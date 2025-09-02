Best-in-Class AST Player Introduces API Scanner with Novel Dynamic Payload Rotation Feature for Completely Unique Scans

Detectify, the application security testing platform for evolving attack surface coverage, today announced the expansion of its AppSec platform to include advanced API scanning capabilities, providing organizations with a comprehensive solution to identify and remediate vulnerabilities across all layers of their modern applications.

Modern application environments heavily rely on APIs, yet many organizations struggle with incomplete API inventories, poor documentation, and the complexities of disparate testing solutions. Compliance frameworks like PCI and SOC 2 are now mandating API scanning, but often lack explicit guidance, leaving security teams without clear direction. In addition, many specialized API security solutions are difficult to instrument, require significant setup time, and are often prohibitively expensive.

Detectify's new API scanning capabilities are specifically designed to empower AppSec teams to overcome these frequent challenges. The platform now provides unified API visibility by combining discovered API endpoints with user-uploaded data, offering a comprehensive inventory and the context needed to prioritize scanning across the entire API attack surface.

"API security is a fundamental component of every modern attack surface. With the launch of our dynamic API scanner, we're building on our intelligent scan recommendations and asset classification features to provide AppSec teams with the most unified and intelligent view of their attack surface to date", said Rickard Carlsson, CEO at Detectify.

With Detectify's new API Scanner, Detectify customers can benefit from:

Dynamic Payloads, so every scan is different: Unlike static scanners, the Detectify API Scanner's dynamic approach uses machine learning to randomize and rotate payloads for every single scan. This feature is unique in the market and creates an ongoing opportunity for AppSec teams to discover new vulnerabilities that static checks would miss.

A massive scale of tests and variations: The scanner performs hundreds of vulnerability tests, backed by a library of over 330,000 payloads for command injections and more than 922 quintillion payloads for prompt injection tests alone. This precision at scale is designed to uncover real, exploitable weaknesses, not just add noise to your backlog.

Broad vulnerability coverage: The scanner tests for a wide range of critical weaknesses, including some major risks from the OWASP API Top 10 and other misconfigurations and common injection vulnerabilities, like SQL Injection, NoSQL Injection, XSS, or Insecure Deserialization. It also incorporates proprietary, research-led checks to find flaws often missed by standard tools.

Detectify's integrated approach allows customers to consolidate application testing and API scanning with a single vendor. The new capabilities are designed to work in combination with the recently launched intelligent scan recommendations and asset classification, providing unified visibility and research-led testing across the entire attack surface. Detectify API scanning is available here.

