Pynt (www.pynt.io) recently launched a free tool within Postman (and Newman CLI) which generates automated API security tests based on your existing functional test collection. Simply input your functional test collection name into the Pynt collection, and run it in your workspace.
Pynt’s dynamic API security testing covers all the OWASP API Top 10 (OWASP API Security Project | OWASP Foundation), retrieving results about your overall API security in just a few minutes.
Pynt also provides a vulnerable app example called ‘goat’ that you can use as a reference.
Pynt looks good, but my question would be… What security risks are involved in utilising a black-box docker image on web apps that require the user to authenticate with Oauth?
Is there documentation that discusses how it works / what tests are run / how data is handled etc?
I think if we were to consider using this tool our info-sec team would have some questions.
Pynt (www.pynt.io) recently launched a free tool within Postman (and Newman CLI) which generates automated API security tests based on your existing functional test collection. Simply input your functional test collection name into the Pynt collection, and run it in your workspace.
Pynt’s dynamic API security testing covers all the OWASP API Top 10 (OWASP API Security Project | OWASP Foundation), retrieving results about your overall API security in just a few minutes.
Pynt also provides a vulnerable app example called ‘goat’ that you can use as a reference.
Try it now: Postman