theowni
commented
6 months ago Hi @JavanXD,
I found this guide for importing Swagger API to Postman. Would it work for you? https://learning.postman.com/docs/getting-started/importing-and-exporting/importing-from-swagger/
Don't have vulns documented somewhere yet, it's a good idea to list them. I will think about it and will get back to you. For now, you can take a look at Hall of Fame and vulns that participants were able to find. Currently, there is about 10 vulns. I was focused to implement one per each OWASP TOP 10 Risk but I will add more over the time.
Hi,
first, great project!
I wanted to use the Damn-Vulnerable-RESTaurant-API to run an API-Security DAST tool on it, to see how good the DAST tool is in detecting the API vulnerabilities. For this I would need an Postman collection or any similar e2e testing framework.
So I was wondering, do you have any e2e tests written for the Damn-Vulnerable-RESTaurant-API? If not I would want to create one myself, as you already have a swagger UI documentation.
And also, do you have a track or a overview of all the API vulnerabilities which you integrated to the API? With this I could benchmark the report from my security tool.