Snyk API & Web

Snyk API & Web is a dynamic application security testing (DAST) solution that scans live-running APIs and web applications for vulnerabilities. The product features a 0.08% false positive rate and can detect over 30,000 potential vulnerabilities across 115 different types applicable to APIs. The scanner includes an AI-powered API security testing engine that maps API attack surfaces and automates vulnerability scanning. For web applications, it uses a Headless-Chrome-based spider to crawl and index JavaScript applications and single-page applications (SPAs). The product provides asset discovery capabilities to identify FQDNs and services running in infrastructure, performing regular scans to catalog the attack surface. It supports authenticated scans for applications using SSO or OpenID Connect, and offers customizable scanning configurations including scheduled scanning, partial scanning, incremental scanning, and scanning behind firewalls. Findings include evidence-based reporting with context and proof of vulnerabilities, along with detailed fix guidance based on identified technologies. The solution maintains a proprietary vulnerability database and provides compliance reports for standards including PCI DSS, SOC 2, HIPAA, ISO 27001, GDPR, and OWASP Top 10. The product offers API and CLI access for integration into CI/CD pipelines and supports recurring scans. It includes features for team management with custom roles and permissions, SSO support, and the ability to pause and resume scans.