| Metlo - An Open Source API Security Tool Hey folks! Excited to share what we’ve been working on for the last couple months. Metlo is a self hosted, open source first API security platform that inventories, tests and protects your API endpoints: - We inventory your endpoints by scanning API traffic and detecting all your endpoints along with the sensitive data they contain. - We generate information your security team may find useful like Open API Specs and risk scores for each endpoint. - After this we discover vulnerabilities like unauthenticated endpoints returning sensitive data or missing HSTS headers. - Finally Metlo detects any anomalous behavior on sensitive endpoints in real time so you can detect 0-day attacks as they're happening. We have a demo environment to play around with here http://demo.metlo.com/. Also, Here's a demo video if you would like a quick walk through of the product :) https://www.loom.com/share/349c9e5f267741e9a0fcd2dfd1f9956f |
Also, how to prevent this tool from spamming everybody with alerts? I've used various DAST tools like OWASP ZAP before and ultimately they end up getting turned off because of anger fatigue. (At Uber we trained an entire ML model to hide noisy alerts based on us upvoting/downvoting them.)