API Testing

If you prefer to read the entire WhiteHat Service Definition section in PDF format, you can view or print here.

Dynamic testing is available for standalone APIs, i.e., APIs without an HTML front-end for scanners to crawl. We rely on the client to provide API documentation, which is then used as the basis for testing.


AutoAPI is analogous to WhiteHat Dynamic Standard Edition (SE). It uses the same scanning engine, but it learns what requests to make by parsing the customer-provided documentation instead of a website’s HTML. All vulnerabilities are verified by a human engineer or well-trained machine learning model before getting posted to the portal. Proofs-of-concept are provided in vulnerability descriptions as appropriate. Retests are available on demand.

It shares a platform with our other services:

Overview Item Details

Concierge Onboarding

The Synopsys Implementation Team will:

  • Schedule a video welcome call to review all pertinent information and requirements for onboarding.

  • Review all onboarding logistics (e.g. account set-up, purchase review) and verify and validate site specification(s).

  • Deliver "Welcome" documentation and review customer deliverables to ensure successful on-boarding and utilization.

WhiteHat Dynamic User Interface

The WhiteHat Dynamic user interface offers 24/7 Dashboard access to all your vulnerability information, including:

  • Flexible Reports

    • Executive summary and unit level aggregation of data in flexible formats.

    • Trend monitoring, including remediation rate, time to fix vulnerabilities, and age of vulnerabilities.

    • Compliance reports (PCI) available at any time.

  • Access to Synopsys Engineers

    The Ask-a-Question feature gives direct access to Synopsys Security Threat Research Center (TRC) engineers. Questions can be submitted and responses received via the Sentinel UI. If the Ask-a-Question feature is enabled, questions can also be asked through the Sentinel JIRA® plugins, allowing customers to integrate Sentinel information directly into their issue tracking software. (24 hour response.)

Access to Customer Support

Customer Support is available via the Synopsys Software Integrity Community at https://community.synopsys.com/s/, where customers can view their cases, submit cases, or access WhiteHat Dynamic documentation and tools.

You can also click here to email Customer Support.

PCI Compliance

WhiteHat Dynamic (PE, SE, and BE) services exceed requirements of the PCI DSS providing on-going verified vulnerability assessments for both public and internal websites.

Open JSON and XML JSON and API Integration

In addition to developing plugins that integrate WhiteHat Dynamic data with JIRA®, Synopsys offers a RESTful JSON and XML-based API that enables customers to create their own integrations with WhiteHat Dynamic and utilize WhiteHat Dynamic data in their own applications. Support for WhiteHat Dynamic includes our API documentation and training (see http://apidocs.whitehatsec.com).

API Business Logic Assessment (BLA)

This is analogous to WhiteHat Dynamic Premium Edition (PE). The difference from AutoAPI is that an API BLA is done manually, at a single point in time. It matches the vulnerability class coverage of AutoAPI, but includes additional testing for authentication/authorization issues, file upload issues, multi-step workflow bypasses, etc. Humans can understand the meaning of responses in a way that computers cannot.