ASTRA (Automated Security Testing for REST APIs) is a security automation tool by the Flipkart security team. ASTRA allows developers and testers to find out vulnerabilities in REST API's and patch them at the initial phase of development. A tester can integrate ASTRA into the CI/CD Pipeline. Multiple API's can be given to ASTRA, and it can do standalone security testing on each of them.

ASTRA can test REST API's for these vulnerabilities:

  • SQL injection
  • Cross-site scripting
  • Information Leakage
  • Broken Authentication and session management
  • CSRF (including Blind CSRF)
  • Rate limit
  • CORS misconfiguration (including CORS bypass techniques)
  • JWT attack
  • CRLF detection
  • Blind XXE injection

ref :