Getting Started With EthicalCheck

How does EthicalCheck work?

EthicalCheck functions in the following simple steps.

Security Testing

Provide your OpenAPI specification or start with a public Postman collection URL. EthicalCheck instantly introspects your API and creates a map of API endpoints for security testing.

It then automatically creates hundreds of security tests that are non-intrusive to comprehensively and completely test for authentication, authorizations, and OWASP bugs in your API. The tests address the OWASP API Security categories including OAuth 2.0, JWT, Rate Limit etc.


EthicalCheck generates a security test report that includes all the tested endpoints, coverage graph, exceptions, and vulnerabilities. Vulnerabilities are fully triaged, it contains CVSS score, severity, endpoint information, and OWASP tagging.


OpenAPI/Postman URL(Required):The OpenAPI Specification URL or Swagger Path or Public Postman collection URL.

Token/Header(Required): The authorization request header for your application.

  • Sample Basic Auth: Authorization: Basic AXVubzpwQDU1dzByYM==
  • Sample Bearer Token: Authorization: Bearer <token>
Email (Required):The email address to which the penetration test report will be sent.
License Key(Required)The valid license key shared at the time of purchase.