Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Exploring your APIs with Postman

54 views

Published on

Presentation given at POST/CON 2018 covering various ways to use Postman as an exploratory testing tool.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Exploring your APIs with Postman

  1. 1. EXPLORING YOUR APIS WITH POSTMAN Amber Race (@ambertests) Senior SDET, Big Fish Games
  2. 2. Get Yer Samples! All code shown in this talk is available on my Github! https://github.com/ambertests /explore-with-postman
  3. 3. Explorator y Testing Testing without a pre-set script or set of test steps.
  4. 4. Amber Race - @ambertests https://krebsonsecurity.com/2018/05/tracking-firm-locationsmart-leaked-location-data-for-customers-of- all-major-u-s-mobile-carriers-in-real-time-via-its-web-site/ TESTING A PUBLICLY FACING API THROUGH YOUR UI IS NOT ENOUGH!!!!!
  5. 5. Getting the Goods
  6. 6. Import From Chrome
  7. 7. Import From Swagger
  8. 8. Service Test Strategy P – Parameters O – Output I – Interop S – Security E – Error Handling D – Data Amber Race - @ambertests
  9. 9. PARAMETERS Amber Race - @ambertests • The client is always wrong • Boundaries • Business rules
  10. 10. OUTPUT Amber Race - @ambertests • Status codes • Headers • Logging
  11. 11. Logging and Status Codes
  12. 12. INTEROP Amber Race - @ambertests • Clients • Dependencies
  13. 13. SECURITY Amber Race - @ambertests • Authentication and spoofing • Exposed data • SQL Injection • “Hidden” apis
  14. 14. EXCEPTIONS Amber Race - @ambertests • No unhandled exceptions • Error info, but not too much
  15. 15. DATA Amber Race - @ambertests • Updates and replication • Unicode • Caching
  16. 16. More Resources ■ Restful-Booker: https://restful- booker.herokuapp.com/ ■ Danny Dainton’s Postman Tips: https://github.com/DannyDainton/All- Things-Postman ■ OWASP Juice Shop: https://www.owasp.org/index.php/OWAS P_Juice_Shop_Project ■ Big List of Naughty Strings: https://github.com/minimaxir/big-list-of- naughty-strings ■ Workshop Materials: https://github.com/ambertests/explore- with-postman Amber Race - @ambertests
  17. 17. Thank you for attending! ■ Email: amber.race @outlook.co m ■ LinkedIn: https://www.li nkedin.com/in /amber-race- tests ■ Twitter: @ambertests Amber Race - @ambertests

×