Agentless API Attack Surface Management
API Attack Surface Management (AASM) is an agentless detection solution tailored to the API ecosystem, designed to discover all external hosts with their APIs, identify missing WAF/WAAP solutions and mitigate API Leaks
AASM is licensed based on the number of external hosts, which can be any valid subdomains with or without services. You can start a trial scan first to see which plan fits you best. Looking for more than a hundred hosts? Let’s chat about it!
Complete API Attack Surface Discovery including WAF score, API protocols & Schemas.
-
External API Hosts Discovery
APIs & Types Discovery
WAFs Discovery
API Leaks Discovery
Specific API protocols Discovery
WAF Score
API Schema Discovery
Extended support, Bug hunting services, volume discount, and DevSecOps Integrations.
Everything in Core +
Dedicated Customer Success Manager
False positive reduction
Bug hunting services included
DevSecOps Integrations
Discover all external hosts and their APIs
(including hosting e.g. CDN, IaaS, or PaaS providers)
Gain insights into the specific API protocols that your organization is using
(JSON-API, GraphQL, XML-RPC, JSON-RPC, OData, gRPC, WebSocket, SOAP, WebDav, HTML WEB and more)
Private API Schema Discovery
(E.g. Swagger/OpenAPI specifications unintentionally publicly available)
WAF Discovery
(Discovers if Web Apps and APIs are protected by WAFs/WAAPs)
WAF Score
(Assigns WAF Score based on its configuration and types of threats it can detect)
Leaked API Keys Detection
Leaked API Credentials Discovery
(User names, emails and passwords)
Leaked API Sensitive Technical Data Discovery
(API Tokens, Config files, backups, logs, source code)
Identify geolocation and data centers
API Integration
SSO
MS teams/Slack support
Email support response time
24 hours
4 hours
Dedicated Customer Success Manager
Bug hunting services included
(Bug hunting involves using penetration techniques to discover issues that scanners cannot find, or for specific compliance-related testing.)
False positive reduction
The preferred choice for Security and DevOps teams seeking unparalleled Visibility, Comprehensive API Protection, and Automated Incident Response in product security programs.
200+
Enterprise customers
80+
Integrations and platforms
20,000+
Protected apps and APIs
With Wallarm, we've been able to scale API protection to the scale we need and manage with our infrastructure as code approach.