Real API Multi-step Testing, Smart Scanning & Built Automatically

HAR files > Multi-step Test Cases > Add Assertions & Enable Security Checks > Run

hero-image
Broken Object Level Authorization

"Predictable Session ID" at Step 8 May Lead to Massive Data Breach

content-image
Least Tested, Most Dangerous, Cannot be found by

Legacy Automated Code Review & Web App Scanning

  • Do NOT understand RESTful APIs.

  • Do NOT support multi-step workflow.

  • Do NOT identify sensitive data fields.

  • Do NOT support tests against assertions.

  • Do NOT support smart fuzzing.

Continuous automated testing as a catalyst for innovation

What is Webtica?

Multi-step, Understand RESTful API, On-prem or SaaS

ico-bkg
APITest - Functionality Testing

Execute tests swiftly and repeatedly, without requiring manual intervention, even across multiple versions of your application.

ico-bkg
APIScan - Security Testing

A repeatable and consistent process with minimum effort and quick turn-around time to identify and eliminate these bottlenecks.

ico-bkg
WebWATCH - 24x7 Monitoring

Remarkably fast and scalable, scan the entire application much faster with broader coverage than a manual pen tester.

How does it work

Validate API Responses & Identify Security Vulnerabilities
[1] Create Multi-step Test Case content-image
[2] Record Test Case using HAR content-image
[3] Multi-steps & Variables Retrieved Automatically content-image
[4] Update Variables if Applicable content-image
[5] Enable APIScan (Security Checking), if Applicable content-image
[6] Validate Test Case if Working Properly content-image
[7] Advanced Scheduler to run Test Cases content-image
Understand REST API, Multi-step, Low Code, On-prem or SaaS

Why We are Better

Integrated Security Scanning, Every Step

API testing should entail scanning for API vulnerabilities. API security testing should be conducted early in development—detecting and remediating problems before they go into production.

Multi-step Testing built Automatically from HAR

Based on HAR recording of your workflow, steps & inter-step variables are imported automatically. You just need to add assertions, select security checks. No need to write scripts.

Continuous API Testing & Scanning

Continually Testing your API is critical to quality & secure software building. Every time there is a change, the testers run the tests automatically and report the results.

Team Work, Access Control per Test Case

QA team has to get access to the testing system, get security approvals. Also to ensure that any change in the program that creates an additional parameter for API calls reflects in the schema configuration.

Fully integrated into each step of test case

Serious API Security Scanning

feature-icon
Integrated Smart Fuzzing

Use mutation of collected data, naughty strings, detection of sensitive data, valid enough to pass program parser checks.

feature-icon
Deserialize Data from Data Stream

Check encoded data if use of unknown or untrusted data that may result in abuses of application logic.

feature-icon
Check API Security Baseline

Always use TLS encryption, don’t include sensitive information in URLs, rate limiting and safe error responses, etc.

hackers find the software vulnerabilities through fuzzing

Smart vs Dumb Fuzzing

SMART FUZZING

More accurate results

  • Smart fuzzers generate randomized data valid enough to pass program parser checks, get deep into the program logic, and potentially trigger edge cases and find bugs.

  • A mutation-based fuzzer takes valid inputs and generates a collection of inputs by changing (mutating) the valid inputs.

  • A generation-based fuzzer analyses the provided valid input structure and generates entirely new data that matches the valid one from the structure perspective.

DUMB FUZZING

Results of little use

  • Dumb fuzzers produce completely random input without matching the shape of the expected input or generated to match a valid input.

  • Dumb fuzzers, sometimes, tests a parser than your program.

  • Dumb fuzzers won’t be able to begin the execution of the application logic and identify potential bugs in that area of the code due to the wholly randomized input that does not match the valid input.

Detect new script, new image, new HREF, new DNS/IP mapping, missing known good phrase

WebWatch

content-image
Monitoring Injection, Defacement, Availability & Performance

ScriptWatch

  • Collects and saves known good scripts, images as baseline.

  • Check if new scripts, images, HREFs regularly.

  • If new scripts, images are good, collects and saves for next check.

Pricing - On-Prem

Dockerised Application, Simple Pricing, No Hidden Cost

Free
Personal Use
Free

No Credit Card

  • APITest: Yes

  • APIScan: Yes

  • Max# User: 1

  • Max# API Test Cases: 5

  • Task Scheduler: No

  • Email Notification: No

Contact Us
Team
Most Popular
$ 48 /user /month

Billed as US$480 per user per year

  • APITest: Yes

  • APIScan: Yes

  • Min# User: 2

  • Max# API Test Cases: 50 * #Users

  • Task Scheduler: No

  • Email Notification: No

Contact Us
Enterprise | Consultant
Customizable

Flexible Pricing

  • APITest: Yes

  • APIScan: Yes

  • Min# User: 2

  • Max# API Test Cases: 50 * #Users

  • Task Scheduler: Yes

  • Email Notification: Yes

Contact us

Pricing - SaaS (Cloud Based)

Simple & Easy, No Installation, No Hidden Cost

Free
US$ -

For personal use

  • APITest

  • APIScan

  • Max# user: 1

  • Max# API Test Cases: 5

  • Task Scheduler: No

  • Email Notification: No

  • WebWatch: No

Contact Us
Most Popular
Team
$ 48 /user /month

Billed as US$480 per user per year

  • APITest

  • APIScan

  • Min# User: 2

  • Max# API Test Cases: 50 * #Users

  • Task Scheduler: No

  • Email Notification: No

  • WebWatch: No

Contact Us
Enterprise | Consultant
Customizable

Flexible Pricing

  • APITest

  • APIScan

  • Min# User: 2

  • Max# API Test Cases: 50 * #Users

  • Task Scheduler: Yes

  • Email Notification: Yes

  • WebWatch: Yes

Contact Us
Accepted Payment Methods
  • payment-icon
  • payment-icon
Money Back Guarantee

If it’s not a perfect fit, receive a refund for un-used number of days.

SSL Encrypted Payment

Your information is protected by 256-bit SSL encryption.

The above prices do not include applicable taxes based on your billing address. The final price will be displayed on the checkout page, before the payment is completed

Got Questions? Look Here

Is usage limited by time, frequency of test?

Usage is limited by number of users, number of test cases; Features of email notification and task schedulers are enabled for enterprise version only.

What is the difference between on-prem & SaaS?

Webitca On-prem a) requires installation of dockerized application; b) able to run without connecting to internet; c) WebWatch is not enabled; d) Do not require Multi-factor authentication after 30 days upon first login.

How to install Webtica On-prem?

a) Install Docker on your system; b) download & initialize the docker (internet connection required); c) sign-up (internet connection required) and sign-in; d) create and run test cases.

Can I run Webtica (On-prem) without connecting not internet?

Webtica (On-prem) requires internet connection only for initialization of license, user account sign up, check and download update dockerized applciation, if any. You don't need internet connection for sign-in, creating & running test cases.

We are using Webtica On-prem, any of my test data would be sent to Internet?

No. You are in total control. Webtica On-prem would not send any of your test data to Internet, including our SaaS platform.

Under what situations I cannot use the UI for creating test cases?

For test cases with cross-tab workflow, application logic involving if-the-else, etc., should be created based on OpenAPI Document, or configuration files created by JMeter.

Can I change plans or cancel at any time?

Yep. When you upgrade or downgrade your account, all charges are automatically pro-rated. That means if you need to, you can cancel any time.

Can I sign in without Multi-Factor Authentication?

For SaaS version, no. All user accounts are protected by Multi-Factor Authentication (Smartphone based Authenticator) after 30 days upon first successful sign-in.

What is the difference between API Testing and UI Testing?

Unlike UI testing, which tests the look and feel of the application, API testing focuses on the business logic of the application. Also, this testing requires software to send calls to the API. The software will send requests to API, receive output, and compare the actual responses with the expected responses.

Have more questions? Ask your question here