Qualys Enhances REST API Security Testing with Swagger and OpenAPI Support
Qualys Web Application Scanning (WAS) has enhanced its REST API testing capabilities. It now supports Swagger and OpenAI, allowing for easier and more comprehensive security assessments.
Qualys WAS now supports Swagger for REST API testing. This widely-used specification describes APIs in JSON or YAML format, enabling automatic testing of endpoints for common security flaws like SQL injection or command injection.
The tool supports both Swagger 2.0 and OpenAPI 3.0, having done so since April 2020. It also supports automation of security testing in CI/CD environments using plugins like Jenkins, Bamboo, or TeamCity. This integration allows for seamless security testing in automated workflows.
OWASP Proactive Controls v2 recommends verifying security early and often in the software development life cycle. Qualys WAS aligns with this recommendation by supporting Postman Collections for functional testing of REST APIs. New informational QIDs, QID 150195 and QID 150197, have been added to Qualys WAS to support Swagger/OpenAI.
Qualys WAS's support for Swagger and OpenAI enables more efficient REST API security testing. It caters to regulated enterprises and large organizations like Humana and Banco PAN, which use it for comprehensive API and web app security integrated into automated workflows.
Read also:
- Web3 social arcade extends Pixelverse's tap-to-earn feature beyond Telegram to Base and Farcaster platforms.
- Specialist Banks Top AUTOHAUS Bankenmonitor 2025 in Customer Satisfaction
- Ford Pro Launches Customized Fleet Telematics and Dashboard Cameras
- CFS to Build First US Commercial Nuclear Fusion Plant by 2035
