# Secure REST APIs using Akto

### Introduction

You can use Akto to help you secure your REST APIs in the CI/CD pipeline:

* Automate REST [API Inventory](#api-inventory)
* Identify [Sensitive data exposure](#sensitive-data-exposure)
* [Run test](#run-owasp-top-10-tests) for OWASP API top 10 vulnerabilities
* Write your own [custom tests for REST APIs](#custom-rest-security-tests)
* [Run tests in CI/CD](#run-tests-in-ci-cd)

### API Inventory

Akto can automatically prepare an API Inventory for REST APIs. Use one of our [traffic connectors](https://docs.akto.io/traffic-connector/traffic-data-sources) to capture API traffic. Akto will start populating API endpoints, methods, and parameters in the dashboard.

You will see a separate entry for each endpoint along with its HTTP method (GET, POST, PUT, DELETE).

Click on the API to see its request and response schema.

### Sensitive data exposure

Go to [Sensitive Data](https://docs.akto.io/api-inventory/concepts/sensitive-data) to check if your APIs are sending sensitive or PII data in the API response. You can also [configure Slack/Webhook alerts](https://docs.akto.io/api-inventory/concepts/alerts) for real-time notifications.

### Run OWASP Top 10 tests

Click on the **Run Test** button to start testing your APIs for all OWASP Top 10 and Hackerone Top 10 vulnerabilities.

Akto will automatically generate and run security tests for your API endpoints, covering risks like broken authentication, mass assignment, injection vulnerabilities, and more.

### Custom REST security tests

Using Akto's unique test editor, you can also write your own security tests for REST APIs. See instructions for custom tests [here](https://docs.akto.io/test-editor/concepts/custom-test).

There are a few REST-specific instructions you can use:

* add header
* modify parameter
* inject payload in body
* change query param

### Run tests in CI/CD

You can also automate REST API Security Testing by using our [GitHub action](https://docs.akto.io/api-security-testing/how-to/run-test) or [pre-deployment hook](https://docs.akto.io/api-security-testing/how-to/run-tests-in-cli-using-akto) to trigger tests in your CI/CD pipeline.

Feel free to write us at <support@akto.io> for any help.