Scanning API Endpoints via the NeuraLegion CLI
Speaker 1: Welcome to Neuralegion. In this video, you’ll learn how to scan API endpoints via the CLI without leaving your development environment. NeuraLegion can parse and upload API schema to define the attack surface of the target and optimize the selected security tests. For a scan to be successful, please make sure that you’re using a valid schema configured in compliance with the standard specification. You can find more information about the supported versions and configuration requirements in our documentation. To run scans directly from your development environment, you need to install the NeuraLegion command line interface or CLI locally on your machine. For the installation instructions, see our previous videos and documentation. Let’s get started. To use an API schema for a scan, you first need to upload it to your NeuraLegion storage. Once the file is uploaded, copy its generated ID. We’ve already configured an example with the command that runs a scan. Begin by specifying the API schema file to be tested from the archive using the generated ID. Some target hosts may require authorization to be scanned directly from the cloud. In this case, you need to connect a local repeater for the scan. Please see our video in docs for guidance on this. Give the scan a name and assign a NeuraLegion project for it. You will also need an API token with the correct permission scopes. You can learn how to get this in our video about creating API tokens. We then need to define the cluster as follows. If you are using the NeuraLegion app on a private cloud, ensure you specify your custom cluster instead. That’s it. You’ve completed the setup and can now submit the command to start the scan. You can monitor the scan process and check the results on the scans page of the NeuraLegion app. Thanks for watching and happy scanning from all of us at NeuraLegion.