Skip to main content

Overview

Bugsmirror APILock provides advanced automated scanning. An Interactive API Assessment where we log in to your app, actively interact with its workflows, and capture all relevant APIs for in-depth analysis. This tool is designed to give you a clear, accurate view of the security posture of your mobile application's most critical backbone-its APIs.

APILock provides:

  • Comprehensive API Discovery

Identification of all mobile app API endpoints, including undocumented or shadow
APIs, by analyzing real traffic and backend interactions.

  • Sensitive Data & Privacy Leak Checks

Assess APIs for improper exposure of personal information, tokens, credentials,
or system-level data.

  • Resilience & Abuse Testing

Simulate malicious input, volume-based attacks, and other threat vectors to
evaluate API performance and security under pressure.

  • Security Configuration Review

Ensure secure practices such as CORS configuration, TLS enforcement, rate
limiting, and proper HTTP headers are in place.

  • HTTP Method & Protocol Testing

Verify proper HTTP method enforcement, test for method tampering vulnerabilities, detect insecure methods and validate method-specific authorization controls.

  • TLS/SSL Configuration

Comprehensive evaluation of TLS/SSL implementations including protocol
versions, cipher suites, and vulnerability testing various cryptographic
Weaknesses.

  • API Configuration & Secrets Exposure

Identify exposed configuration files, environment variables, Docker files,
deployment scripts , server logs, and sensitive metadata that could reveal
internal architecture or credentials.

What You Receive

With Bugsmirror APILock, you receive detailed and well-structured reports that clearly list discovered API endpoints, identified risks, potential exploit scenarios, and practical remediation steps. The objective is not just to point out issues, but to support your team in resolving them properly and building stronger API security over time.

APILock Dashboard Overview

The APILock tab provides a summary of your scanning activity:

  • Total Scans: Total number of scans performed.
  • Completed: Scans successfully completed.
  • Failed: Scans that failed due to technical issues.
  • Pending: Scans yet to start.
  • Processing: Scans currently in progress.

Start a new API scan by clicking on + New Release button.

All scanned files are listed below and can be easily searched using the search bar.

You can also download a sample report directly from the MASST portal.