LogoLogo
Book a Demo
  • Introduction
  • Getting Started
    • Install
    • Configuration - General
    • Configuration - Code
    • Configuration - Dependencies
    • Configuration - Containers
    • Configuration - Secrets
    • Configuration - Attack Surface Monitoring
  • Features
    • Code Scanning
      • Custom Rules
      • Supported Languages
    • Dependency Scanning
      • Supported Package Managers
    • Secrets Scanning
      • Supported Secret Types
      • Confidential Information
    • Web App Penetration Testing
      • Quickstart
      • Supported Applications
      • Apps in Private Networks
      • Custom Rules
    • Orchestration
  • Integrations
    • GitHub
      • Repository Issue Dashboards
    • Bitbucket
      • Repository Dashboards
    • Jira
      • Install
      • Configuration
      • Assignee
      • Priorities
      • Manual Ticket Creation
    • AWS
      • Prerequisites
      • Configuration
  • API Reference
    • Nullify API
      • Authentication
      • Pagination
      • Admin
      • Code Scanning (SAST)
      • Dependency Scanning (SCA)
      • Secrets Scanning
      • Dynamic Scanning (DAST)
  • Enterprise Tier
    • GitHub Install
    • Azure DevOps Install
  • More Info
    • About Us
    • Latest Updates
    • Security
    • Data Handling Policy
Powered by GitBook

© 2023 Nullify | All Rights Reserved.

On this page
  • Nullify Web App
  • Nullify CLI
  • Nullify GitHub Action

Was this helpful?

  1. Features
  2. Web App Penetration Testing

Quickstart

PreviousWeb App Penetration TestingNextSupported Applications

Last updated 4 months ago

Was this helpful?

You can begin scanning your APIs via any of the following methods:

Nullify Web App

To initiate a scan via the Nullify Web App, navigate to the API Scans page under "Explore" (/dashboard/explore/api-scans/) and click on the New API Scan button.

Fill out the form and click on the Launch button.

Nullify CLI

The Nullify CLI can be used to scan your APIs locally or as part of your CI/CD pipeline.

Before you begin, you will need to generate a Service Account token, as described in the Configuration - API section.

Here's an example command to initiate a cloud-based scan:

nullify dast \
  --app-name      "My REST API" \ # The name of your API
  --spec-path     "./openapi.json" \ # The local path to your OpenAPI specification file
  --target-host   "https://api.myapp1234.dev" \ # The target host of your API
  --github-owner  "my-username" \ # The owner of the GitHub repository
  --github-repo   "my-repo" \ # The name of the GitHub repository
  --header        "Authorization: Bearer 1234,X-Custom-Header: abcxyz" # Optional: Additional headers to include in the scan

Nullify GitHub Action

To initiate a scan via the Nullify CLI, follow the instructions listed in the README of the tool.

To configure dynamic testing, follow the instructions to add the to your CI/CD pipeline.

Nullify CLI
Nullify GitHub Action
Nullify Web App
Nullify CLI
Nullify GitHub Action
Launch a new API scan