API Security Checking below Enterprise Level

The Postman Intergalactic webinar of 1/25/23 indicated that anyone can use the Security API Check, even the free license. You just can’t add custom rules unless you have an Enterprise license.

However, the Rules tab does not even display for the free license, so it seems this is not the case. We have submitted a budget request for the Basic License, but it seems that most Security functionality is for the Enterprise level only.

The webinar provided this blog post link with instructions for free license users. It requires use of a third-party tool which I will have to research and make a case to have it whitelisted to install:
OWASP ZAP. API Security Testing With Postman and OWASP Zap – The Test Therapist

So, in reality Postman does not provide API Security Testing to free accounts, without a third-party tool which involves taking additional security risks. I don’t know if it is even provided for Basic Accounts. This should be made more clear.

As far as I get it, in this example Postman is only used to add the API endpoints (based on the requests from collection) to OWASP ZAP and then the actual security testing/scanning is done by ZAP.