API Security Tester

API Security Tester Mascot

The Problem

Security testing is a cornerstone of API Lifecycle Management. Yet, traditional security testing technologies are struggling to adapt to the design and architectural characteristics of APIs. The result? Most API development teams are waiting days or weeks for results, perform their security testing manually, or perform no security testing at all.

The Solution

With this workspace and its Collections, we seek to drastically improve this reality for the Postman community. Here you will find Collections allowing for the fast, automated and accurate testing of your APIs throughout the Postman lifecycle using WhiteHat Security's Intelligence Directed DAST (IDD). Not only will you be testing for vulnerabilities as you build and test your APIs locally using Postman IDE, you will also be empowered to automate API security testing within your CI/CD via our integration with Newman.

The Difference

So how does IDD accomplish this while not disrupting your continuous innovation?

It's Fast! - IDD scan times are measured in minutes, not hours or days. This enables security testing to be part of the CI/CD pipeline and deliver real time vulnerability findings.
It's Accurate! - Focus on accuracy is incredibly important in todays DevOps world. False positives are as important as false negatives as noise in scan results can slow down the entire process. That’s why "Evidence" is included with IDD's vulnerability results.
It's Easy! - No need to spend days with documentation or a product workshop. IDD is easy to use with no dependencies and minimal configuration. It also includes intelligence that automatically handles common challenges such as logins and complex session state.

Our People

While technically we're supposed to say "we are the 'Innovation Team' within WhiteHat Security", in reality, we're consumers of APIs on a daily basis, whether we know it or not... just like you. We are a diverse team of folks that have come together with the mission of playing a small yet important role of enabling the secure development of APIs so that we, as people, can have confidence in the security and privacy of our information as we continue to expand our personal consumption of APIs.

Related Projects

newman-reporter-har - free and open source software that integrates with Newman to generate HTTP Archive (HAR) reports from the execution of Collections. We developed and released this reporter to the Postman community as a part of our work on API Security Tester.

Reporting Issues

You can report any and all issues you encounter using Issues on GitHub.

Upcoming Events

POSTMAN HACKATHON: MON, JAN 25

We are pleased to announce the API Security Tester has been submitted to the Postman Hackathon as of January 25th.

POSTMAN GALAXY: THURS, FEB 4 10:30AM–10:45AM PST

We are pleased to announce that Eric Sheridan, Chief Scientist at WhiteHat Security, will be speaking at the upcoming "Postman Galaxy" conference. We will be delivering a presentation titled "Partner Talk: Integrating API Security Testing into Postman Lifecycle" wherein we will demonstrate API Security Testing from within Postman IDE and Newman. Register now and come join our talk.

Built With

appsec
docker
go
javascript
newman
postman
security

Submitted to

The Postman API Hack
- Winner Moonshot Prize, Honorable Mention
- Winner Blastoff Prize (all participants with an eligible submission)

Created by

Here you will find Workspaces and Collections allowing for the fast, automated and accurate testing of your APIs throughout the Postman lifecycle using WhiteHat Security's Intelligence Directed DAST (IDD).

Eric Sheridan
Ray Kelly
joseph feiman
carloshungwhs
livetinydienever

Updates

Eric Sheridan started this project — Jan 25, 2021 04:17 PM EST

Leave feedback in the comments!

Log in or sign up for Devpost to join the conversation.