Professional DAST
This extension provides coverage of all ten OWASP API Security Top 10 (2023) categories through active and passive scan checks. It reports findings labelled by OWASP API category so that scan output maps directly to the framework. Where checks overlap with native scanner coverage, issue details include references linking to the corresponding native issue definitions.
/vN/ path.APIx:2023 to
confirm it is running against the site./vN/ path -
and runs the passive checks against the responses, so between them all ten OWASP API categories are covered.
|
Author |
Author
Liam Tai-Hogan, PortSwigger, Rob Cornes, Twilio |
|---|---|
|
Version |
Version
2.3.2 |
|
Rating |
Rating |
|
Popularity |
Popularity |
|
Last updated |
Last updated
14 July 2026 |
|
Estimated system impact |
Estimated system impact
Overall impact: Empty
Memory
Empty
CPU
Empty
General
Empty
Scanner
Empty
|
You can install BApps directly within Burp, via the BApp Store feature in the Burp Extender tool. You can also download them from here, for offline installation into Burp.
|
|
You can view the source code for all BApp Store extensions on our GitHub page. |
|
|
Follow @BApp_Store on Twitter to receive notifications of all BApp releases and updates. |
Please note that extensions are written by third party users of Burp, and PortSwigger Web Security makes no warranty about their quality or usefulness for any particular purpose.
Please note that extensions are written by third party users of Burp, and PortSwigger Web Security makes no warranty about their quality or usefulness for any particular purpose.