apisec.ai Reviews & Product Details

APIsec.ai stands out for its automated and continuous API security testing, which proactively detects vulnerabilities before they can be exploited. It seamlessly integrates into development workflows, allowing teams to secure their APIs without slowing down innovation. The platform covers a wide range of security concerns, including OWASP API Security Top 10, business logic flaws, and access control issues. Its user-friendly interface simplifies configuration and integrates smoothly with CI/CD pipelines. Additionally, APIsec University offers free courses and fosters a strong security community, contributing to the broader advancement of API security knowledge. Review collected by and hosted on G2.com.

While APIsec.ai’s comprehensive automation is a strength, it can also present a steep learning curve for teams that are new to advanced API security, sometimes making the initial setup feel overly complex. Additionally, its extensive testing features may occasionally result in false positives that require further manual review. These factors might slow down the initial adoption process for organizations not already versed in robust security practices. Review collected by and hosted on G2.com.

What I like best about APIsec.ai is its automation-first approach to API security testing. It eliminates the traditionally manual and time-consuming aspects of API penetration testing by offering continuous, automated testing that seamlessly integrates with CI/CD pipelines. This enables organizations to identify and remediate vulnerabilities early in the development lifecycle.

Additionally, APIsec.ai’s ability to generate attack simulations based on real API traffic and OpenAPI specs makes the testing both dynamic and highly relevant. It doesn’t just look for generic OWASP Top 10 issues, but tailors its testing to the unique logic and structure of the API being analyzed.

Its user-friendly interface, detailed reporting, and ease of integration with modern DevSecOps workflows also contribute to making it a standout platform in the API security landscape. Review collected by and hosted on G2.com.

integration with certain third-party tools or dashboards might require additional configuration or customization, depending on the organization’s ecosystem. Review collected by and hosted on G2.com.

seamlessly integrates with CI/CD pipelines, allowing for continuous, hands-free security assessments without disrupting development workflows.

The most helpful aspect is its intelligent vulnerability detection and prioritization. ApiSec.ai doesn’t just report issues — it highlights the most critical vulnerabilities, helping teams focus their remediation efforts efficiently. Review collected by and hosted on G2.com.

One downside is the learning curve for new users. The initial setup and understanding of test case customization can be a bit complex, especially for teams without prior experience in API security tools.

What is least helpful is the limited documentation in certain areas. Some advanced features lack in-depth guidance or real-world usage examples, which can slow down adoption and onboarding.

Other potential downsides include: Review collected by and hosted on G2.com.

What i like best about apisec.ia is its ability to carryout quick detailed scan of an API endpoint using OWASP Top 10 Checklist and ability to quantify vulnerability according to CVSS rating and generate detailed scans report for analysis which increases efficiency interms of analyzing many API endpoints in a short time. Additionally I like about apisec.ai is ease of use forexample dashboards with graphs, also ease of implementation and ease of integration during setup. Review collected by and hosted on G2.com.

The downsides of using apisec.ai is that sometimes using automated api scan tools may flag vulnerabilities as present in an api yet they are false positives. Also what i dont like about automated api scan tools like apisec.ai is that it takes away the aspect of human manual analysis which sometimes help to uncover some vulnerabilities that are not easily found by apisec.ai in an API endpoint Review collected by and hosted on G2.com.

The practical approach, with real simulations using crAPI and tools like Burp Suite and jwt_tool, is excellent for learning by applying. The teaching method is clear, the videos are short and to the point, and the quizzes help to effectively reinforce the content.

The focus on the OWASP API Security Top 10, combined with practical exercises, allows for an understanding in practice of how each vulnerability can be exploited and how to protect oneself. Additionally, the use of real tools from the daily life of a security analyst (ZAP, Postman, Burp, JWT_Tool) prepares the student to truly engage.

Advantages such as delivering updated content focused on the real world enable us to get hands-on with environments like vAPI and crAPI and offer consistent didactic material and quizzes that consolidate learning. Review collected by and hosted on G2.com.

Some modules could explore a bit more the defensive side (mitigation and protection in production environments), in addition to providing recommendations focused on secure architecture and hardening practices with more in-depth examples.

Some lessons only point to other tools without delving into their use. For example, it would be interesting to have videos demonstrating step-by-step use of each tool, especially for those who are just starting.

Disadvantages:

The absence of subtitles in Portuguese may hinder access for some professionals in the field in Brazil;

There could be a progress panel by vulnerability (e.g., "completed: BOLA, remaining: SSRF") for better tracking;

The "Beyond the Top 10" section is useful but still not explored in depth. Review collected by and hosted on G2.com.

Apisec.ai is an advanced API security testing platform that automates the discovery of vulnerabilities by generating and executing thousands of test cases based on API specifications like Swagger or OpenAPI. It seamlessly integrates into CI/CD pipelines, enabling shift-left security practices and continuous testing. The platform provides deep coverage of threats, including those in the OWASP API Top 10, with comprehensive reports and remediation guidance. Its ability to test without manual scripting makes it highly efficient for securing APIs in development and production. Review collected by and hosted on G2.com.

While apisec.ai offers powerful automated API security testing, it has some limitations, such as a learning curve for new users, dependence on well-documented API specifications, and limited flexibility for nuanced manual testing scenarios. Additionally, its pricing may not be suitable for smaller teams or startups, and like many automated tools, it can occasionally produce false positives or miss subtle issues. Despite these drawbacks, it remains a valuable solution when paired with manual testing and proper API documentation practices. Review collected by and hosted on G2.com.

What I like best about apisec.ai is its ability to automate comprehensive API security testing without slowing down the development cycle. The platform seamlessly integrates into our CI/CD pipeline and continuously scans for vulnerabilities, including business logic flaws—which are often missed by traditional tools. I also appreciate how intuitive the interface is; even team members without deep security backgrounds can understand the results and take action. The detailed reporting, combined with actionable remediation steps, makes it much easier to address issues early in the development process. Review collected by and hosted on G2.com.

While apisec.ai is a powerful platform, there are a few areas where it could improve. The initial setup and configuration, especially for complex environments or custom APIs, can be a bit time-consuming and may require support from their team. Additionally, while the UI is generally user-friendly, some of the advanced features could benefit from more in-app guidance or tooltips to help new users make the most of them. Lastly, integration with certain CI/CD tools could be more seamless—but their support team is responsive and helpful in resolving any issues. Review collected by and hosted on G2.com.

The most helpful or the best thing about apisec.ai is that I am able to find vulnerabilities in our application that I cant be able to see in doing it manually. Basically the automation itself is great! and I love that I am also able to download a report of the vulnerabilities itself and just present it right away! The ease of integration has been very easy too and customer support was also there since they taught me everything before making use of it. Review collected by and hosted on G2.com.

One thing that I would recommend is maybe add a better error handling, for example some users might not understand what to put on the Open API and would have trouble understanding it. Review collected by and hosted on G2.com.

I really like the way APISec Scanner automates API scanning. It minimizes most of the manual work required for API Scanning and is easily adoptable. Their support team is very responsive and cooperative too. It also supports seamless integration in CI/CD pipeline, which is something truly amazing! Review collected by and hosted on G2.com.

One thing that I think APISec Scanner is missing is a desktop client. I hope they will build one soon! Review collected by and hosted on G2.com.

I appreciate the opportunity to explore the free courses, and I've found the content to be quite straightforward to understand. It’s a great resource for learning! Review collected by and hosted on G2.com.

I don't have anything I dislike about apisec.ai. Review collected by and hosted on G2.com.