User Manual - COS301-SE-2025/API-Threat-Assessment-Tool GitHub Wiki

AT-AT User Manual

Welcome to the AT-AT User Manual. This guide will walk you through the core features and interface of AT-AT, a platform designed to assess, monitor, and improve the security of your APIs based on OWASP standards. The images are all in dark mode, as that’s what we designed the website around.

1. Landing Page (Marketing View)

Landing Page

This is the public-facing page. It includes:

  • A summary of what AT-AT does
  • A CTA to Join Beta Program
  • Visual stats on APIs scanned, last scan, and vulnerabilities
  • Quick access to Learn More

Ideal for newcomers wanting to understand the platform.

2. Authentication

2.1 Login

Login

Existing users can log in using:

  • Email or username
  • Password

Additional options:

  • Forgot Password
  • Switch to Light/Dark mode

2.2 Sign Up

Sign Up

New users can create an account by:

  • Signing in with Google
  • Filling out: First Name, Last Name, Email, Username, Password

3. Home Dashboard

Home

After logging in, users are greeted by:

  • Welcome message
  • Buttons to Start Security Scan and View Reports
  • Summary of API scanning mission and branding

4. Dashboard View

Dashboard

The Dashboard provides:

  • Quick stats: Total APIs, Scans This Month, Security Score, Critical Alerts
  • Call-to-action buttons for Start New Scan and View Reports
  • Access to quick scan configuration

5. Scanning in Progress

Scan In Progress

During an active scan:

  • Users see current phase (e.g., Authentication Testing)
  • Real-time logs
  • Vulnerabilities found with severity indicators
  • Progress bar and scan metadata

6. Scan Report

Scan Report

After a scan is complete:

  • Users see the Overall Security Score
  • Test profile and scan metadata
  • Summary and categorization of issues
  • Expandable Detailed Findings

7. API Management

API Management

From here, users can:

  • Add a new API manually
  • Import API specs
  • Access centralized API operations

8. API Endpoint Overview

API Endpoints

Displays all APIs with:

  • URL and description
  • Scan count, last scanned date
  • Options to Scan, Edit, Delete, and View Endpoints

9. Endpoint Details

Endpoint Details

Upon clicking Endpoints, users can:

  • View all paths and methods for an API
  • Inspect path summaries
  • Access advanced tag operations

10. Tagging Interface

Endpoint Tags

Features include:

  • Add/Remove/Replace tags on endpoints
  • View endpoint metadata
  • View details of each operation
  • Frontend-based tagging with buttons

11. Public Templates

Public Templates

Browse pre-defined security scan templates:

  • Shows total templates, new this month, and usage stats
  • Each template can be reused for faster scans

12. Account Settings

Account Settings

Manage account configurations:

  • Security preferences
  • Notification settings
  • Profile data

Conclusion

AT-AT combines advanced vulnerability scanning with a user-friendly interface. With customizable tagging, real-time logs, and detailed reporting, teams can quickly identify, prioritize, and mitigate API security issues.