1 comment

[ 3.6 ms ] story [ 11.1 ms ] thread
As I was writing APIs one day at work, I realized that I wasn't too sure whether those APIs were well covered(in terms of test-cases). So I started looking for simple GUI tools that can be used by teams to evaluate their APIs

And in this process I found 3 categories of tools:

    1. Penetration-as-a-service vendors
    I wasn't too keen on black-box testing techniques as they come late into the development life-cycle and don't offer much transparency with respect to tests

    2. Open-source API fuzzers
    There are quiet a few robust tools out there. But again these require some time and effort to setup and get going.

    3. Paid tools
    I found a bunch of platforms that run 100s of tests but were expensive.
So I set forth to writing one myself. And as part of my research found out that OpenAPI specification is a good starting point at describing APIs since it's an industry standard and that lot of tooling is available around it.

I took the same approach as the other paid and free/open-source tools to finding API flaws.

However, I have attempted the following:

    1. To keep the UI simple (easy to navigate)
    2. Maintain OpenAPI Spec validation errors at a minimal so that developers can quickly get documentation out of their way
Hopefully with this attempt, finding Schema validation errors is simple. Here's the process:

    1. Upload a spec or Postman Collection or start with a petstore template
    3. Fix validation errors and get to the `RUN_API` status
    Go the Run Tab, select API Endpoint URL and hit Run to find schema validation errors
Although it's still work in progress, I would love for you guys to check it out and share feedback.

For more information, visit: cymitra.com or head directly to apihome.io