Susanoo is a REST API security testing framework.
- Configurable inputs/outputs formats
- API Vulnerability Scan: Normal scanning engine that scans for IDOR, Authentication issues, SQL injections, Error stacks.
- Smoke Scan: Custom output checks for known pocs can be configured to run daily.
Types of Scans:
* API Vulnerability Scan
- ** Scans for following bugs:
- *** Indirect Object References
- *** Authentication issues
- *** SQL injections
- *** Error stacks
* Smoke Scan
- ** A known Proof-of-concept can be configured to run daily/weekly etc.
Πηγή : securityonline