Structure, govern, and collaborate at scale with Postman Organizations
Postman recently rolled out Organizations, a new set of features designed to allow Enterprise plan customers to set up multiple Teams under…
Security Training Doesn’t Have to Suck
We’ve all spent way too many years falling asleep to sitting through boring videos seemingly made in the 1900s–that you can’t speed…
Wiz Zero Critical Club!
Postman has joined Wiz’s Zero Critical Club, “a prestigious group of Wiz customers who have achieved the extraordinary feat of having zero…
Root Cause Analysis: Shai-Hulud 2.0
Postman Security knows that trust begins with transparency. So we are following up (as promised!) on the Shai Halud attack we first…
Shai-Hulud 2.0 npm supply-chain attack
Update: our RCA has been posted here. Postman has discovered unusual activity in our NPM org relating to the ongoing “Shai-Hulud 2.0…
Postman Security: Playing Chess, Because Every Move Matters
In today’s rapidly evolving API landscape, security isn’t a box to check; it’s a dynamic, evolving strategy. At Postman, we’re not just…
Postman (Free) is secure by design
Update: Postman plans are changing in early 2026. For the latest information, visit our pricing page. As Postman’s Head of Security, I…
Postman Security Update: Fixing a URL Exposure Risk in ‘Related Requests’
At Postman, security is a continuous, proactive process. As we recently wrote about, we build, test, and strengthen our platform daily to…
Postman’s handling of secrets
A recent look at Postman’s secret and environment variable logging is an important conversation to have with our community and one that…