Skip to main content

AI-Driven BOLA Scenario Discovery

Open your browser and visit: https://<your-tenant>.apisecapps.com

  • Create a new application or open an existing application

  • Navigate to API Flows

    Click See More

  • Click Start AI Analysis Click See More

  • Wait for the platform to analyze your API and discover endpoint relationships.

    Click See More

  • Review the automatically identified API flows based on your application’s endpoints. These flows represent real user interactions and are used to generate BOLA scenarios for testing object-level authorization. Click BOLA tab to view the generated BOLA scenarios.

    Click See More

  • In the Needs Your Attention section, you will see the identified BOLA scenarios that require additional configuration. These scenarios are not yet ready to run in scans because required setup. To enable them for scanning, complete the necessary configuration for each scenario.

    Click See More

  • To complete the necessary configuration for the selected scenario, click Select Users

    Click See More

  • Now you will see the BOLA Configuration window.

    Click See More

  • Add Owner and Attacker users and Click "Save users"

    • Adding Owner:
      • In the Owner section, click the Add new user dropdown and select Add new user Click See More
      • Fill the details and Click "Save Authentication" Click See More
    • Adding Attacker:
      • In the Attacker section, click the Add new user dropdown and select Add new user Click See More
      • Fill the details and Click "Save Authentication" Click See More
      • Click Save Users click-save-users Click See More

  • Once the scenario is properly configured, it appears in the Active in your scans section, indicating that it is validated, enabled, and actively running in your security tests.

    Click See More

  • If a scenario is not properly configured, the Reason column will display details about what is missing or incorrectly configured.

    Click See More

    • To view or change the configuration, click Resolve

      Click See More

    • In the BOLA configuration window. Click Configure tab to review missing or incorrectly configured settings.

      Click See More

    • In the configuration window, provide the required details to complete the setup, and click Update scenario to save your changes..

      Click See More

    • Once the scenario is validated and properly configured, it appears in the Active in your scans section, indicating that it is enabled and actively running in your security tests..

    Click See More

  • To exclude a scenario from scans, turn off the Enable for scan toggle.

    Click See More

  • The scenario will be moved to the Not in scans section.

    Click See More

  • To delete a scenario, click the Delete icon for the corresponding scenario

    Click See More

  • Click Confirm to delete the scenario.

    Click See More

  • Verify that the deleted scenario no longer appears in the list.

    Click See More