Astra continuously enhances its API and Web Security Scanners to provide efficient, targeted security assessments. One of the key capabilities of our platform is change detection—identifying newly added or modified endpoints in your application. This allows us to perform incremental scans (delta scans) that focus only on the parts of your application that have changed, optimizing performance and reducing scan times.

How Change Detection Works

For API Targets

Our API Scanner captures real-time traces of API traffic using lightweight instrumentation. These traces help Astra detect changes in your application’s API surface near real-time. The updated endpoints are reflected on your API Inventory page, and our delta scan feature ensures only these new or modified endpoints are re-scanned.

Planning to scale your observability? Our API Security Platform supports integration with OpenTelemetry (OTel) to ingest traces from your infrastructure, enabling advanced, real-time change detection without additional instrumentation.

For Web Targets

In the case of Web Scanners, you can schedule periodic crawls of your application to detect changes in the HTTP endpoints.

These changes are then shown in your Web Inventory, and our delta scan will focus only on the modified areas, keeping the security checks relevant and lightweight.

What Constitutes a Change?

A "change" could indicate new functionality, altered behavior, or potential attack surfaces. We consider the following as significant changes:

New Endpoints: Introduction of new routes like /export-data or /v2/user/settings that may include sensitive or admin-level operations.
New Input Parameters: Addition of parameters in query strings (?debug=true), JSON bodies ({"admin": true}), form fields, or request headers (X-Feature-Flag: enabled) that influence behavior or security.
Data Type Changes: Modifications in the data format or structure of input parameters (e.g., user_id changing from an integer to a string) that may bypass validation logic or introduce injection points.

Manually Marking an Endpoint as Changed

If an endpoint change isn’t automatically detected, you can manually mark it for re-evaluation. This ensures it will be included in the next incremental scan.

To mark an endpoint as changed:

Go to the API Endpoints page in your Astra dashboard.
Search for the endpoint that you know has changed.
Click on the three-dot menu next to the endpoint.
Select “Mark as changed” from the dropdown.

Once marked, the endpoint will be treated as modified and will be re-scanned during the next security assessment.