Hey folks! Excited to share what we’ve been working on for the last couple months. Metlo is a self hosted, open source first API security platform that inventories, tests and protects your API endpoints:

- We inventory your endpoints by scanning API traffic and detecting all your endpoints along with the sensitive data they contain.

- We generate information your security team may find useful like Open API Specs and risk scores for each endpoint.

- After this we discover vulnerabilities like unauthenticated endpoints returning sensitive data or missing HSTS headers.

- Finally Metlo detects any anomalous behavior on sensitive endpoints in real time so you can detect 0-day attacks as they're happening.

We have a demo environment to play around with here http://demo.metlo.com/. Also, Here's a demo video if you would like a quick walk through of the product :) https://www.loom.com/share/349c9e5f267741e9a0fcd2dfd1f9956f