►
From YouTube: DAST REST API Scans
Description
A brief introduction to a DAST API scan, and a demonstration of how to configure DAST to scan your API.
A
Hi
I'm
cam
and
engineer
in
the
secure
section
today,
I'd
like
to
show
you
how
to
configure
a
dust
restful
api
scan
a
challenge
with
the
restful
api
is,
is
they
cannot
be
spotted
like
normal
websites?
This
makes
it
hard
for
tools
like
dust
to
understand
the
attack
surface
of
a
website.
A
dust
api
scan
solves
this
challenge
by
using
an
open
api
specification
when
the
scan
runs,
the
specification
is
imported
and
passed.
A
A
The
open
API
specification
for
the
REST
API
is
as
follows.
You
can
see
it.
It
defines
a
host
as
well
as
all
of
the
endpoints
that
the
API
exposes
that
supports
open,
API
versions,
2
and
3,
and
compiles
the
file
as
JSON
or
yeah
more
formats
to
configure
a
dest
scan.
First,
we
need
to
let
us
know
the
URL,
where
the
specification
is
hosted
using
the
dust'
api
specification
variable
as
the
host
important
specifications
are
often
hard-coded.