Get Beta Access to Akto LLM Security 🚀

Join Beta now

Get Beta Access to Akto LLM Security 🚀

Join Beta now

Get Beta Access to Akto LLM Security 🚀

Join Beta now

We use cookies to enhance your experience. Learn more.

We use cookies to enhance your experience. Learn more.

We use cookies to enhance your experience. Learn more.

Products

Pricing

Test Library

Solutions

Resources

See docs

Start free

Open Source
API Security in CI/CD

Discover all your APIs and find vulnerabilities by running 100+built-in tests. Write custom tests and automate your API Security Testing.

Start free in 60 seconds

Start free in 60 seconds

Book a demo

Book a demo

Loved by Security Engineers

Loved by Security Engineers

Loved by Security Engineers

Oleg Gryb

Ex-Chief Security Architect,
Stripe

Conceptually you’ve got it right: API inventory, templates, discovery through traffic mirroring, retesting and collaboration tools for the whole red team.

Avinash Jain

Security,
Microsoft

Akto is a remarkable security software - a beast in API security.

Rohit Sehgal

Security Engineer,
Ethos

They have good business logic tests like BOLA and other OWASP categories, some 100+ tests.

Pulkit Garg

Product security engineer,
Atlassian

Akto.io is a game-changing tool that makes it easy to manage your API inventory and secure your APIs from a wide range of security threats.

Farah Hawa

Security Analyst,
Meta

I recently came across Akto- it’s an open source API security product which can do this & it also has 100+ security tests for bugs like IDOR and SSRF.

Ross Haleliuk

Lead,
Venture in Security

Akto just open sourced their API security startup - Akto.io. There are over 100+ tests which anyone can contribute to in Github

Oleg Gryb

Ex-Cheif Security Architect,
Stripe

Conceptually you’ve got it right: API inventory, templates, discovery through traffic mirroring, retesting and collaboration tools for the whole red team.

Avinash Jain

Security,
Microsoft

Akto is a remarkable security software - a beast in API security.

1

Discover

Discover

Discover

Discover all your APIs

You can discover all your APIs in any format REST, GraphQL, gRPC, JSONP in real time. End to end API Security Monitoring

  • Azure

    AWS EKS

    Go

    Burp suite

    eBPF

  • Kong

    Amazon web services

    Postman

    NGINX

  • Kubernetes

    AWS ECS

    AWS Fargate

    Java

  • Envoy

    Python

    Google cloud platform

    Nodejs

Connect to anything for API Security monitoring

Connect to anything for API Security monitoring

Akto comes with 10+ connectors for your API Security Monitoring including AWS, GCP, EBPF, Postman, Burp extension, NGINX, Kong.

Akto comes with 10+ connectors for your API Security Monitoring including AWS, GCP, EBPF, Postman, Burp extension, NGINX, Kong.

Know when API changes

Know when API changes

Know when API changes

No need to worry about asking developers for new APIs. Akto will alert you for all new APIs to manage your API security risks.

No need to worry about asking developers for new APIs. Akto will alert you for all new APIs to manage your API security risks.

Find sensitive data exposure

Find sensitive data exposure

Find sensitive data exposure

Know as soon as a developer adds a sensitive param. Akto has a list of 100+ sensitive data types to highlight api security risks.

Know as soon as a developer adds a sensitive param. Akto has a list of 100+ sensitive data types to highlight api security risks.

2

2

2

Test

Test

Test

Test your APIs for vulnerabilities

100+ built-in tests covering OWASP Top 10, HackerOne top 10 and all the business logic vulnerabilities for your API Security testing needs

All

OWASP top 10

Hackerone top 10

Business logic

  • SSRF

    2 tests

  • Rate limiting

    2 tests

  • Security missconfiguration

    86 tests

  • Mass assignment

    3 tests

  • INJECTION

    5 tests

  • Improper Assets Management

    4 tests

  • BOLA

    6 tests

  • BUA

    4 tests

  • Excessive data exposure

    30 tests

  • BFLA

    5 tests

  • JWT

    4 tests

  • Unsafe APIs consumption

    4 tests

  • SSRF

    2 tests

  • Rate limiting

    2 tests

  • Security missconfiguration

    86 tests

  • Mass assignment

    3 tests

  • INJECTION

    5 tests

  • Improper Assets Management

    4 tests

  • BOLA

    6 tests

  • BUA

    4 tests

  • Excessive data exposure

    30 tests

  • BFLA

    5 tests

  • JWT

    4 tests

  • Unsafe APIs consumption

    4 tests

OWASP top 10

Hackerone top 10

Business logic

  • SSRF

    2 tests

  • Rate limiting

    2 tests

  • Security missconfiguration

    86 tests

  • Mass assignment

    3 tests

  • BUA

    4 tests

  • Excessive data exposure

    30 tests

  • BOLA

    6 tests

  • BFLA

    5 tests

  • Unsafe APIs consumption

    4 tests

150 + Built-in API Security tests

150 + Built-in API Security tests

150 + Built-in API Security tests

Use API vulnerability scanner to schedule scans for your APIs with Akto's 100+ and growing tests

Use API vulnerability scanner to schedule scans for your APIs with Akto's 100+ and growing tests

Try now

Try now

Write your own API Security tests

Write your own API Security tests

Write your own API Security tests

Create your own custom tests using Akto's simple yaml templates and test in Akto's open source security scanner

Create your own custom tests using Akto's simple yaml templates and test in Akto's open source security scanner

3

Fix

Fix

Fix

Find and Fix in CI/CD

Integrate with the GitHub Actions, Jenkins, Bamboo, Circle CI or any tool of your choice for your API security testing

GitHub Actions

Jenkins

Others

GitHub Actions

Jenkins

Others

Regression API Security testing

Regression API Security testing

Regression API Security testing

You can hook Akto to your favorite CI/CD tool and find OWASP API Security Top 10 issues

You can hook Akto to your favorite CI/CD tool and find OWASP API Security Top 10 issues

Read More

Read More

Test Library

Follow the API Security standards using Akto's 100+ built-in tests covering OWASP API Security Top 10, HackerOne top 10 and all the top business logic vulnerabilities.

  • JWT Invalid Signature

    JWT None Algorithm

    BOLA by changing auth token

    Security Misconfig-swagger file detection

  • BOLA by param pollution

    BFLA by HTTP method overriding

    Mass Assignment- create admin role

    misconfig -exposed-debug-page

  • SSRF - AWS sensitive data exposed

    Misconfig - open redirect

    DOS due to pagination misconfig

Run in Akto

Test Library

Follow the API Security standards using Akto's 100+ built-in tests covering OWASP API Security Top 10, HackerOne top 10 and all the top business logic vulnerabilities.

JWT Invalid Signature

JWT None Algorithm

BOLA by changing auth token

Command Injection

BOLA by param pollution

CORS Misconfiguration

Mass Assignment- create admin role

misconfig -exposed-debug-page

SSRF - AWS sensitive data exposed

Misconfig - open redirect

DOS due to pagination misconfig

100 more and growing

Mass Assignment by creating admin role

Test my APIs

id: MASS_ASSIGNMENT_CREATE_ADMIN_ROLE
info:
  severity: HIGH
api_selection_filters:
  response_code:
    gte: 200
    lt: 300
  method:
    contains_either:
      - "PUT"
      - "POST"
      - "PATCH"
  url:
    contains_all:
      - user
  request_payload:
    for_one:
      key:
        contains_either:
          - email
          - login
  response_payload:
    for_one:
      key:
        contains_either:
          - role

execute:
  type: single
  requests:
    - req:
      - add_body_param:
          role: admin
validate:
  response_code:
    gte: 200
    lt: 300
  response_payload:
    contains_either: admin

10

COUNTRIES

200k+

APIs PROTECTED

20M+

REQUESTS PER MIN

Deploy securely in 60 seconds

Deploy securely in 60 seconds

Deploy securely in 60 seconds

Mutual TLS? No problem!

Akto can understand TLS encrypted traffic with EBPF connector

All API formats, you name it and we have it

Akto supports Rest, GraphQL, grPC, JSONP API formats.

  • ({JSONP})

Host on-premise or in our cloud

Your choice of deployment. Host Akto API Security solution in your cloud or ours.

Self-hosted

Akto Cloud

Local Deploy

AWS Deploy

GCP Deploy

Azure Deploy

Host on-premise or in our cloud

Your choice of deployment. Host Akto API Security solution in your cloud or ours.

Self-hosted

Akto Cloud

Local Deploy

AWS Deploy

GCP Deploy

Azure Deploy

Scale with traffic

10 Million Request/Minute

Mutual TLS? No problem!

Akto can understand TLS encrypted traffic with EBPF connector

All API formats, you name it and we have it

Akto supports Rest, GraphQL, grPC, JSONP API formats.

  • ({JSONP})

Self-hosted

Akto Cloud

Local Deploy

AWS Deploy

GCP Deploy

Azure Deploy

Host on-premise or in our cloud

Your choice of deployment. You can host Akto in your cloud or ours.

Scale with traffic

10 Million Request/Minute

In the press

Read Akto's API security solution covered in Forbes, Venture Beat, NASDAQ and more.

Akto is Open-Source

Our code is open source. Edit Akto's open source API Security platform as you see fit.

Find us on GitHub

Join our community

Our channels range from #support to #learn-api-security. Members are answering questions daily.

Join Discord

Watch Tutorials

We publish videos on API security, product tutorials and events every week. Subscribe and watch.

Watch Tutorials

Read our blog

Read our latest blogs on API Security solutions and API security testing including BOLA, SQL Injection, CORS and CSRF.

Introducing Akto in CLI
Introducing Akto in CLI
Introducing Akto in CLI

Product updates

5 mins

Introducing Akto CLI : You can now run Akto tests in CLI

Vulnerabilities are now tagged with CWE
Vulnerabilities are now tagged with CWE
Vulnerabilities are now tagged with CWE

Product updates

10 mins

Akto Vulnerabilities are now tagged with CWE

Trusted by companies across the globe

Start

Test Library

Run in Akto

Follow the API Security standards using Akto's 100+ built-in tests covering OWASP API Security Top 10, HackerOne top 10 and all the top business logic vulnerabilities.

  • JWT Invalid Signature

    JWT None Algorithm

    BOLA by changing auth token

    Security Misconfig-swagger file detection

  • BOLA by param pollution

    BFLA by HTTP method overriding

    Mass Assignment- create admin role

    misconfig -exposed-debug-page

  • SSRF - AWS sensitive data exposed

    Misconfig - open redirect

    DOS due to pagination misconfig