API Security Testing
Security testing is its own area of specialization. It is probably worth an entire book all on its own. I’m not a security testing expert, but I think that every tester should at least have a basic understanding of this important topic. If possible, you should engage with security experts, since security breaches present one of the biggest risks to an API, but even if you do have access to them, there are some things you can do to at least establish a minimum bar for security in your application.
Perhaps you just want to do a sanity check before you have the security testing team look at your API. Perhaps you don’t have access to security testing professionals. Whatever the case may be, in this chapter, I will help you get started with security testing. In doing so, I will discuss the following topics:
- The OWASP API Security list
- Fuzz testing with Postman
