Postman and EthicalCheck integration enable fully automated and free security testing of APIs.
How to get started
Go to the https://EthicalCheck.dev
Postman Collection: Submit your Postman Collection URL and email in the input fields and click the scan button on the EthicalCheck home page.
Scan: Once your request is submitted. The engine first creates a map of all your API endpoints, automatically writes security tests covering the OWASP API #2, and then runs the scan.
Report: You'll receive an enterprise-grade App/API penetration test report. The test report meets SOC 2 and other compliance requirements.
Vulnerabilities: The test report includes all the tested endpoints, OWASP categories, exceptions, and vulnerabilities. Vulnerabilities are automatically triaged for you, which means every vulnerability will have a severity, CVSS score, endpoint information, OWASP tag, etc., saving you time and resources.
Getting started with a sample Postman Collection:
If you want to learn and try this out using a sample Postman Collection, check our sample API on the https://ethicalcheck.dev home page.
This sample API is a banking API with features like accounts, transactions, and more. It's an excellent API to learn how to detect authentication and authorization bugs.