Pynt (www.pynt.io) recently launched a free tool within Postman (and Newman CLI) which generates automated API security tests based on your existing functional test collection. Simply input your functional test collection name into the Pynt collection, and run it in your workspace.
Pynt’s dynamic API security testing covers all the OWASP API Top 10 (OWASP API Security Project | OWASP Foundation), retrieving results about your overall API security in just a few minutes.
Pynt also provides a vulnerable app example called ‘goat’ that you can use as a reference.
Try it now: Postman