added
Web App Scanning: SOAP API Assessment
15 days ago by Lance Duvall
Tenable Web App Scanning now supports SOAP API scanning, extending existing REST and GraphQL API support. With this update, you can assess all major types of API applications, ensuring broader coverage of the API attack surface. For more information, see Launch an API Scan in the Tenable Web App Scanning User Guide.
To configure a WAS scan for SOAP APIs, use one or more of the following new parameters when creating or updating a WAS scan configuration:
| Body Parameter | Data Type | Description |
|---|---|---|
settings.scope.soap_file | string | A base64-encoded WSDL v1.1 file that defines the API schema to scan. The file must comply with the WSDL v1.1 specification. Alternatively, you can provide the WSDL file via a URL using the soap_file_url parameter. Note: The maximum supported file size is 1 MB. For larger schemas, host the file externally and reference it with the soap_file_url parameter. |
settings.scope.soap_filename | string | The filename to assign to the WSDL file provided in the soap_file parameter. The filename must end in .wsdl, .xml, or /wsdl/. |
settings.scope.soap_file_url | string | A URL pointing to a WSDL v1.1 file that defines the API schema to scan. The URL must start with http:// or https:// and end with .wsdl, .xml, or /wsdl/. Alternatively, you can provide the WSDL file as a base64-encoded string via the soap_file parameter. |
These new parameters are supported by the following API endpoints:
| Endpoint | Name | Description |
|---|---|---|
| POST /was/v2/configs | Create scan configuration | Creates a new scan configuration. |
| PUT /was/v2/configs/{config_id} | Upsert scan configuration | Updates an existing scan configuration or creates a new scan configuration. |