Skip to main content
Escape

Overview

Escape is an API security testing platform that automatically discovers and tests REST, GraphQL, and gRPC APIs for security vulnerabilities. The Pwnbook integration pulls Escape scan results into your unified findings view so API security issues are tracked alongside code, cloud, and endpoint findings.

Prerequisites

  • An Escape account
  • Admin or Owner access in Pwnbook

Credentials required

FieldDescription
API KeyAPI key from the Escape dashboard → Settings → API Keys

Setup

1

Get your Escape API key

  1. In the Escape dashboard, go to Settings → API Keys.
  2. Click Create API key.
  3. Give it a name like “Pwnbook” and copy the key.
2

Configure in Pwnbook

  1. Go to Organization Settings → Marketplace → Escape.
  2. Paste your API Key.
  3. Click Save & Test — Pwnbook verifies access by listing your Escape applications.

What gets synced

DataDescription
API vulnerabilitiesSecurity issues found during scans (OWASP API Top 10 and beyond)
SeverityCritical, high, medium, low, and informational
Affected endpointThe specific API path and HTTP method where the issue was found
Scan historyResults from each scan run, with timestamps
Remediation guidanceStep-by-step fix instructions for each finding type
CVSS scoreWhere applicable

Issue categories

Escape covers a broad range of API security issues, including:
  • Authentication and authorization flaws
  • Injection vulnerabilities (SQLi, NoSQLi, command injection)
  • Excessive data exposure
  • Rate limiting and resource exhaustion
  • Security misconfigurations
  • GraphQL-specific issues (introspection, batch attacks, deep queries)

Viewing findings in Pwnbook

Escape findings appear under Security Findings → Escape. You can:
  • Filter by severity and endpoint
  • View request/response pairs showing the vulnerability
  • Copy remediation steps directly from the finding detail
  • Assign findings to tasks

Disconnecting

  1. Go to Organization Settings → Marketplace → Escape.
  2. Click Disconnect.
  3. Confirm.