A Suite is a combination of a group of scans with common configurations of policy and schedule. They help group similar scans together in an environment. As the scans are executed several times, suites help organize the related scans together. While creating a suite, you can configure several scan properties such as type, scope, authentication, etc. Using Suites, you can also create scans. The subsequent scans are executed using these configurations.
The API Security Suites page provides a summarized view of vulnerabilities across a set of scans. The displayed suites are environment-specific, or you can view the suites for all the environments together. Note that you must choose a specific environment to create a suite. The following screenshot shows the Suites dashboard.
.png)
Suites
In the above screenshot, All Environments is selected from the drop-down list. Hence, Create Suite is greyed out. The Suites dashboard in the above screenshot shows three suites across all the environments. The following is a summary of the information shown in the above dashboard:
Three suites are shown, each attached to a different policy and environment.
If you hover over a scan, as shown for the Quick Scan above, you can view the number of Low, Medium, High, and Critical vulnerabilities found in that scan. For more information on quick scans, see Understanding Quick Scans.
A total of 1.61K scans are completed, 0 scans are scheduled, 0 scans are running, and 15 scans are aborted.
Traffic Types: XAST Live, XAST Replay, and DAST
The creation of a suite or quick scan is based on the choice of traffic from XAST live, XAST replay, and DAST. The table below lists the comparison between XAST live, DAST, and XAST replay traffic types:
XAST Live | DAST | XAST Replay |
|---|---|---|
It uses live traffic in real-time to run the scan. | It generates traffic based on the examples provided in the specifications. | It uses past traffic to run the scan. |
It uses Traceable-generated specifications for accuracy and coverage per API. | It uses the API specification you provide for accuracy and coverage per API. | It uses Traceable-generated specifications for accuracy and coverage per API. |
It runs context-sensitive targeted tests using a real-time monitoring and analysis approach. | It runs simulated attacks on applications using the black-box testing approach. | It runs context-sensitive targeted tests using the historical traffic analysis and replay approach. |
It does not scan if no traffic is present in an API. | It scans all APIs irrespective of traffic. | It scans selected APIs/assets if there is any traffic in the past. |
It has the most penetration power due to context relevance from real traffic. | When Postman is collection-based, it has the same penetration power as XAST Live. When Open API-based, it has the least penetration power if the examples provided are invalid. | It has lesser penetration power than XAST live but more than DAST as some data may have lost relevance with time. |
It has lesser coverage than XAST replay but more than DAST as it uses live traffic. | It has the least coverage because of its black-box nature. | It has the most coverage as it uses historical traffic. |
It does not require a separate authentication hook setup. | It requires an authentication hook setup. | It may or may not require an authentication hook setup. |