I am trying to scan our internal site's REST APIs using WebInspect. As the site does not yet follow the Open API Standards or use the Swagger tool, it does not have a .json file that contains the API definitions.
In WebInspect's document, it mentioned something about creating a configuration file for the WISwag.exe tool to parse and it can generate an output file for WebInspect. The configuration file looks something similar to this
{
host: 'localhost:443',
schemes: ['https'],
excludeHTTPMethods: ['DELETE'],
preferredContentType: 'application/json'
}
However, I do not know the exact steps on how to write the file, etc. Does anyone have experience in this?