Learn from experts and connect with global tech leaders at POST/CON 24. Register by March 26 to save 30%.

Learn more →
X

Leverage the power of Pynt’s dynamic API security testing with Postman

Avatar

This is a guest post written by Tzvika Shneider, co-founder and CEO at Pynt.

As any Postman user knows, APIs are becoming increasingly important to the operation of all applications and services. But this increase in profile has been accompanied by a serious rise in cyberattacks originating through APIs. In 2021 alone, attacks on APIs grew by 681% (alongside a 321% increase in overall API traffic) as APIs are being used more and more as attack vectors for data breaches, sensitive data leaks, fraud, privilege escalation attacks, and more. And many of these attacks were zero-day attacks as attackers targeted APIs that didn’t undergo security testing before release.

However, API security testing is often overlooked due to a lack of specialized security personnel (57% of organizations don’t have at least some necessary cybersecurity skills in their teams) on top of inadequate security knowledge and understanding amongst developers. In a survey carried out by GitHub, 70% of developers stated they don’t have security guidance.

The new Pynt integration is designed to fill this gap. It brings advanced dynamic API security testing to developers, ensuring that security vulnerabilities are discovered and fixed at the earliest possible stage in the development process.

Execute security tests alongside API testing

Recent incidents show that the only truly efficient way to test API security is through dynamic rather than static tests. Pynt dynamically tests APIs for runtime zero-day vulnerabilities that could be exploited once APIs are shipped to production.

Pynt’s integration allows Postman users to see actionable results from security tests in a format and platform that they are already familiar with. Developers can treat security vulnerabilities in the same way as they would address any other bugs found during testing—whenever it takes place in the development process.

Pynt’s advanced engine is based on a robust ML analysis module that processes the API traffic into a workable model. This model allows extraction of insights that automatically transform into relevant dynamic security tests, while providing a high rate of critical findings and near-zero false positives.

Using Pynt, developers can now test business logic issues without any configuration needed.

Pynt is now available with Postman and Newman CLI

Pynt has two integration options in Postman: through Postman or through the Newman CLI. Simply connect Pynt to your existing functional test collection, and Pynt will automatically generate dynamic security tests in your environment, retrieving results within a few minutes.

To learn how to secure your APIs in a few minutes, watch this video tutorial.

Pynt report example
Pynt report example

You can get started with our Pynt public workspace and fork the Pynt collection to your own workspace.

Pynt also provides an extended Docker version on Newman CLI, allowing you to run security tests as part of the CI/CD pipeline. Activate it by following the steps here.

What do you think about this topic? Tell us in a comment below.

Comment

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.

1 thought on “Leverage the power of Pynt’s dynamic API security testing with Postman

  • Avatar

    API Sec for developers is becoming more and more important. Pynt’s solution seems professional.
    What about the competition?