performing-api-security-testing-with-postman

Featured

Uses Postman to perform structured API security testing by building collections that test for OWASP API Security Top 10 vulnerabilities including authentication bypass, authorization flaws, injection, and data exposure. The tester creates environments with multiple user roles, writes test scripts for automated security validation, and integrates Postman with OWASP ZAP and Newman for CI/CD security testing. Activates for requests involving Postman security testing, API security collection, automated API testing, or OWASP API testing with Postman.

API & Backend 13,115 stars 1533 forks Updated today Apache-2.0

Install

View on GitHub

Quality Score: 99/100

Stars 20%
100
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# Performing API Security Testing with Postman ## When to Use - Building repeatable API security test suites for OWASP API Security Top 10 coverage - Creating automated security regression tests that run in CI/CD pipelines via Newman - Testing API authentication and authorization across multiple user roles systematically - Integrating Postman with OWASP ZAP proxy for combined manual and automated security testing - Establishing a baseline security test collection for new API endpoints before deployment **Do not use** against production APIs without authorization. Postman security testing involves sending potentially malicious payloads. ## Prerequisites - Postman Desktop or web application with an active workspace - Target API with OpenAPI/Swagger specification for collection import - Test accounts for at least three roles: unauthenticated, regular user, admin - Newman CLI installed for CI/CD integration: `npm install -g newman` - OWASP ZAP configured as local proxy (localhost:8080) for Postman proxy integration - API environment variables for base URL, tokens, and test data ## Workflow ### Step 1: Environment and Collection Setup Create Postman environments for multi-role testing: ```json // Environment: API Security Test - Regular User { "values": [ {"key": "base_url", "value": "https://target-api.example.com/api/v1"}, {"key": "auth_token", "value": ""}, {"key": "user_email", "value": "regular@test.com"}, {"key": "user_password", ...

Details

Author
mukul975
Repository
mukul975/Anthropic-Cybersecurity-Skills
Created
3 months ago
Last Updated
today
Language
Python
License
Apache-2.0

Integrates with

npm · DevTools

Similar Skills

Semantically similar based on skill content — not just same category

Testing & QA Listed

postman-api-testing

API testing skill using Postman and Newman, covering collections, environments, pre-request scripts, test scripts, and CI/CD integration with Newman.

3 Updated today
KaliBellion
API & Backend Featured

conducting-api-security-testing

Conducts security testing of REST, GraphQL, and gRPC APIs to identify vulnerabilities in authentication, authorization, rate limiting, input validation, and business logic. The tester uses the OWASP API Security Top 10 as the testing framework, combining Burp Suite interception with Postman collections and custom scripts to test endpoint security at every privilege level. Activates for requests involving API security testing, REST API pentest, GraphQL security assessment, or API vulnerability testing.

13,115 Updated today
mukul975
Testing & QA Featured

testing-api-security-with-owasp-top-10

Systematically assessing REST and GraphQL API endpoints against the OWASP API Security Top 10 risks using automated and manual testing techniques.

13,115 Updated today
mukul975
AI & Automation Listed

api-security-testing

Security testing checklist for HTTP APIs—authn/z, input validation, rate limits, sensitive data exposure, and common OWASP API issues. Use when reviewing or testing REST/GraphQL endpoints before release.

15 Updated 2 days ago
charlieviettq
Testing & QA Featured

api-security-testing

API security testing workflow for REST and GraphQL APIs covering authentication, authorization, rate limiting, input validation, and security best practices.

39,350 Updated today
sickn33