The latest articles on DEV Community by Shashank Gudipati (@shashank90). https://dev.to/shashank90 https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F826778%2Fb27432a5-1361-42db-a1fe-a048988a5106.png https://dev.to/shashank90 en Shashank Gudipati Wed, 09 Mar 2022 10:26:00 +0000 https://dev.to/shashank90/another-api-test-automation-tool-58ne https://dev.to/shashank90/another-api-test-automation-tool-58ne <p>As I was writing APIs one day at work, I realized that I wasn't too sure whether those APIs were secure. So I started looking for simple GUI tools that can be used by teams to evaluate their API security posture.</p> <p>And in this process I found 3 categories of tools:</p> <ol> <li><p>Penetration-as-a-service vendors<br><br> I wasn't too keen on black-box testing techniques as they come late into the development life-cycle and don't offer much transparency with respect to tests</p></li> <li><p>Open-source API fuzzers<br><br> There are quiet a few robust tools out there. But again these require some time and effort to setup and get going.</p></li> <li><p>Paid tools<br><br> Again I could find a bunch of platforms that run 100s of tests but were expensive.</p></li> </ol> <p>And so I set forth to writing one by myself. As part of my research, I found out that OpenAPI specification is a good starting point at describing APIs since it's an industry standard and that lot of tooling is available around it.</p> <p>Also took the same approach as the other paid and free/open-source tools to finding API security flaws.</p> <p>However, I have attempted the following: </p> <ol> <li>To keep the UI simple (easy to navigate)</li> <li>Maintain OpenAPI Spec validation errors at a minimal so that developers can quickly get documentation out of their way</li> </ol> <p>Finding Schema validation errors is simple: </p> <ol> <li>Upload a spec or Postman Collection or start with a <code>petstore</code> template</li> <li>Fix validation errors and get to a RUN_API status</li> <li>Go the Run Tab, select API Endpoint URL and hit Run to find schema validation errors</li> </ol> <p>Although it's still work in progress, would love for you guys to check it out and share feedback.</p> <p>For more information, do check out: <a href="https://cymitra.com">https://cymitra.com</a> or head directly to <a href="https://apihome.io">https://apihome.io</a></p> <p>Thank you</p> security api testing openapi Shashank Gudipati Mon, 07 Mar 2022 12:14:50 +0000 https://dev.to/shashank90/a-simple-api-automation-platform-m61 https://dev.to/shashank90/a-simple-api-automation-platform-m61 <p>ApiHome is a Simple Test Automation platform.</p> <p>We realize that the best way to sanitize API input/output is by describing the API using OpenAPI documentation.</p> <p>How does it work? <br> Upload a spec -&gt; Fix validation errors -&gt; Run API Tests</p> <p>Why ApiHome?</p> <p>We understand that developers like to get documentation out of their way. So in case you don't have a spec already, feel free to use the default template or a Postman collection to get started</p> <p>We have also ensured that Spec validation errors are to the point so developers can quickly fix them &amp; run tests</p> <p>Use-cases: </p> <ol> <li>API Inventory</li> <li>Business-logic testing(corner-cases)</li> <li>Security testing</li> </ol> <p>For more information: Visit <a href="https://cymitra.com/">https://cymitra.com</a></p> <h1> openapi #api #automation #testing </h1> api testing automation webdev