Check out the OpenAPI spec https://jsonapi.org/format/. One advantage is that you can use the spec to generate both client and server-side code, see https://deliveroo.engineering/2022/06/27/openapi-design-first.html for example. If you're looking for inspiration, there's a ton of OpenAPI links at https://apirank.dev/. - Source: Hacker News / 8 months ago

Tl;dr we (Escape) have updated our ranking of 7000+ public APIs according to security, performance, reliability, and design criteria. The results are public on APIrank.dev. You can also request to index your own API for free and see how it compares to others. - Source: dev.to / about 1 year ago

Two weeks ago, we released apirank.dev, the result of extensive research on public APIs on the internet, conducted at an unprecedented scale using our feedback-driven API exploration technology. Source: about 1 year ago

Tl;dr we (Escape) scanned 5651+ public APIs online with our in-house feedback-driven exploration tech and ranked them using security, performance, reliability, and design criteria. The results are public on APIrank.dev. You can also request to index your own API for free and see how it compares to others. Source: about 1 year ago

Detectify once made an offer of making free scans which I took them up on. There are plenty of free Content Security Policy (CSP) and other vulnerability checkers around such as Observatory or Pentest. Shields UP!! Will identify which ports you have open. Source: 7 months ago

Detectify | Community Manager, Crowdsource | REMOTE (Offices in Boston, US & Stockholm, Sweden. We help with relocation if wanted) https://detectify.com/ We are a cyber security company in the industry, and more specifically the EASM (External Attack Surface Monitoring) space by automating and scaling the knowledge of hundreds of ethical hackers through our SaaS platform. Currently through our unique to Detectify... - Source: Hacker News / over 2 years ago

A concept-level idea would be this: 1) For your staging/UAT environment pipeline stages, add a "DAST scan" step, eg. With Detectify (which also has an API accommodating this need) 2) I'd assume, independently from the DAST scan, you ran some tests on UAT. Allow the scan to complete during the time it takes to run your UAT tests. After that, you'll get a report (automated or not) from your scanner. 3) When... Source: almost 3 years ago

Subdomain takeover was pioneered by ethical hacker Frans Rosén and popularized by Detectify in a seminal blogpost as early as 2014. However, it remains an underestimated (or outright overlooked) and widespread vulnerability. The rise of cloud solutions certainly hasn't helped curb the spread. - Source: dev.to / about 3 years ago