Test Library

Akto offers you the ability to add your own tests as YAML files, hence, allowing you to execute your personalized tests alongside the automated tests developed by Akto against your API collections. This functionality streamlines the testing process and increases the efficiency of identifying and addressing potential security vulnerabilities in your APIs.

What is Akto's Test Library?

Akto's test library is an extensive collection of tests that allows for security testing without writing code. It is a useful resource for testers who want to quickly select from various test scenarios to test different parts of software or systems. This approach saves time and ensures a more efficient testing process.

Why Test Library is Needed?

A Test Library is essential for several reasons:

  • Time Efficiency: Security engineers can easily select from various pre-existing test scenarios, avoiding the time-consuming task of creating security test cases from the initial phase.

  • Focused Testing: You can target a particular API or a set of APIs (workflow) for security testing.

  • Enhanced Productivity: By leveraging the Test Library, security engineers can optimize their efforts, ensuring a more efficient and thorough testing process.

Today we have the following test categories in our library, each one having multiple tests:

1. Broken Object Level Authorization (BOLA)

2. Cross-Origin Resource Sharing (CORS)

3. Broken User Authentication (BUA)

4. Misconfigured HTTP Headers (MHH)

5. Verbose Error Messages (VEM)

6. Server Side Request Forgery (SSRF)

7. Unnecessary HTTP Methods (UHM)

8. Mass Assignment (MA)

9. Security Misconfiguration (SM)

10. Lack of Resources & Rate Limiting (RL)

11. Server Version Disclosure (SVD)

12. Server Side Template Injection (SSTI)

13. Local File Inclusion (LFI)

14. Command Injection

15. CRLF Injection

16. Cross-site scripting (XSS)

Our methodology of building the test library: We are building the test library keeping in mind the needs of our users. Our users care about covering OWASP Top 10 APIs and all the new critical vulnerabilities. Additionally, if we see our users creating custom tests that are also valuable for other members, we add those tests to our test library and make them available to everyone.

For more information on how to contribute to the test library, please refer to this documentation- Contribute to Test Library.

Last updated