/jun 28, 2024

Introducing Postman Collection Support for API Security Testing

By Jenny Buckingham

In today's digital landscape, Application Programming Interfaces (APIs) play an important role in driving innovation. They allow you to integrate new applications with existing systems, reuse code and deliver software more efficiently. But, APIs are also prime targets for hackers due to their public availability and the large amounts of web data they transmit.

API vulnerabilities can lead to unauthorized access, data breaches, and various other forms of attacks. Regular security testing helps you identify and address security weaknesses, protect sensitive information, and ensure the integrity of systems.

Conducting security tests throughout the software development lifecycle helps catch issues before they reach production. Running dynamic application security testing to examine API endpoints both in isolation and in their integration together helps you deliver more secure APIs. 

Introducing Postman Collection Support

Veracode is excited to introduce Postman Collection Support, a new feature that expands the capabilities of Veracode Dynamic Analysis to include testing for business logic flaws in your Postman Collections. 

With Veracode, you can test the security of your API business processes, including workflows that simulate real user interactions. This ensures that the necessary API calls happen in the correct order and data transfers appropriately from one call to the next. 

Veracode Dynamic Analysis not only examines API endpoints in isolation but also in their integration together to ensure your business logic is developed securely, helping you deliver more secure APIs.

How to Get Started

To scan your Postman Collections, upload your file as an API specification within Veracode Dynamic Analysis. Veracode supports API specification file types of OpenAPI 3.0 and 2.0 (yaml, json), HTTP Archive (har), and Postman Collection 2.1 (yaml, json). The upload process may take a few seconds, depending on the file size.

Once your file is fully uploaded and the scan is complete, a report is generated, providing you with a prioritized overview of the discovered vulnerabilities, their respective severity levels, along with actionable guidance on how to address them. Check out our help center for more getting started information. 

User Interface

Build Fast. Build Secure.

Veracode, a leading provider of Dynamic Application Security Testing (DAST) solutions, empowers organizations to build and scale secure software from code to cloud with speed and trust from a single platform.

With over a decade of experience and continuous advancements in our dynamic technology, our commitment to accuracy has resulted in a false positive rate of less than 5%. This allows you to focus on what matters without being overwhelmed by scan noise.

Veracode's enhanced API security testing capabilities make it easy for teams to test their Postman Collections and integrated workflows. Sign up for a free trial of Dynamic Analysis today to see firsthand how Veracode can help you enhance your API security, or schedule a demo with us to chat us.

Related Posts

By Jenny Buckingham

Jenny Buckingham is a Product Marketing Manager helping developers and security professionals secure their cloud-native application development. With a focus on understanding her customer’s needs, she helps companies leverage powerful solutions to overcome security challenges.