Business Logic Security Testing
< Cherrybomb 
/> is a CLI tool that helps you avoid undefined user behavior by validating your API specifications and running API security tests.
Cherrybomb reads your API spec file (Open API Specification) and validates it for best practices and the OAS specification, then it tests to verify that the API follows the OAS file and tests for common vulnerabilities.
The output is a detailed table with any issues found, guiding you to the exact problem and location to help you solve it quickly.
Works with all APIs that use the OAS 3.0 format or higher.
Run Cherrybomb in a matter of minutes with fast install using our script or installing with crates.io.
Tests the OAS file locally for compliance with OpenAPI standards.
Live tests your OAS file and the API's security.
Generates an informative list of all API endpoints.
Generates a comprehensive list of all parameters and their associated properties.
Integrates into your CI using our wizard within minutes.
BLST’s holistic API security platform delivers instant applied observability, advanced security assessment, and reliable monitoring. Thanks to our unique discovery approach, combining both cloud and application perspectives, we provide clients with the most comprehensive inventory of their APIs.
