Overview
Escape is an API security testing platform that automatically discovers and tests REST, GraphQL, and gRPC APIs for security vulnerabilities. The Pwnbook integration pulls Escape scan results into your unified findings view so API security issues are tracked alongside code, cloud, and endpoint findings.Prerequisites
- An Escape account
- Admin or Owner access in Pwnbook
Credentials required
| Field | Description |
|---|---|
| API Key | API key from the Escape dashboard → Settings → API Keys |
Setup
Get your Escape API key
- In the Escape dashboard, go to Settings → API Keys.
- Click Create API key.
- Give it a name like “Pwnbook” and copy the key.
What gets synced
| Data | Description |
|---|---|
| API vulnerabilities | Security issues found during scans (OWASP API Top 10 and beyond) |
| Severity | Critical, high, medium, low, and informational |
| Affected endpoint | The specific API path and HTTP method where the issue was found |
| Scan history | Results from each scan run, with timestamps |
| Remediation guidance | Step-by-step fix instructions for each finding type |
| CVSS score | Where applicable |
Issue categories
Escape covers a broad range of API security issues, including:- Authentication and authorization flaws
- Injection vulnerabilities (SQLi, NoSQLi, command injection)
- Excessive data exposure
- Rate limiting and resource exhaustion
- Security misconfigurations
- GraphQL-specific issues (introspection, batch attacks, deep queries)
Viewing findings in Pwnbook
Escape findings appear under Security Findings → Escape. You can:- Filter by severity and endpoint
- View request/response pairs showing the vulnerability
- Copy remediation steps directly from the finding detail
- Assign findings to tasks
Disconnecting
- Go to Organization Settings → Marketplace → Escape.
- Click Disconnect.
- Confirm.