added
Web App Scanning: GraphQL API Assessment
16 days ago by Lance Duvall
Tenable Web App Scanning now supports GraphQL API scanning, expanding on the existing support for REST APIs. APIs are the foundation of modern web applications and a high-value target for attackers. An increasing number of applications use GraphQL, a modern and flexible API query language.
With this update, Tenable provides broader coverage across the modern API attack surface, helping customers assess both GraphQL and REST-based applications. For more information, see Launch an API Scan in the Tenable Web App Scanning User Guide.
To configure a WAS scan for GraphQL APIs, use one or more of the following new parameters when creating or updating a WAS scan configuration:
| Body Parameter | Data Type | Description |
|---|---|---|
settings.scope.graphql_file | string | A base64 encoded GraphQL SDL file describing the API to be scanned. The file must comply with the GraphQL SDL specification. Alternatively, you can provide the SDL file via a URL using the graphql_file_url parameter.Note: The maximum supported file size is 1 MB. For larger schemas, host the file externally and reference it using the graphql_file_url parameter. |
settings.scope.graphql_filename | string | The name to assign to the base64 encoded GraphQL SDL file specified in the graphql_file parameter. The extension must be .graphql. |
settings.scope.graphql_file_url | string | A URL pointing to the GraphQL SDL file describing the API to be scanned. The URL must start with http:// or https:// and end with .graphql. Alternatively, you can provide the SDL file as a base64 encoded string via the graphql_file parameter. |
settings.scope.graphql_introspection | boolean | Instructs the WAS Scanner to use an introspection query to generate the schema for the target API. |
These new parameters are supported by the following API endpoints:
| Endpoint | Name | Description |
|---|---|---|
| POST /was/v2/configs | Create scan configuration | Creates a new scan configuration. |
| PUT /was/v2/configs/{config_id} | Upsert scan configuration | Updates an existing scan configuration or creates a new scan configuration. |