DEV Community

Cover image for Postman Collection Security Test in Minutes for Free
Intesar Mohammed
Intesar Mohammed

Posted on

Postman Collection Security Test in Minutes for Free

Postman and EthicalCheck integration enable fully automated and free security testing of APIs.

How to get started

  1. Go to the https://EthicalCheck.dev

  2. Postman Collection: Submit your Postman Collection URL and email in the input fields and click the scan button on the EthicalCheck home page.

  3. Scan: Once your request is submitted. The engine first creates a map of all your API endpoints, automatically writes security tests covering the OWASP API #2, and then runs the scan.

  4. Report: You'll receive an enterprise-grade App/API penetration test report. The test report meets SOC 2 and other compliance requirements.

  5. Vulnerabilities: The test report includes all the tested endpoints, OWASP categories, exceptions, and vulnerabilities. Vulnerabilities are automatically triaged for you, which means every vulnerability will have a severity, CVSS score, endpoint information, OWASP tag, etc., saving you time and resources.

Getting started with a sample Postman Collection:

If you want to learn and try this out using a sample Postman Collection, check our sample API on the https://ethicalcheck.dev home page.
This sample API is a banking API with features like accounts, transactions, and more. It's an excellent API to learn how to detect authentication and authorization bugs.

Top comments (0)