Postman and EthicalCheck integration enable fully automated and free security testing of APIs.

How to get started

1. Go to the https://EthicalCheck.dev

2. Postman Collection: Submit your Postman Collection URL and email in the input fields and click the scan button on the EthicalCheck home page.

3. Scan: Once your request is submitted. The engine first creates a map of all your API endpoints, automatically writes security tests covering the OWASP API #2, and then runs the scan.

4. Report: You'll receive an enterprise-grade App/API penetration test report. The test report meets SOC 2 and other compliance requirements.

5. Vulnerabilities: The test report includes all the tested endpoints, OWASP categories, exceptions, and vulnerabilities. Vulnerabilities are automatically triaged for you, which means every vulnerability will have a severity, CVSS score, endpoint information, OWASP tag, etc., saving you time and resources.

Getting started with a sample Postman Collection:

If you want to learn and try this out using a sample Postman Collection, check our sample API on the https://ethicalcheck.dev home page.
This sample API is a banking API with features like accounts, transactions, and more. It's an excellent API to learn how to detect authentication and authorization bugs.