- Available on Premium tier plans -

Configuring the OWASP ZAP scanner with your Open API or Swagger specification file gives the scanner better insight into the endpoints your application exposes. Doing so improves the thoroughness and detail of OWASP ZAP when testing your API, for scanning for risks like SQL injection, Remote Execution Vulnerabilities, and others.

We've written up a detailed guide to configuring the API Scanning feature here.