Cloudflare has announced the open beta of its Web and API Vulnerability Scanner. This Dynamic Application Security Testing (DAST) tool is part of the API Shield platform.

InfoQ is a leading online platform for software developers, architects, and technical leaders, providing news, articles, presentations, and interviews on a wide range of topics, including agile practices, DevOps, microservices, and emerging technologies. With a focus on quality content and expert insights, InfoQ helps professionals stay informed about the latest trends, best practices, and industry developments. Developers can learn from real-world experiences, gain  knowledge, and connect with peers in the global software community through InfoQ's diverse and engaging content.

InfoQ

Cloudflare has launched an open beta of its Web and API Vulnerability Scanner, a DAST tool integrated into the API Shield platform. The initial release targets Broken Object Level Authorization (BOLA), ranked first in the OWASP API Top 10. Unlike passive scanners that rely on existing traffic, this tool generates synthetic test traffic to find authorization flaws in pre-production environments. It models APIs as call graphs rather than endpoint lists to recreate dependency chains needed to detect BOLA. The backend is built in Rust, uses Temporal for orchestration, Workers AI (including OpenAI's gpt-oss-120b) for data dependency matching, and HashiCorp Vault for credential encryption. Results integrate into Cloudflare's Security Insights dashboard and can be triggered via API for CI/CD pipeline integration. Future updates will expand coverage to SQL injection and XSS.

Cloudflare Adds Active API Vulnerability Scanning to Its Edge