REST APIs Node
REST (Representational State Transfer) is an architectural style that can be used to communicate with web services.
For web services to communicate, they use SOAP or REST. SOAP is based on XML to exchange data over HTTP, allowing clients to invoke web services and have responses regardless of language and platform. While SOAP depends on complex communication, REST uses the standard HTTP methods for all four CRUD (Create, Read, Update, Delete) operations.
As web services perform their jobs in the background, their security is mostly overlooked. However, they can be used as an attacking vector by malicious hackers.
During the scan, Invicti can identify REST API or RESTful web services, listing them under the Knowledge Base panel. For further information, see Scanning a RESTful API Web Service.
Once the scan is completed, all REST APIs are listed under the REST APIs node in the Knowledge Base, highlighted in red and bold. You can access the same information in the Knowledge Base Report and Knowledge Base Tab.
Invicti forms Knowledge Base nodes on its findings. If the REST APIs node is not listed, it means that Invicti did not find any.
For further information, see Knowledge Base Nodes.
How to View the REST APIs Node in Invicti Enterprise
- Log in to Invicti Enterprise.
- From the main menu, click Scans, then Recent Scans. The Recent Scans window is displayed.
- Next to the relevant website, click Report.
- From the Technical Report section, click the Knowledge Base tab.
- Click the REST APIs node. The information is displayed in a REST APIs tab.
How to View the REST APIs Node in Invicti Standard
- Open Invicti Standard
- Start a Scan or open a previously saved scan.
- The Knowledge Base is displayed on the right of the Scan Summary Dashboard. (If it is hidden, display it again using the Knowledge Base icon on the View tab on the ribbon. Alternatively, click the Reset Layout icon on the View tab, then close the Activity/Progress/Logs panes to give maximum viewing space.)
- Ensure that the Knowledge Base Viewer is also displayed. (If it is hidden, you can display it again using the Knowledge Base Viewer button on the View tab. You may also want to close the Activity/Progress/Logs panes.)
- Click the REST APIs node in the Knowledge Base. All detected REST APIs are displayed in the Knowledge Base Viewer.