FAQ

Apisec Apps is a platform offering automated API security testing solutions designed to identify vulnerabilities and enhance the security posture of APIs

Developers, security professionals, and organizations aiming to secure their APIs can benefit from Apisec Apps' automated testing and comprehensive analysis features.

To create an account, visit the Apisec Apps website and follow the registration process by providing the necessary information.

Apisec Apps offers a trial version for users to evaluate the platform's features. Details about the trial period and access can be found on the official website.

Behavior for Vulnerabilities Marked as False Positives or Risk Accepted

• False Positives – When a vulnerability is marked as a false positive, any associated issues in Jira or Azure DevOps are automatically closed.
• Risk Accepted Vulnerabilities
  • Risk acceptance does not differentiate between temporary and permanent acceptance. To accept the risk, the user must enter an end date.
  • Once this end date is reached, the consecutive scan will automatically update these vulnerabilities back to Active status.

Even though they are marked as risk accepted, they remain relevant for developers to resolve. Risk acceptance often relies on mitigating controls, and long-term resolution is still necessary.

Use-cases:

1. Marking vulnerabilities as risk accepted that are already linked to an issue tracker – The platform updates the issue tracker’s ticket description to reflect the risk acceptance details, including any comments provided, and the end date for risk acceptance.
2. Sync Issues enabled to create tickets automatically – New tickets will be created for risk accepted vulnerabilities since they remain unresolved and require eventual remediation.