to Connect Cortex CLI for more information
Ensure your application exposes APIs and provides a corresponding OpenAPI Specification file
Ensure that you have installed
Java v 11and above
Authentication
The authentication file schema defines the authentication method (such as JWT, Basic) used to authorize connections to your scanned application. The following example provides configurations examples for common methods, including Basic authentication, API Keys and bearer tokens.
type: headers creds: name: <header name> value: <header value> ------------------------------------ For basic auth type: basic creds: username: {USERNAME} password: {PASSWORD} ------------------------------------ For API Keys type: headers creds: name: x-api-key value: {API key} ------------------------------------ For Bearer tokens type: headers creds: name: Authorization value: Bearer {BEARER_TOKEN}
Running API Security scans
To scan API Security, run:
./cortexcli --log-level <ERROR LEVEL> –-api-base-url <API URL> --api-key <API key from the "Authenticate" step in the CLI connector screen> --auth-id 1 api scan --api-spec-file <OPENAPI SPEC LOCATION> --scanned-app-url <BASE URL OF THE SCANNED APP> --java-location <JAVA BIN LOCATION>
Output
The API Security scan generates a detailed scan report that includes:
Findings: These include vulnerabilities and risks identified in the scanned application's APIs, such as SQL Injection, sensitive data leaks, and other issues
Errors: This section lists error responses returned by the scanned application
Metadata: Information such as runtime details, scan status (success or failure), scan duration, hostname and scan parameters
The following schema defines the structure and format of API Security scan reports.
The following is an example of API Security scan output.