APIsecure 2023 - Securing your APIs with multi-facet contract testing, Ian Douglas (Postman)
Melden
apidaysFolgen
21. Mar 2023•0 gefällt mir•25 Aufrufe
0 gefällt mir
Sei der Erste, dem dies gefällt
Mehr anzeigen
Aufrufe
Aufrufe insgesamt
0
Auf Slideshare
0
Aus Einbettungen
0
Anzahl der Einbettungen
0
Check these out next
![[WSO2 API Day Chicago 2019] Sustainable Competitive Advantage](https://cdn.slidesharecdn.com/ss_thumbnails/wso2apidaychicago2019-sustainablecompetitiveadvantage-190626104303-thumbnail.jpg?width=600&height=600&fit=bounds)
APIsecure 2023 - Securing your APIs with multi-facet contract testing, Ian Douglas (Postman)
21. Mar 2023•0 gefällt mir•25 Aufrufe
0 gefällt mir
Sei der Erste, dem dies gefällt
Mehr anzeigen
Aufrufe
Aufrufe insgesamt
0
Auf Slideshare
0
Aus Einbettungen
0
Anzahl der Einbettungen
0
Downloaden Sie, um offline zu lesen
Melden
Internet
APIsecure 2023 - The world's first and only API security conference March 14 & 15, 2023 Securing your APIs with multi-facet contract testing Ian Douglas, Senior Developer Advocate at Postman ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/
apidaysFolgen
APIsecure 2023 - Securing your APIs with multi-facet contract testing, Ian Douglas (Postman)
- All rights reserved by Postman Inc Securing your API with Contract Testing W. Ian Douglas Sr Developer Advocate
- @getpostman @iandouglas736 What is API Contract Testing, how does it help Security Contract Validation Testing for API Producers Contract Validation Testing for API Consumers Q&A 1 2 3 4 Takeaways
- What is an API Contract? LEVEL-SET @getpostman @iandouglas736
- ● API Planning, Design, Governance Plan things carefully, then examine carefully. Then examine carefully again. ● Industry Standards Validation Ensure your API definition matches industry standards, like OpenAPI Specification guidelines ● End-User Schema Validation You don’t have to be a security expert here, but knowing some basics will go a long way. Why testing? Confidence AND Conformity @getpostman @iandouglas736 confidence!
- Testing Your Spec for Conformity, and ultimately, Security API Producers @getpostman @iandouglas736
- ● Get your Spec into Postman Doesn’t matter where/how you build it, but you’ll need to bring it into Postman to use this automation tool. ● Fork a collection and environment into your workspace, and configure it This is was built by my colleague Jordan Walsh, an employee at Postman and has great documentation ● Run the requests in that collection … profit ? Building an API Specification and Checking Conformity @getpostman @iandouglas736
- @getpostman @iandouglas736
- @getpostman @iandouglas736
- @getpostman @iandouglas736
- @getpostman @iandouglas736
- @getpostman @iandouglas736
- @getpostman @iandouglas736
- @getpostman @iandouglas736
- @getpostman @iandouglas736
- “Contract Test Generator” “Documentation Leaking Credentials” CTG was made by the Postman team, the credential leaking check may be listed as the “PostmanSecurity2” team, and can scan your auto-generated documentation when you publish API docs to see if you’re leaking API credentials from examples. SEARCH TERMS IN POSTMAN
- Testing things from the Consumer side API Consumer-side Testing @getpostman @iandouglas736
- @getpostman @iandouglas736
- @getpostman @iandouglas736
- @getpostman @iandouglas736
- @getpostman @iandouglas736
- Monitors (think of it like a cron job) and CLI tools for CI/CD Automating All The Things @getpostman @iandouglas736
- Thank You @getpostman @iandouglas736