Yes we all agrees on this point that APIs are everywhere, but APIs security is lacking.
For the software industry, API security became no 1 security problem!
But there are no cyber security people to handle all those issues…
So, why we as developers and testers we do not test our code for security and leave the job to the security people?
“Security doesn’t understand what I do.”
“Nobody ever showed me how to do security.”
“I don’t know why we put so much effort and time into security.”
“The security process is difficult or undefined.”
“Security people change their minds all the time.”
“Security is a silo and acts as a gatekeeper.”
“Security gives us busy work.”
I recently found out about a tool, called “Pynt” which handles all those pains, and it operates from Postman:
It’s a free community version, which automates the API security tests for the top 10 security categories. After a few minutes, you can have security covered for your APIs in your own environment, effortlessly.
They also offer a free digital badges program and there is a slack community you can join.
So, if such a tool exists, why not leave the excuses aside, enhance your skillset with security testing and take ownership of your API deliveries?
You can try it out at: www.pynt.io
‘A Pynt a day keeps the bad guys away’ ;-)