Invicti API Security

Invicti API Security is an API security testing platform that provides discovery, vulnerability scanning, and remediation capabilities for API endpoints. The product offers multiple API discovery methods including sensorless discovery during web application scans, zero-configuration crawling for Swagger/OpenAPI specifications, direct integration with API gateways, and network traffic analysis deployment options. The platform performs vulnerability scanning with support for authentication mechanisms including tokens, cookies, and OAuth2. It tests for access control weaknesses such as Broken Object Level Authorization (BOLA), Broken Function Level Authorization (BFLA), and unauthenticated API access. The scanner includes stateful testing capabilities that infer parameter relationships to identify business logic flaws and provides coverage for OWASP API Top 10 vulnerabilities. Invicti API Security integrates with Web Application Firewalls (WAF) and Web Application and API Protection (WAAP) solutions to automate virtual patching for confirmed high-risk vulnerabilities. The platform includes AI-assisted remediation guidance for developers and maintains an internal knowledge base. It provides Application Security Posture Management (ASPM) functionality with single-pane visibility that correlates API security issues with other application security testing results. The product supports testing for APIs, web applications, and large language models within a unified platform. It includes noise suppression and deduplication features to filter repetitive alerts across multiple security tools.