All User Configurations in a Single Screen
With this single screen, managing user configurations becomes more streamlined and efficient. By providing visibility into all user settings and configurations in one place, Akto empowers you to carry out API security testing more effectively and accurately.
Raaga Srinivas
6 mins
In Akto, a user configuration refers to the specific settings that control how a user can run a test on their APIs. These settings may include user access levels, permissions, and other security protocols. In Akto, it refers to a specific set of data that we receive from the user in one of two ways:
In an automated manner, when the user connects to traffic data
Manually, to be filled in or created by the user
This is what the screen contains:
Config name: The name of the user configuration
Status:
Done:
Akto was able to create this group or role through traffic data in an automated mannerPending:
Requires manual intervention from the userValues: Hyperlinks to the exact groups or role settings
Impacting Categories: Exact vulnerabilities that these configurations will be used to test against.
In Akto, we use multiple user configurations in the context of API Security testing. These are categorized in two ways:
1. Which APIs do you want to test?
Akto groups API endpoints that have been called by a certain user when performing an action that is directly linked to their account. We use traffic already present in the dashboard and use regex-based matching to create the API groups.
For example, when a user wants to reset their password, the system triggers a specific API endpoint linked to this user’s account.
By capturing this action, Akto groups the endpoints that are specifically related to the password reset process of this user, thereby creating a logical group. These groups are API collections on which you can now conduct your API security testing.
Here are some logical groups created by Akto:
Password reset endpoint
Authentication token header key
User registration endpoint
Login endpoint
Now, instead of appending test templates to include new APIs under these categories, Akto will automatically group these endpoints based on pre-defined conditions. All you have to do is run your test on the API collection!
2. Against what role do you want to test your APIs?
When it comes to role-based testing, certain API Security tests require certain user configurations.
For example, if you're testing your APIs against a malicious attacker, you may want to configure your user settings to simulate that attacker's potential access levels and permissions. So you will need an attacker account role
. In this particular case, Akto does this in a completely automated way.
Conversely, if you're testing how your APIs behave for a regular user, you would configure your settings to reflect that user's access and permissions.
Like this, Akto has a set of pre-defined roles for which we require user configurations to ensure you can easily get started with testing.
Here are some of the roles:
Locked account role
Logged out account role
Attacker account role
You can also create more test roles by navigating to the ‘Test Roles’ tab in the left nav. Know more about how to create a test role here.
Akto now lets you view all your user configuration data described above in a single screen.
Final Thoughts
With this single screen, managing user configurations becomes more streamlined and efficient. By providing visibility into all user settings and configurations in one place, Akto empowers you to carry out API security testing more effectively and accurately.
After setting up all user configurations, you can get started on testing your APIs! Check out these resources to know more:
Keep reading
API Security
3 minutes
What is API Discovery?
API Discovery helps identify, map, and manage APIs within an organization, ensuring security, performance, and seamless integration across systems.
API Security
5 minutes
Top 10 DAST Tools in 2024
DAST tools secure web apps by identifying vulnerabilities through automated security testing.
API Security
8 minutes
Security Information and Event Management (SIEM)
SIEM aggregates and analyzes security data across an organization to detect, monitor, and respond to potential threats in real time.
Experience enterprise-grade API Security solution