• OpenAPI Misconfiguration: Credential Leakage - servers = localhost

    Hi Does this issue make sense when servers is just an url for localhost? If it does not, is there any way to customize/review this rule? TIA Leo
  • Webinspect Scan using Curl Command

    Hello Dears, I'm using Webinspect 23.1 swagger API to scan microservices and dynamic web applications, I configured Webinspect API and started scanning using swagger ui, which is successfully started, The sample was for a testing case that scans using…
  • WebInspect - API Scan with hidden definition.

    Hello I want to scan the REST API (Swagger type) where the definitions are hidden. I have received a JSON file with the definitions. Scan wizzard dosen't provide simple use of external definition file. Somebody face with similar problem? How to pass…
  • APi key not working while trying to create a new project via REST API

    I am trying to create a new application in Fortify using the API token that I generated for admin user. The token that I generated via the Web UI is of UnifiedLoginToken type. I got this curl command from the SWAGGER API documentation. curl -X POST…