User Manual - COS301-SE-2025/API-Threat-Assessment-Tool GitHub Wiki
AT-AT User Manual
Welcome to the AT-AT User Manual. This guide will walk you through the core features and interface of AT-AT, a platform designed to assess, monitor, and improve the security of your APIs based on OWASP standards. The images are all in dark mode, as that’s what we designed the website around.
1. Landing Page (Marketing View)
This is the public-facing page. It includes:
- A summary of what AT-AT does
- A CTA to Join Beta Program
- Visual stats on APIs scanned, last scan, and vulnerabilities
- Quick access to Learn More
Ideal for newcomers wanting to understand the platform.
2. Authentication
2.1 Login
Existing users can log in using:
- Email or username
- Password
Additional options:
- Forgot Password
- Switch to Light/Dark mode
2.2 Sign Up
New users can create an account by:
- Signing in with Google
- Filling out: First Name, Last Name, Email, Username, Password
3. Home Dashboard
After logging in, users are greeted by:
- Welcome message
- Buttons to Start Security Scan and View Reports
- Summary of API scanning mission and branding
4. Dashboard View
The Dashboard provides:
- Quick stats: Total APIs, Scans This Month, Security Score, Critical Alerts
- Call-to-action buttons for Start New Scan and View Reports
- Access to quick scan configuration
5. Scanning in Progress
During an active scan:
- Users see current phase (e.g., Authentication Testing)
- Real-time logs
- Vulnerabilities found with severity indicators
- Progress bar and scan metadata
6. Scan Report
After a scan is complete:
- Users see the Overall Security Score
- Test profile and scan metadata
- Summary and categorization of issues
- Expandable Detailed Findings
7. API Management
From here, users can:
- Add a new API manually
- Import API specs
- Access centralized API operations
8. API Endpoint Overview
Displays all APIs with:
- URL and description
- Scan count, last scanned date
- Options to Scan, Edit, Delete, and View Endpoints
9. Endpoint Details
Upon clicking Endpoints, users can:
- View all paths and methods for an API
- Inspect path summaries
- Access advanced tag operations
10. Tagging Interface
Features include:
- Add/Remove/Replace tags on endpoints
- View endpoint metadata
- View details of each operation
- Frontend-based tagging with buttons
11. Public Templates
Browse pre-defined security scan templates:
- Shows total templates, new this month, and usage stats
- Each template can be reused for faster scans
12. Account Settings
Manage account configurations:
- Security preferences
- Notification settings
- Profile data
Conclusion
AT-AT combines advanced vulnerability scanning with a user-friendly interface. With customizable tagging, real-time logs, and detailed reporting, teams can quickly identify, prioritize, and mitigate API security issues.