ASPM v1.4.1
As API security demands grow, centralized scan-asset management and end-to-end security lifecycle tracking become essential.
FPT AppSec introduces the DAST API Asset Management feature set — a solution that lets organizations:
- Centrally manage API Assets
- Track scan results
- Control issues
- Trigger rescans on demand
All on a single unified platform.
From adding API Sources, auto-triggering scans, and reviewing scan history to managing each issue in detail (severity, request/response, status change history), the system provides full tooling for runtime security risk control.
→ Helps standardize the API security operations process and optimize DevSecOps.
📦 RELEASED FEATURES
1. Add DAST API Asset
📝 Description
Add an API Source (from DAST Integration) to the asset list for scanning.
→ Automatically triggers the first scan after the asset is added.
⚙️ Features
- Add assets from the Asset List screen
- API Sources are grouped by Root Domain
- Supports:
- Expand / Collapse
- Select multiple API Sources
- Search by:
- API Source Name
- API Endpoint
- Automatically runs a scan after adding
📊 Capacity
- Manage many API Sources per domain
- Limit:
- 30 concurrent API Source scans per Team
⚡ Performance
- Fast loading, realtime search
- Instant scan triggering
2. View DAST Asset List
📝 Description
View and manage the DAST API Asset list scoped to a Team/Organization.
⚙️ Features
-
Displays:
- Asset Name
- API Source
- Status (Active / Inactive)
- Scan status + timestamp
- Issue count by severity
-
Supports:
- Search / Filter
- Sorting
- Rescan
- Delete
-
Empty state when there is no data
📊 Capacity
- Supports a large number of assets
- Permissioned by Organization/Team
⚡ Performance
- Smooth UI on large datasets
- Fast search / filter
3. Delete DAST API Asset
📝 Description
Lets the Org Admin delete an asset.
⚙️ Features
- Delete from the (⋮) menu
- Type "delete" to confirm
- Toast message on success
📊 Capacity
- Delete each asset independently
⚡ Performance
- Realtime UI update after deletion
4. View DAST Asset Added History
📝 Description
Review asset add/delete history for auditing.
⚙️ Features
-
Grouped by date
-
Today label
-
Filter by time
-
Displays:
- API Endpoint
- API Source Name
- Added / deleted by
- Timestamp
📊 Capacity
- Full history retention
⚡ Performance
- Fast loading, clear grouping
5. View Asset Detail – Overview
📝 Description
Shows the security overview of an asset.
⚙️ Features
- Asset information
- Added by + timestamp
- Most recent scan result
- Issue count by severity
- 7-day scan chart
- Last 3 scans
📊 Capacity
- Stores scan history per asset
⚡ Performance
- Fast render, no impact on running scans
6. View Asset Detail – History
📝 Description
Track the scan history for an asset.
⚙️ Features
-
Sort: newest → oldest
-
Grouped by date
-
Displays:
- Scan Status
- Scan Name
- Scanned by (User / CI/CD)
- Time, Duration
- Issue count
-
Success → link
-
Failed → failure reason
📊 Capacity
- Stores many scan sessions
⚡ Performance
- Fast retrieval
7. View Asset Detail – Issue Management
📝 Description
Manage all issues for an asset.
⚙️ Features
Issue List
- Severity + Score
- Name + Description
- Status:
- Open
- Ignored (False Positive / Acceptable Risk / Other)
- Location, Method, Response Code
Search & Filter
- Search:
- Name / Description
- Filter:
- Severity
- Status
- Category
- Sort:
- Score (desc)
Issue Detail Popup
- Severity, Status, Scan time
- Description & Remediation
- References (URL, CWE Top 25)
- Activity log
- Request / Response
- Copy cURL / Response
- Note on status change
📊 Capacity
- Supports large issue datasets
⚡ Performance
- Fast search/filter, smooth UI
8. Rescan DAST API Asset
📝 Description
Re-scan an asset on demand.
⚙️ Features
- Rescan from:
- Asset List
- Asset Detail
- Same mechanism as other scan types
📊 Capacity
- Multiple scan sessions per asset
⚡ Performance
- Independent rescans
- No impact on other assets