Live Demo: Bolt, MCP Audit & Automated API Testing | Jesse Freeman & Dan Barahona

In this intermission session from APISECCON 2026, APISEC Product Implementation Engineer Jesse Freeman demos the full suite of tools the APISEC team has been building — live and unscripted. First up is Web Bolt, APISEC's free browser extension (available on Chrome and Firefox). Jesse shows how it captures API traffic directly from your browser without a proxy setup, organizes endpoints, and flags potential BOLA targets — then demonstrates the Manipulator tool, which lets you modify parameters and replay requests right in the browser. Think lightweight Burp Suite with one click, no proxy configuration required. Next is MCP Audit, APISEC's open-source tool for scanning GitHub repositories to discover which MCP servers your developers are already using — and whether any of them carry risk flags like file system access, shell access, or database access. This is the tool that answers the #1 question security teams are asking right now: "What MCPs are we actually running?" Jesse then previews Code Bolt, a CLI tool that analyzes your code repositories (currently supporting Python and Java frameworks including Spring Boot, FastAPI, and others) and auto-generates OpenAPI specifications from them — enabling you to onboard previously undiscovered endpoints directly into APISEC for testing. The session closes with a walkthrough of the APISEC automated testing platform itself: how it builds an app model from your OAS, infers sensitive parameters, configures auth flows, and runs comprehensive attack scenarios covering unauthenticated access, BOLA, rate limiting, role-based access control, and more. 🔗 Try the tools: Browser Bolt (Chrome): https://chromewebstore.google.com/det... Browser Bolt (Firefox): https://addons.mozilla.org/en-US/fire... MCP Audit (open source): https://apisec-inc.github.io/mcp-audit/ APISEC platform (free tier): https://apisec.ai #APISecurity #APISEC #BrowserExtension #MCP #APITesting #DAST #APISECCON