Sure, Escape and Akita are quite different:
1) Escape is primarily for Security Engineers, Akita is more for developers
2) Escape discovers API with external scans, Akita discovers API by observing live traffic
3) Escape is a proactive security tool that finds issues before production, Akita is a monitoring tool that detects errors in live traffic
Hey there, so py-multiauth is a great project that we love, but it didn't get enough attention from the community for us to afford to maintain it outside of our main codebase.
Since then, we have completely revamped it to create py-multiauth v2 that supports basically all form of authentication as you can see in the docs https://docs.escape.tech/authentication/
py-multiauth v2 is not open source for now, but our eng team might be ok to open source it if there is interest from the community
The « Launch HN » posts, like this one, follow quite standard community guidelines that includes having a detailed description of how the product works to bring value to technical people from the HN community.
Of course, for investors, we would have written things differently, but we are not looking to raise money at the moment.
Hello, although we know HN's rules, some of our users don't. They just tried to help without telling us.
I guess we can be proud that they are our users and wanted to help. There was no intent to break HN's rules. We apologize for that happening, and we have told them about the rules so it doesn't happen again.
Hello motoxpro, the pricing page is accessible inside the product during the free trial.
Although, by nature, the security market is mostly enterprise, we do have plans for startups and SMB as well. Happy to have your feedback on our pricing btw, always something hard to get right.
Hello btown, you are indeed raising legitimate questions here.
You are right in the sense that using automated security testing tools in production creates a risk. But there are workarounds:
1) Most of Escape's security scans happen on staging or pre-prod environments, where there is little risk of breaking something critical or finding real customer data.
2) We have designed a specific scan mode for production APIs, that is made with safety in mind. It will not attempt the riskiest attack scenarios and, thus will be safe for production use at the cost of scanning depth.
You can chose a scan mode when adding a new application for testing in Escape. So far, most of our users use both modes, one for the production environment and one for the development environment, to spot bugs early.
No user ever had problems with the production scanning mode.
By the way, the core algorithm powering Escape is more a graph traversal algorithm than LLMs. We do use a small, self-hosted LLM for specific inference tasks, but everything is made in-house, and we don't use OpenAI or any other inference API.
Thank you, yes, we originally supported GraphQL only and released REST scanning support a few months ago. We plan to support all types of APIs ultimately.
Hello, we limited the registration to personal email because too many people were trying to scan APIs that didn't belong to them.
Mind you that you can also use your personal GitHub account to register because we noticed people are way less likely to do risky stuff with their Github account than with a personal email :)
I agree that there is a lot of room for improvement. We are a small team and we had to start somewhere to have feedback from the community and improve accordingly :)
Thanks for the great ideas, I share your opinion on those
This is an experimental research we did mostly because we thought it was cool and new.
There are limitations indeed, though if you compare similar APIs with similar business intent, their structure should also have similarity, unlike your example.
For the popularity metrics, I will take a look - I admit we can do better :)
I agree with your point, yet we thought the data we gathered could be interesting, for instance we observe that ~60% of routes have human readable comments, but less than 10% have actual examples.
Hope that makes it more clear!