API Secure

Data Theorem's API Secure will scan your RESTful APIs for security issues, including, but not limited to, SQL injection, SSRF, XSS, and PII/PHI data publicly accessible on the Internet. More information can be found here:

https://www.datatheorem.com/products/api-secure

A valid Data Theorem API key is required.

Install the extension

Go to Data Theorem API Secure's page on the Azure DevOps marketplace:
https://marketplace.visualstudio.com/items?itemName=datatheorem.datatheorem-api-secure

Install the extension in your Azure DevOps organization by clicking on "Get it free"

Add Data Theorem API Secure to an Azure pipeline

Go to your azure-pipeline.yml file and select the Data Theorem API Secure extension.

Click on variables.

Retrieve your Upload API key from the Data Theorem portal at the link below: https://www.securetheorem.com/mobile/sdlc/api_access
Then set the API key as a secret viable.

Set the asset ID and the url of API you wish to scan.

To find your asset_id, go to API Secure inventory in the Data Theorem portal and find the RESTful API to scan and retrieve the RESTful API’s ID from the url: https://securetheorem.com/api/restful-apis/<asset_id>

Once the inputs have been added, click on "Add", and the Data Theorem API Secure task will be added to your azure-pipeline.yml file.