www.akto.io
Open in
urlscan Pro
52.223.52.2
Public Scan
Submitted URL: http://akto.io/
Effective URL: https://www.akto.io/
Submission: On June 11 via manual from BG — Scanned from DE
Effective URL: https://www.akto.io/
Submission: On June 11 via manual from BG — Scanned from DE
Form analysis 0 forms found in the DOM
Text Content
Webinar on Scaling AppSec ft. Stripe Security Team
Register Now
Products
Pricing
Solutions
Resources
Book demo
See docs
Start free
GenAI Security
Beta Launch Now Open!
DISCOVER AND SCAN YOUR APIS FOR
PRIVILEGE ESCALATION
IDOR
BROKEN AUTH
ACCESS CONTROL
Akto is the only Open Source API Security platform. Discover all your APIs and
find vulnerabilities by running 300+ native built-in tests. Write custom tests
for custom use cases.
Start free in 60 seconds
Book a demo
DISCOVER AND MONITOR ALL YOUR APIS
API Discovery
API Testing
Sensitive Data
Custom Test
Traffic Connectors
LOVED BY SECURITY ENGINEERS
Oleg Gryb
Ex-Chief Security Architect,
Block
Conceptually you’ve got it right: API inventory, templates, discovery through
traffic mirroring, retesting and collaboration tools for the whole red team.
Avinash Jain
Security,
Microsoft
Akto is a remarkable security software - a beast in API security.
Rohit Sehgal
Security Engineer,
Ethos
They have good business logic tests like BOLA and other OWASP categories, some
100+ tests.
Akto.io is a game-changing tool that makes it easy to manage your API inventory
and secure your APIs from a wide range of security threats.
Pulkit Garg
Product security engineer,
Atlassian
Farah Hawa
Security Analyst,
Meta
I recently came across Akto- it’s an open source API security product which can
do this & it also has 100+ security tests for bugs like IDOR and SSRF.
Ross Haleliuk
Lead,
Venture in Security
Akto just open sourced their API security startup - Akto.io. There are over 100+
tests which anyone can contribute to in Github
1
DISCOVER
DISCOVER ALL YOUR APIS
You can discover all your APIs in any format REST, GraphQL, gRPC, JSONP in real
time. End to end API Security Monitoring
* Azure
AWS EKS
Go
Burp suite
eBPF
* Azure
AWS EKS
Go
Burp suite
eBPF
* Azure
AWS EKS
Go
Burp suite
eBPF
* Azure
AWS EKS
Go
Burp suite
eBPF
* Kong
Amazon web services
Postman
NGINX
* Kong
Amazon web services
Postman
NGINX
* Kong
Amazon web services
Postman
NGINX
* Kong
Amazon web services
Postman
NGINX
* Kubernetes
AWS ECS
AWS Fargate
Java
* Kubernetes
AWS ECS
AWS Fargate
Java
* Kubernetes
AWS ECS
AWS Fargate
Java
* Kubernetes
AWS ECS
AWS Fargate
Java
* Envoy
Python
Google cloud platform
Nodejs
* Envoy
Python
Google cloud platform
Nodejs
* Envoy
Python
Google cloud platform
Nodejs
* Envoy
Python
Google cloud platform
Nodejs
CONNECT TO ANYTHING FOR API SECURITY MONITORING
Akto comes with 10+ connectors for your API Security Monitoring including AWS,
GCP, EBPF, Postman, Burp extension, NGINX, Kong.
KNOW WHEN API CHANGES
No need to worry about asking developers for new APIs. Akto will alert you for
all new APIs to manage your API security risks.
FIND SENSITIVE DATA EXPOSURE
Know as soon as a developer adds a sensitive param. Akto has a list of 100+
sensitive data types to highlight api security risks.
2
TEST
TEST YOUR APIS FOR VULNERABILITIES
100+ built-in tests covering OWASP Top 10, HackerOne top 10 and all the business
logic vulnerabilities for your API Security testing needs
All
OWASP top 10
Hackerone top 10
Business logic
* SSRF
2 tests
* Rate limiting
2 tests
* Security missconfiguration
86 tests
* SSRF
2 tests
* Rate limiting
2 tests
* Security missconfiguration
86 tests
* SSRF
2 tests
* Rate limiting
2 tests
* Security missconfiguration
86 tests
* SSRF
2 tests
* Rate limiting
2 tests
* Security missconfiguration
86 tests
* Mass assignment
3 tests
* INJECTION
5 tests
* Improper Assets Management
4 tests
* Mass assignment
3 tests
* INJECTION
5 tests
* Improper Assets Management
4 tests
* Mass assignment
3 tests
* INJECTION
5 tests
* Improper Assets Management
4 tests
* Mass assignment
3 tests
* INJECTION
5 tests
* Improper Assets Management
4 tests
* BOLA
6 tests
* BUA
4 tests
* Excessive data exposure
30 tests
* BOLA
6 tests
* BUA
4 tests
* Excessive data exposure
30 tests
* BOLA
6 tests
* BUA
4 tests
* Excessive data exposure
30 tests
* BOLA
6 tests
* BUA
4 tests
* Excessive data exposure
30 tests
* BFLA
5 tests
* JWT
4 tests
* Unsafe APIs consumption
4 tests
* BFLA
5 tests
* JWT
4 tests
* Unsafe APIs consumption
4 tests
* BFLA
5 tests
* JWT
4 tests
* Unsafe APIs consumption
4 tests
* BFLA
5 tests
* JWT
4 tests
* Unsafe APIs consumption
4 tests
150 + BUILT-IN API SECURITY TESTS
Use API vulnerability scanner to schedule scans for your APIs with Akto's 100+
and growing tests
Try now
WRITE YOUR OWN API SECURITY TESTS
Create your own custom tests using Akto's simple yaml templates and test in
Akto's open source security scanner
3
FIX
FIND AND FIX IN CI/CD
Integrate with the GitHub Actions, Jenkins, Bamboo, Circle CI or any tool of
your choice for your API security testing
GitHub Actions
Jenkins
Others
REGRESSION API SECURITY TESTING
You can hook Akto to your favorite CI/CD tool and find OWASP API Security Top 10
issues
Read More
API TEST LIBRARY
Follow the API Security standards using Akto's 100+ built-in tests covering
OWASP API Security Top 10, HackerOne top 10 and all the top business logic
vulnerabilities.
JWT Invalid Signature
JWT None Algorithm
BOLA by changing auth token
Command Injection
BOLA by param pollution
CORS Misconfiguration
Mass Assignment- create admin role
misconfig -exposed-debug-page
SSRF - AWS sensitive data exposed
Misconfig - open redirect
DOS due to pagination misconfig
100 more and growing
Mass Assignment by creating admin role
Test my APIs
id: MASS_ASSIGNMENT_CREATE_ADMIN_ROLE
info:
severity: HIGH
api_selection_filters:
response_code:
gte: 200
lt: 300
method:
contains_either:
- "PUT"
- "POST"
- "PATCH"
url:
contains_all:
- user
request_payload:
for_one:
key:
contains_either:
- email
- login
response_payload:
for_one:
key:
contains_either:
- role
execute:
type: single
requests:
- req:
- add_body_param:
role: admin
validate:
response_code:
gte: 200
lt: 300
response_payload:
contains_either: admin
10
COUNTRIES
200K+
APIs PROTECTED
20M+
REQUESTS PER MIN
DEPLOY SECURELY IN 60 SECONDS
MUTUAL TLS? NO PROBLEM!
Akto can understand TLS encrypted traffic with EBPF connector
ALL API FORMATS, YOU NAME IT AND WE HAVE IT
Akto supports Rest, GraphQL, grPC, JSONP API formats.
*
* ({JSONP})
*
*
*
* ({JSONP})
*
*
*
* ({JSONP})
*
*
HOST ON-PREMISE OR IN OUR CLOUD
Your choice of deployment. Host Akto API Security solution in your cloud or
ours.
Self-hosted
Akto Cloud
Local Deploy
AWS Deploy
GCP Deploy
Azure Deploy
SCALE WITH TRAFFIC
10 Million Request/Minute
IN THE PRESS
Read Akto's API security solution covered in Forbes, Venture Beat, NASDAQ and
more.
* ARTICLE
AKTO ACTS TO PREVENT DATA LEAKS AND SECURES $4.5M SEED ROUND AS IT BUILDS THE
WORLD’S FIRST PLUG-N-PLAY API SECURITY PLATFORM.
NASDAQ
ARTICLE
AKTO PROMISES TO PROTECT THE WORLD’S APIS FROM CYBER ATTACKERS.
FORBES
ARTICLE
API SECURITY KEY TO PROTECTING DEVSECOPS PIPELINES, AKTO RAISES $4.5M IN
FUNDING .
VENTUREBEAT
ARTICLE
AKTO ACTS TO PREVENT DATA LEAKS AND SECURES $4.5M SEED ROUND AS IT BUILDS THE
WORLD’S FIRST PLUG-N-PLAY API SECURITY PLATFORM.
YAHOO FINANCE
ARTICLE
CYBERSECURITY STARTUPS TO WATCH FOR IN 2023.
CSO
AKTO: ANKITA GUPTA ON API SECURITY AND BUILDING PRODUCTS ENGINEERS LOVE.
PODCAST
SECURE VENTURES WITH KYLE MCNULTY
ARTICLE
AKTO ACTS TO PREVENT DATA LEAKS AND SECURES $4.5M SEED ROUND AS IT BUILDS THE
WORLD’S FIRST PLUG-N-PLAY API SECURITY PLATFORM.
ACCEL
* ARTICLE
AKTO ACTS TO PREVENT DATA LEAKS AND SECURES $4.5M SEED ROUND AS IT BUILDS THE
WORLD’S FIRST PLUG-N-PLAY API SECURITY PLATFORM.
NASDAQ
ARTICLE
AKTO PROMISES TO PROTECT THE WORLD’S APIS FROM CYBER ATTACKERS.
FORBES
ARTICLE
API SECURITY KEY TO PROTECTING DEVSECOPS PIPELINES, AKTO RAISES $4.5M IN
FUNDING .
VENTUREBEAT
ARTICLE
AKTO ACTS TO PREVENT DATA LEAKS AND SECURES $4.5M SEED ROUND AS IT BUILDS THE
WORLD’S FIRST PLUG-N-PLAY API SECURITY PLATFORM.
YAHOO FINANCE
ARTICLE
CYBERSECURITY STARTUPS TO WATCH FOR IN 2023.
CSO
AKTO: ANKITA GUPTA ON API SECURITY AND BUILDING PRODUCTS ENGINEERS LOVE.
PODCAST
SECURE VENTURES WITH KYLE MCNULTY
ARTICLE
AKTO ACTS TO PREVENT DATA LEAKS AND SECURES $4.5M SEED ROUND AS IT BUILDS THE
WORLD’S FIRST PLUG-N-PLAY API SECURITY PLATFORM.
ACCEL
* ARTICLE
AKTO ACTS TO PREVENT DATA LEAKS AND SECURES $4.5M SEED ROUND AS IT BUILDS THE
WORLD’S FIRST PLUG-N-PLAY API SECURITY PLATFORM.
NASDAQ
ARTICLE
AKTO PROMISES TO PROTECT THE WORLD’S APIS FROM CYBER ATTACKERS.
FORBES
ARTICLE
API SECURITY KEY TO PROTECTING DEVSECOPS PIPELINES, AKTO RAISES $4.5M IN
FUNDING .
VENTUREBEAT
ARTICLE
AKTO ACTS TO PREVENT DATA LEAKS AND SECURES $4.5M SEED ROUND AS IT BUILDS THE
WORLD’S FIRST PLUG-N-PLAY API SECURITY PLATFORM.
YAHOO FINANCE
ARTICLE
CYBERSECURITY STARTUPS TO WATCH FOR IN 2023.
CSO
AKTO: ANKITA GUPTA ON API SECURITY AND BUILDING PRODUCTS ENGINEERS LOVE.
PODCAST
SECURE VENTURES WITH KYLE MCNULTY
ARTICLE
AKTO ACTS TO PREVENT DATA LEAKS AND SECURES $4.5M SEED ROUND AS IT BUILDS THE
WORLD’S FIRST PLUG-N-PLAY API SECURITY PLATFORM.
ACCEL
* ARTICLE
AKTO ACTS TO PREVENT DATA LEAKS AND SECURES $4.5M SEED ROUND AS IT BUILDS THE
WORLD’S FIRST PLUG-N-PLAY API SECURITY PLATFORM.
NASDAQ
ARTICLE
AKTO PROMISES TO PROTECT THE WORLD’S APIS FROM CYBER ATTACKERS.
FORBES
ARTICLE
API SECURITY KEY TO PROTECTING DEVSECOPS PIPELINES, AKTO RAISES $4.5M IN
FUNDING .
VENTUREBEAT
ARTICLE
AKTO ACTS TO PREVENT DATA LEAKS AND SECURES $4.5M SEED ROUND AS IT BUILDS THE
WORLD’S FIRST PLUG-N-PLAY API SECURITY PLATFORM.
YAHOO FINANCE
ARTICLE
CYBERSECURITY STARTUPS TO WATCH FOR IN 2023.
CSO
AKTO: ANKITA GUPTA ON API SECURITY AND BUILDING PRODUCTS ENGINEERS LOVE.
PODCAST
SECURE VENTURES WITH KYLE MCNULTY
ARTICLE
AKTO ACTS TO PREVENT DATA LEAKS AND SECURES $4.5M SEED ROUND AS IT BUILDS THE
WORLD’S FIRST PLUG-N-PLAY API SECURITY PLATFORM.
ACCEL
AKTO IS OPEN-SOURCE
Our code is open source. Edit Akto's open source API Security platform as you
see fit.
Find us on GitHub
JOIN OUR COMMUNITY
Our channels range from #support to #learn-api-security. Members are answering
questions daily.
Join Discord
AKTO ACADEMY
Learn and gain knowledge of API Security through hands-on courses and labs by
Akto.
Start Course
SCHEDULE A LIVE DEMO
See Akto in action and learn how it can help you secure your APIs proactively
today!
READ OUR BLOG
Read our latest blogs on API Security solutions and API security testing
including BOLA, SQL Injection, CORS and CSRF.
News
5 mins
Akto’s Spring Roadshow: A Retrospective
News
6 mins
April Product News: API Access Type-Based Testing, Removing Bad Endpoints, and
more
Trusted by companies across the globe
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
START
Product
Test library
Open Source
Self-hosted
Cloud
Traffic Connectors
AktoGPT
Pricing
Changelog
Vulnerabilities
Cross-site scripting (XSS)
Broken Object Level Authorization (BOLA)
Server Side Request Forgery (SSRF)
Mass Assignment (MA)
Command Injection
Cross-Origin Resource Sharing (CORS)
Security Misconfiguration (SM)
Broken User Authentication (BUA)
Lack of Resources & Rate Limiting (RL)
Unnecessary HTTP Methods (UHM)
Misconfigured HTTP Headers (MHH)
Verbose Error Messages (VEM)
Local File Inclusion (LFI)
Server Side Template Injection (SSTI)
CRLF Injection
Server Version Disclosure (SVD)
Security Academy
Penetration Testing
What is APIs?
REST API Security
GET vs POST
What is DevSecOps
DevSecOps Best Practices
Resources
Documentation
Academy
API CVE Database
Community
Events
Blog
Tutorials
GitHub
Podcast
Comparison
Hacktoberfest 2023
Developer Security Hub
Company
About us
Contact us
Live Demo
Book demo
Email
Responsible disclosure
Terms & Policies
Trust Center
© 2023 Akto. 95 Third Street, 2nd Floor, San Francisco, CA 94103, United States.
COOKIE SETTINGS
We use cookies to enhance your experience, analyze site traffic and deliver
personalized content. Read our Cookie Policy.